I have managed to figure out a way to have server side scripts transparently figure out if a browser has cookies enabled and am wondering if I could get input on any pitfalls to my approach.
It's a bit involved but here goes...
Under normal circumstances checking to see if a browser has cookies enabled cannot be done from the server side because although a cookie can be set when the user agent first requests a document, server side scripts must wait for the user agent to re-initiate a second HTTP request - before sending the cookie back. At which point a server side script can check to see if the cookie was enabled.
I noticed that stylesheets and graphics files cause a browser to automatically send HTTP requests for these files so...
I put the following in my HTML files...
<link rel="stylesheet" href="/general_stylesheet.css" type="text/css">
<link rel="stylesheet" href="/general.cde" type="text/css">
The /general.cde is not really a CSS file. It is a Perl script that checks to see if a cookie was accepted when it was first set by the script that outputs the HTML page in which the above is found. It also logs info into a custom log file of mine and performs other such background activities.
Along with the above I included the following in my apache httpd.conf file...
AddHandler cgi-script .cgi .pl .cde
which causes apache to execute any files ending in .cde as cgi scripts.
I had to fool the browser into loading my css "script" like it normally does CSS files so that it would be automatically requested.
I also included the following code in my general.cde script to keep this file from being cached by user agents and from returning an Apache status other than a 200 OK.
print "Expires: Thu, 29 Oct 1998 17:00:00 GMT\n";
print qq(Cache-control: no-cache="set-cookie")."\n";
print "Status: 200 OK\n";
Everything seems to be working just fine but I am wondering about the pros and cons of this approach. Will a search engine balk when it loads a suppossed CSS file that is not really a CSS file?
I also did not want to use a 1 pixel image - making it likewise a script - since I have heard that some SE's are frowning on 1px graphics. Making it bigger in pixels would have made it more apparent and less transparent. Also some surf with graphics off.
All in all my approach seems good but any input would be appreciated.
About the only downside to this that I can see might be the possibility that some older browser's might crash when trying to load and process a CSS file that is not really a CSS file. Also my relative URL used means I have to store a script in my document root instead of the CGI bin which might make it easier for hackers to break into it.
Lastly someone can just copy my HTML file, strip out the link line calling general.cde and defeat this whole mechanism though I doubt that most of my site visitors will not only look at the code and detect something fishy but also go to the trouble to strip out the link line.