Dynamic cookie names?


What I would do is encode their email in the URL. Then check to make sure they are logged in. If they are not, give them a small login form on this page that will redirect back to this page upon successfully logging in. Next, I would take the email and compare it with the current user’s email. If they are not the same, then give them a message or page stating that they are not permitted to use this deal. The encoded email should also be coming from a separate table. I would have something like the below as a table.

email = varchar(255) DEFAULT NULL
offer_id = int(11) DEFAULT NULL
timestamp = datetime DEFAULT NULL
status = enum('0','1') DEFAULT 0

Next, I would use the email column to put in the URL then encode it. Also, I’d put the offer_id in there as well. Next, I would compare the encoded email with the current user’s email. If all is good, then use the offer_id in the URL and grab the actual offer. This should be from a different table. The offer_id should only be used to reference the full offer’s ID. Once the 2 IDs match, you can then display the full offer like title or description. This should now come from the actual offer’s table. If the 2 IDs don’t match, either redirect or give them an error page saying they aren’t eligible to take this offer.

Next thing would be to check the status of the offer for the second table. If the user already took the offer, I would set the value of the status to 0. Then in your code where the 2 IDs matched, I would check to see if the status is a 0. If it is, then give them an error message saying they already took the offer and that you can only take an offer once.

That is how I would of done it. I wouldn’t rely solely on cookies.


@droopsnoot. It is nothing like that at all, as I said before. This is about a paragliding company. Offers could be something like:

Book now for 7, 8 or 9 days and get one day for FREE

So it are paid offers anyway.

@spaceshiptrooper. It has nothing to do with subscribed members (they don’t need to log in). But I took notice of your comment, because it is something that sounds very interessting


Fair enough, I was just saying why people might try to get around a limited choice of options. Very often it’s just to see what happens, so you want to be sure that nothing does.


@spaceshiptrooper I have been thinking about what you suggested, but would something like that be possibe without the login part?


It’s possible. But it’s not ideal. If you are allowing everyone including people who aren’t subscribed to your mailing list, why not just make it an actual public page then? Why does it have to be only for the mailing list? Most discount offers usually only pertain to people who are subscribed to some kind of service. For example, some items on NewEgg are limited. So some of them actually require you to type in your email. Once you are confirmed in their mailing list, they’ll then allow you to type in the promo code for the discounted item. This is what I am trying to get at. It would be more wise to make sure they really are in your mailing list. Otherwise, you’re giving out discounts for free for no reason. In that case, why not create a single page dedicated for discount offers for the public?


@spaceshiptrooper. That’s not what I mean. People need to be subscribed to the mailinglist/newsletter. But they don’t need to login as you said in post #21


This again comes back to the exploit. What if people aren’t subscribed to your mailing list and they change the URL and get a match? If they aren’t subscribed and you don’t need to be logged in, this will give an easy way for people to exploit this kind of system. You need to fool-proof this better by doing what I have listed in my post.


I understand what you say. But like is said before. This is an offer where they need to pay for a 7, 8 or 9 days paragliding holiday (up to 2000 euro) and get a day for free. This are not peanuts so even if one in a million will do this, do you think the owner cares?


You should. What about false spams and bots? Bots are the culprits for most intrusions. Allowing any random machine to get the offer will most likely result in just pure spams. You can’t tell who’s legitimate purchasers and who are the spams. You have to think about any possible scenario before you start building.


I’m thinking about conversion as the goal. I guess some feel that “casting a wide net” or a “shotgun” approach is best. i.e. show something to 100K users in hopes of getting 0.1% conversion. But I feel that targeting users that have shown an interest in something is better. i.e. show something to 1K users with a better chance of getting 10% conversion. Both would be 100 users, and I guess one way isn’t really any more expensive than the other. But the latter is less “wasteful” and less likely to annoy those that have no interest.


This is pretty much what I stand by. Even if you have a goal to get as many people as you want, it is going to annoy most of the people who don’t have an interest in it. A great example is people who ring door bells and try to do either surveys or try to sell things. A lot of people often don’t like this kind of approach because they clearly have no interest in it. I for one hate it when people ring my door bell to sell me things and try to waste my time when I could be doing something else. I remember one time, a guy came to my house trying to sell me children coloring supplies. He said that the ones he is selling are a lot better than the ones you get at the store. I had no interest in it because I don’t really care much about coloring supplies. I further told him that if I needed any coloring supplies, I could just go to the salvation army to get some. He said that the ones he is trying to sell are cheaper than the salvation army’s. Then I finally got to the point and said “I am sorry, but I don’t have money for these things.” And even after I told him I don’t have money, he tried to ask me if I could give him a few bucks. I repeated and said that I don’t have any money and then he just left. It was IMO an inconvenience because I wasn’t interested to begin with. When I said “I can just buy these at the store”, I have already implied that I don’t want to buy what he’s selling. He wasted not just my time, but his as well.

