I am having a problem with SetCookie. I have two different PHP websites hosted on two subdomains, site1.myweb.com and site2.myweb.com. I want to set a cookie on the domain site2 from site1. And this cookie should only be able to access by site2 and not any other subdomains like site3 or site4.
But when I use setcookie function in PHP from site1 with domain set to site2.myweb.com, the cookie is not set on the browser (but the response contains the cookie). The browser gives an error saying This attempt to set a cookie via a set-cookie header was blocked because its domain attribute was invalid with regards to the current host url.
Can somebody please tell me if this is possible to do?
Related
I've 1 domain and created 1 sub domain from main domian says www.example.com and dev.example.com. www.example.com is production domain and dev.example.com is development environment.
I've then clone 2 projects from a same repo but put them in different folder. In www.example.com folder .env file, i've set the domain session to example.com. It means in browser when i access from www.example.com or example.com it will be able to share the domain. In dev.example.com, the session_domain i've set is dev.example.com.
Now the problem i've faced is, when i visit www.example.com it will generates a laravel_session domain name of .example.com. with the dot infront it seems like it can be share to sub domain. When i visit to dev.example.com and login with facebook, it seems like it will looks for the .example.com domain session instead of the session created in dev.example.com.
if i delete the laravel_session in www.example.com im able to login with facebook in my dev.example.com or i clear all the cookies/sessions and i'm also able to login with facebook in my dev.example.com.
What i need to do to not make it share the session in sub domian ? And if i put not to share, can the domain be shared when user key in example.com and www.example.com in their browser?
And when it hit invalidstateException when login with facebook, it can be solved by clear all cookie/session. But i think it's not right to ask user to clear cookie browser by themselves. Is there any solution for this?
You just need to use a differently named session cookie in dev.example.com.
if ( $_SERVER['HTTP_HOST'] === 'dev.example.com' )
{
//The default session name is PHPSESSID,
//so if we use a different one, they don't collide.
session_name('DEVSESSIONID');
}
session_start();
I have a website with n number of sub-domains, and one reserved for static content. I need to set up a cookie across all sub-domains except the static sub-domain. My home-page is on a sub-domain-less (domain.lk) manner. It is possible to route it to www.domain.com if necessory
It is more important to keep the static sub-domain cookie free.
I have tried the following line of code before reading cookies
ini_set('session.cookie_domain', 'domain.lk');
and
ini_set('session.cookie_domain', 'www.domain.lk');
That line was present only on dynamic sub-domains. But it didn't work. Cookie was not accessible from different sub-domains.
My static sub-domain is hard coded in to many contents (database records), therefor changing that is not a good option.
There's no means of setting a domain level cookie and making it not visible on given sub-domain. (You will however need to prefix the domain with a period as such...)
ini_set('session.cookie_domain', '.domain.lk');
However, if the static domain doesn't require cookies (or indeed presumably the existence of PHP at all), the fact that this cookie doesn't exist shouldn't be an issue.
That said, you should be able to overcome this using the mod_headers Apache module on the given sub-domain (so that it's not transmitted to the browser client) via...
RequestHeader unset Set-Cookie
I have tried setting cookies but the problem is in setting domain. When i tried to set domain in setcookies() it doesn't set any value. Without domain setting it will automatically set my domain (for ex. localhost).
If I am using any .com it will set it by default but I cannot set domain in cookies.
Can any one please help me setting domain in php.
setcookie('session_id',$sessionID[1],strtotime($expireTime[1]),'/',$domain);
When I set it without domain it sets the cookies to my localhost or on which domain I am.
Can any one help me.
you can not set a cookie attributed to a domain other than that you are using. this is generally considered a good thing.
If you put a domain to setcookie, you'll see in your header that PHP has set your cookie with the right domain name. But, your browser will just ignore it for safety reasons.
If you need to set a cookie for an auto-login or such, you need to play with your hosts file to make your browser believe that you're on the same domain than the domain where you want to set a cookie.
Example :
If you add :
127.0.0.1 autologin.amazon.co.uk
in your hosts file, and go to http://autologin.amazon.co.uk instead of http://localhost, your remote script will be allowed to set any .amazon.co.uk cookie.
I have a script encoded with ironcube and when I login into that script it creates a session for the domain with the www. only. So if i enter mydomain.com the session changes and I cant access session variables for WWW.mydomain.com.
I would have added the appropriate script so it creates a session for both with the www. and without but the script is encoded with ironcube.
So my problem is, I need to access sessions created with the WWW.mydomain.com from mydomain.com.
Any assistance would be appreciated :)
That is a security measure implemented by browsers to prevent cookie stealing.
The workaround, is to set the cookie for the top-level-domain.
If you have domains www.example.com and example.com use the following code in the beginning of your PHP files.
ini_set('session.cookie_domain', '.example.com');
Session is the wrong term. What you are referring to are cookies. You need to set the cookie so that its on the domain .mydomain.com
Write another script that runs in the www domain that will take the value of the cookie and write it toeaanother cookie in the domain.com so that your scripts there can access it.
I have a website www.example.com
When a user logs in when he visits http://example.com and then when he browses http://www.example.com, he is shown as NOT logged in. I think the reason is that the cookies set when he visited http://example are not being sent to the server when the same user visits http://www.example.com
I want the user to be shown as logged in in both of the sites if he logs in any one of the sites. I have a mobile site also http://m.example.com. I want the user to be shown as logged in here also.
I am using PHP and Zend Framework for my web application.
Try setting the cookie domain (5th arg of set_cookie) to ".example.com".
http://php.net/set_cookie
The domain that the cookie is
available to. To make the cookie
available on all subdomains of
example.com (including example.com
itself) then you'd set it to
'.example.com'. Although some browsers
will accept cookies without the
initial ., ยป RFC 2109 requires it to
be included. Setting the domain to
'www.example.com' or
'.www.example.com' will make the
cookie only available in the www
subdomain.
Hope this helps!
set it in php.ini
session.cookie_domain = .example.com
OR
ini_set("session.cookie_domain", ".example.com");
This will alive session in sub domain also.