On my website, when users sign up or login, my site sometimes saves the cookie to "mywebsiteurl.com" and sometimes saves it to "www.mywebsiteurl.com". In doing this, my code only works half the time. Is there a way I can fix this issue from happening?
Set cookie in your PHP for your root domain and setcookie() will automatically make it available for all subdomains:
setcookie('cookiename', 'cookievalue', $someTimeToExpire, '/', 'mywebsiteurl.com');
Related
I have set the cookie on my website like this
setcookie('src_from','',time()+60*60*24*2,'/');
but when i am doing inspect element, In cookie section of under my website its showing another website name in domain column.
This is strange, why this is happening i am not able to understand, Please help me to sort out this problem.
If you include elements from other sites (i.e. images, scripts) - these sites can send headers with cookie. And you can see cookies from another sites on this pages. But another sites can't see cookies of each other (and overwrite too) - because of policy of your browser.
It can be possible but if you control those two websites/scripts.
In other cases it would be very hard to do that.
The thing is that you might haven't done it properly.
Try providing the domain name as a next parameter.
Or reload the site with using ctrl+F5 or clear all cookies in a browser.
You are setting a cookie expiration time in the past:
echo date("Y-m-d H:i:s", time()-60*60*24*2);
so you are actually removing the cookie - it's not overwriten by another cookie
I like to use PHP to see if a cookie PHPSID27258STATUS is present with the value COMPLETE en if so do stuff.
In google chrome (in Options) I can see this cookie is present and has the value COMPLETE.
If I run this PHP script I get 'Not Set'. What am I doing wrong here?
$cookiename="PHPSID27258STATUS";
if (isset($_COOKIE[$cookiename]) && $_COOKIE[$cookiename] == "COMPLETE")
--update
The cookie is set by "limesurvey" an open source survey platform. Although its probably not the best way. I use limesurvey to have a small survey (iframe) on an site i'm building. I like to let the survey disappear on the next visit when it has bin posted.
Limesurvey runs from the same host (localhost now). And is in a sub directory of the site.
I guess (but there's a lot of code in LS) this is how the cookie is made after an poll/post is completed.
$cookiename="PHPSID".returnglobal('sid')."STATUS";
setcookie("$cookiename", "COMPLETE", time() + 31536000); //Cookie will expire in 365 days
You can only read cookies which belong to the same domain as the reading script. For instance if the cookie PHPSID27258STATUS was set by domain xyz.com, you can not read it using a script on abc.com. So make sure the domain of your desired cookie is the same. Also show us the code part where you are setting your cookie.
Edit:
setcookie($cookiename, "COMPLETE", (time() + 31536000) , '/');
Try setting the cookie with this code:
setcookie("cookiename", "cookievalue", time() + 31536000, "/");
This makes the cookie available to the whole domain, I recently encountered the same issue and when I tried this, it made it work, the reason is, your browser stores cookies for both domain.com and www.domain.com so you never know which your setting and getting from, it's good practice to set the domain even if you don't have this problem.
You cannot access a cookie immediately after you set it. At least last time it was like that. Make sure you do not have this issue. If it is not may be you have a problem setting the cookie, and in that case please post that part as well.
You mention that the cookie is set by a program running in its own sub-directory. You don't mention whether the cookie itself is set to be in that sub-directory, but I suspect this is where your problem is.
If a cookie is set to a path, then it will only be accessible to pages within that path. This behaviour is described in the PHP setcookie() manual page.
When you're setting cookies from a page within a sub-directory, then in order for the cookie to be accessible to the whole site, setcookie() needs to be called with the optional path parameter set to "/".
You state that the cookie is being set by LimeSurvey. I don't know this software, but you should be able to look at the source and see whether it's using the path parameter when it sets the cookie. If not, your best option would be to modify it so that it does. Then the cookie will be accessible to the whole site. (It would be quite understandable if the LineSurvey developers had chosen not to set it for the whole site, because it would allow the software to be run as a more isolated entity from anything else on the site).
I am working on a web app for the iOS. When the app is opened, it check's to see if the user has a cookie with the users email stored in it, then either lets the user proceed to the homepage, or redirects the user to the authentication page.