The whole point of this is, people who don’t brain storm about ideas and scenarios don’t often think about the obvious nor care about it. If someone isn’t genuinely interested, people will try to keep pushing because they have some kind of deadline to meet to offer as much people as they can. This IMO is a terrible idea. You will be wasting your time and your customer’s time if they aren’t genuinely interested.

So that brings me back to what I said before. Make this system require a login. This will ensure they really are interested because they will continue the steps to take to claim the offer. If they aren’t, they will look at the offer and then leave.


@Mittineague & @spaceshiptrooper. Thank you both for your reaction and opinion. I understand very well what you say, but believe me this is absolutely not a shotgun approach. The paragliding world is quite a selective world. And this is not just about e-mail marketing where uninterrupted e-mails are sent with all kinds of offers, but sporadic offers via the website and e-mail if, for example, new articles or a new line of a certain paragliding brand comes out. In addition, the people who have signed up need to indicate about which brand or brands they want to receive information.

@spaceshiptrooper A login is not an option here so if you can think of something else, please let me know



Sorry to come back about this. I have been trying and trying but there is something I do wrong. To check if an offer should be shown I use:

if (!isset($_COOKIE['special_offer_'][$offerid]) && $offer > 0)

If the above is False (Cookie doesn’t exists) the Modal with the offer should been shown and the cookie should be set:

$special_offer	=	'special_offer_'.$offerId; 
setcookie('special_offer', $special_offer, time() + (86400 * 365));

But the the modal keeps popping up. Do you see what I’m doing wrong?

Thank you in advance


Is this JavaScript?

$special_offer	=	'special_offer_'.$offerId; 

and should it have $ symbols in the variables? And if it’s OK, do you see that you’ve spelled $offerid differently in the PHP than when you used $offerId in the JS?

And I’m struggling to see how your original cookie name of


in PHP will match up to setting a cookie that’s just called

setcookie('special_offer', ....

a bit later. I don’t know what value is in $offerid at the top, though. And don’t have direct experience of cookies in PHP or JavaScript, for that matter.


No this is PHP. Sorry for the confusion


Oh, it’s just that it seemed to come directly between what looked to me like two JS lines.

ETA - on the other bit in my comment, I may be confusing matters as I had presumed setcookie() was a standard JS function, then misread the order of parameters. Sorry, I’ve changed that now. Still seems that the cookie name is different though, and maybe just because of the $offerid / $offerId thing.

Maybe thinking about this wrongly, but perhaps:

if (!isset($_COOKIE['special_offer_' . $offerId) && $offer > 0) 

and then

setcookie($special_offer, whatever-value, time() + etc.);


@droopsnoot I need the Id because it should create dynamic Cookie names


OK, I see that, I just wasn’t sure whether $_COOKIE['special_offer_][$offerid] (which in my mind has an array called special_offer_ with multiple elements within it) was going to be referenced the same as calling it special_offer in your setcookie() function - the first parameter is the cookie name, and that doesn’t seem to feature the offer-id. It is present in your variable $special_offer, so I figured using that as the cookie name in both cases might be better.

But as I mentioned in passing, it’s all theory for me, I haven’t used cookies much if at all. Maybe best for me to let those who’ve actually tried it comment.


Ah, read a little more. Would it work if you were to use

setcookie('special_offer[' . $offerid .']', value, time,....

ETA - that seems to work for me, on a very basic test.


@droopsnoot Sorry I had to run out. Not sure what I’m doing wrong but the modal keeps popping up. This is what I have:

<?php if (!isset($_COOKIE['special_offer_'][$offerid]) && $promotion > 0):  
include_once "modals/offer_modal.php";?>
	$(window).scroll(function () { 
		if($(document).scrollTop() > $(document).height()/2){
$cookie_value	=	'special_offer_'.$offerid;  
setcookie('special_offer_[' . $offerid .']', $cookie_value, time() + (86400 * 30), "/");
endif; ?>

Maybe you see where I go wrong?