I tried to set cookies for embedded shopify app in php.
setcookie("user", 'test#domain.com', time()+3600, "/", "example.com", 1);
It works properly but if we are logged in with 2 shopify sites and if both opens the apps together in same browser, cookie value gets updated and same cookie gets set for both which causes same data to show in both places.
Cookie/Session works based on domain and will be unique.
suppose your app domain is example.com and you save logged in domain in session as
$_SESSION['logged_in_store'] = 'store1.myshopify.com'
when the second store login to your app this variable will simply updated as single session will work on this domain.
As a solution you can make use of wildcard subdomain
enable wildcard subdomain from your DNS.and when store login to your store redirect them to unique subdomain..... like store 1 will run on below subdomain
store1.your-app-domain.com
store 2 will run on
store2.your-app-domain.com
so on.. each store will run on different wildcard subdomain. and this will resolve your session / cookie conflicts.
Hope this will help.
Related
I use subdomain routing in my app, there are set dynamic routes and every subdomain has its own login page, in users table are restrictions for users & subdomains and the validation works without problems, every user can login in his subdomain but not in others, this is as needed.
I'm a little confused, is this by default set different session per subdomain? I want to make possible for a user with more accounts to stay logged in more subdomains at the same moment, of course with separate data...
Example:
time.example.com -> time#example.com
finance.example.com -> finance#example.com
Session configuration is in my app by default, nothing I changed nothing.
This are 2 different subdomains and 2 different accounts, I want to be sure that this are also 2 different sessions...
Try updating your config/session.php
Change from:
'domain' => null,
to (The first period is important!):
'domain' => '.example.com',
The default value will instruct the user's browser that their session cookie should only be accessible on the domain that it was created (time.example.com, etc.)
By putting a . in front of the domain name, you are instructing the browser that the cookie should be accessible on any subdomain.
Note that all of your users will be forced to log in again.
This might be a silly question but I am learning web development and reached at cookies now. I read about cookies and got the basic understanding of cookies and how to create them and retrieve them. what I do not understand is:
Do we need to create a cookie for each webpage for example in my website i have 5 pages so should i place the cookie only in index page and set the path "/" and it will work for all the pages.
To store the information retrieved via cookie for further analysis should I create a database to store each cookie data.
Do we need to create a cookie for each webpage for example in my
website i have 5 pages so should i place the cookie only in index page
and set the path "/" and it will work for all the pages.
No need to create multiple cookies. You can access same cookie across your webpages, if setting it at root.
To store the information retrieved via cookie for further analysis
should I create a database to store each cookie data.
Why ? It will be stored in user's machine. And why do you want to store it in database. All the user's information will be available in your same database.
The path variable on a cookie simply marks access.
You're assumption about only setting the / is correct if you want that cookie visible throughout all your pages.
If you want to restrict access to that cookie say to an admin page then setting the path to /admin would be fine here.
I got a system, where each client has their own subdomain. The users can log into the system directly from their own subdomain, but I want to add the opportunity to login directly from the domain, and afterwards send them to the subdomain.
It is important that the session is only set on the actual subdomain, and not on any other subdomains or the main domain.
All login-processes are made through jQuery/AJAX.
I've tried the following:
On domain.com a user fills out the login-form, and a call is made to domain.com/ajax/front-login.php
From this AJAX-file the user is validated, the subdomain that the user belongs to is found, and a PHP POST-call (through file_get_contents) is made to subdomain.domain.com/ajax/sub-login.php. This file validates and sets a SESSION.
From the callback it looks like everything is done correctly, but the session is not set on subdomain.domain.com
I hope it makes sense. Any suggestions?
Add ini_set('session.cookie_domain', $subdomain.'.domain.com'); to the beginning ofsubdomain.domain.com/ajax/sub-login.php, where you feed $subdomain with it's name.
Remove session_start() from front-login.php or atleast wrap it in a if () statement if there is no subdomain.
I have actually set the following cookie for the following domain:
setcookie("thing", $data, time()+3600, "/", "example1.com", 1);
The cookie was set from this domain: example2.com
When I try to search for the cookie 'thing' I can't seem to find it. How is it possible to set a cookie on a domain, which will remain on another domain if I search for it?
UPDATE:
I basically want to pass a value from Domain A to Domain B. When a visitor arrives to Domain A he/she gets redirected AND pass a value to Domain B which I'd like to capture there.
How is it possible?
Every browser prevents it.
Cookies can not be shared between domains.
https://wikipedia.org/wiki/Same-Origin-Policy
I'm pretty sure it is impossible to create a cookie for another domain - this would be a pretty significant security hole.
See #scones' link.
I am working on a web app for the iOS. When the app is opened, it check's to see if the user has a cookie with the users email stored in it, then either lets the user proceed to the homepage, or redirects the user to the authentication page.
This works perfectly when using safari. The problem I am experiencing occurs only when the app is stored on the home screen. It seems like the home-screen web app deletes the cookie right when the user exits the application.
Any advice on forcing the app to store that cookie would greatly appreciated.
Thanks,
Peter
The reason its not sticking around is because the timeout parameter is not set.. if it is blank or 0, then the cookie will be deleted when the uiwebview is closed..
so you can do as the other poster suggested..
setcookie("TestCookie", $value, time()+3600, "/");
,but the reason that works is because of the timeout value being set
There is a parameter path for the setcookie function which you might want to use so that cookie is created just about from any page:
The path on the server in which the
cookie will be available on. If set to
'/', the cookie will be available
within the entire domain. If set to
'/foo/', the cookie will only be
available within the /foo/ directory
and all sub-directories such as
/foo/bar/ of domain. The default value
is the current directory that the
cookie is being set in.
So try adding '/' as the fourth argument to the setcookie function eg:
setcookie("TestCookie", $value, time()+3600, "/");
In case it helps anyone else; I was saving the cookie via an unload event, which worked fine on desktop, just not on the iPhone.
Nothing to do with cookies, just had to save-as-I-go...
You are not able to get the session on the iPhone because cookie is disabled.
Please go to Safari>Settings>Accept Cookies in your iPhone and set it to accept from Visited.
Then you will be able to create the session in PHP.