This works perfectly when using safari. The problem I am experiencing occurs only when the app is stored on the home screen. It seems like the home-screen web app deletes the cookie right when the user exits the application.
Any advice on forcing the app to store that cookie would greatly appreciated.
Thanks,
Peter
The reason its not sticking around is because the timeout parameter is not set.. if it is blank or 0, then the cookie will be deleted when the uiwebview is closed..
so you can do as the other poster suggested..
setcookie("TestCookie", $value, time()+3600, "/");
,but the reason that works is because of the timeout value being set
There is a parameter path for the setcookie function which you might want to use so that cookie is created just about from any page:
The path on the server in which the
cookie will be available on. If set to
'/', the cookie will be available
within the entire domain. If set to
'/foo/', the cookie will only be
available within the /foo/ directory
and all sub-directories such as
/foo/bar/ of domain. The default value
is the current directory that the
cookie is being set in.
So try adding '/' as the fourth argument to the setcookie function eg:
setcookie("TestCookie", $value, time()+3600, "/");
In case it helps anyone else; I was saving the cookie via an unload event, which worked fine on desktop, just not on the iPhone.
Nothing to do with cookies, just had to save-as-I-go...
You are not able to get the session on the iPhone because cookie is disabled.
Please go to Safari>Settings>Accept Cookies in your iPhone and set it to accept from Visited.
Then you will be able to create the session in PHP.
I need to use the same session in different subdomains.
First I put
php_value session.cookie_domain ".aaaa.com"
on .htaccess file and upload it to root path.
when I need to use sessions. I just call
session_start();
Sometimes it works but sometimes it doesn't.
I tested this and found that.
If I go to login page the first time, then login and go to subdomain page. It works!
If I go to subdomain page and click to login page and go back to subdomain page by javascript window.location = 'http://sub.aaaa.com'; it does not work!!
If I login on 2 web browser with the same account it does not work!!
Are there another way? Or how do I fix this problem. I want my website to use a single login.
Make sure you have session_start() on every page you are using sessions, including some that might not be visible to the user.
If you are using two web browsers the sessions are independent from each other, and this is by design.
To debug your #2 problem, use an HTTP monitor such as HTTPFox to view the headers coming to/from the server as you log in and surf around, make sure the cookie is being properly set with the correct domain and path restrictions.
Probm #3 - I'm not sure what you're getting at. Are you using two seperate browsers (say Firefox and Chrome?), or do you mean you're using two windows/tabs of the same browser? For the first, two different browsers will not share cookies, so you can't share a single session between them, without doing some hacks to manually transfer cookies between them.
As for two different tabs/windows of the same browser, such an implementation depends on your login logic. If the login script starts a new session unconditionally, then you second login attempt will get a completely seperate session from the first login, and most likely overwrite the first login's cookie as well.
I have a strange problem to clear Cookie via PHP.
Lets say if I have a domain neobie.net
I store "remember user login" cookie name as "USER_INFO" which contains string to identify user login in the next time of revisit.
now using firefox, I saw that I have 2 cookies USER_INFO with domain "www.neobie.net" and ".neobie.net" with expiration date of 1 week later.
I wrote a logout.php script, which clear the cookie of different domain (.neobie.net, www.neobie.net, neobie.net) to ensure that USER_INFO cookie is completely cleared for different domain.
Now is the problem.
The user isn't able to clear the cookie when user visit logout.php
I found out that, I have to manually delete the cookie with domain "www.neobie.net", leaving the ".neobie.net " intact, then only the cookie can be cleared.
So, I have to make the php script to setcookie USER_INFO on ".neobie.net", and prevent it to set cookie on "www.neobie.net" to make the logout.php script work.
But I don't understand why I couldn't clear the cookie for "www.neobie.net" (with leading www. , tested on firefox and chrome)
You have overlapping cookie domains. www.neobie.net will receive cookies set on the .neobie.net. So there is no need to set the same cookie on both domains.
If your logout URL starts with http://www.neobie.net, you should be able to clear cookies on www.neobie.net domain. A HTTP header trace will help.