204 No Content and cookies

Date: 01 Jun 2014
Author: Erik Dubbelboer

When working on a project I was wondering if all browsers would accept cookies set in 204 No Content http responses.

I wrote a small test page: dubbelboer.com/204cookie.php

What I found is that all major browsers, IE (6, 7, 8, 9, 10, 11), FF (6 - 29), Safari (5 - 7), Opera (12 - 22) on both windows and Mac, set cookies on 204 http responses.

204cookie.php

<?

if (isset($_GET['show'])) {
?>
<!doctype html>
<html>
<head>
<meta charset=utf-8>
<title>204 cookie test</title>
</head>
<body>
<?
  if (isset($_COOKIE['test']) && ($_COOKIE['test'] === $_GET['show'])) {
    echo 'Success';
  } else {
    echo 'Failed';
  }
?><br><br><a href="?a=<?=microtime(true) /* Random url to prevent caching. */?>">try again...</a><br>
</body>
</html>
<?
} else if (isset($_GET['set'])) {
  header('P3P: CP="no policy"');
  setcookie('test', $_GET['set'], time() + 60, '/', '.dubbelboer.com');
  header('HTTP/1.0 204 No Content');
} else {
  $id = intval(microtime(true));
?>
<!doctype html>
<html>
<head>
<meta charset=utf-8>
<title>204 cookie test</title>
</head>
<body>
<iframe src="?set=<?=$id?>" width=1 height=1></iframe>
Placing cookie...<br>
<script>
// Give the iframe some time to load.
setTimeout(function() {
  document.location = '?show=<?=$id?>';
}, 2000);
</script>
</body>
</html>
<?
}
comments powered by Disqus