Can anyone tell me how to read cookie from subdomain. I can set the cookie for subdomain but unable to read it.
Please tell me what is the syntax in PHP to read cookie from subdomain.
If you're enabled to read in other subdomain, it's probably because you didn't properly set the cookie to begin with.
$date_of_expiry=time()+ 3600;
setcookie( "cookie_name", "cookie_value", $date_of_expiry, "/", "example.com" );
It's important that you put the last argument for the cookie to be available in other subdomains.
Also, the cookies must be set before page output.
Related
php manual has setcookies syntax like this
setcookie ($name, $value, $expire, $path, $domain, $secure, $httponly)
It is said that cookies are stored on the remotely in client side. The syntax has path var that if applied cookies will be stored on the server side.
Now suppose if I mention that path var "/". And on user named denish log in and I create a cookie for username for remember me functionality
setcookie('site_username','denish',time + 3600,'/','.xyz.com')
Now each time the different user logs in. Would it over write the previous cookie or new cookie will be created?
What if I want to create a cookie client side and also want to apply $domain var. Is it possible?
Cookies are always stored in the client. The path only sets restrictions to what remote pages can access said cookies. For example, if you set a cookie with the path "/foo/" then only pages in the directory "/foo/" and subdirectories of "/foo/" can read the cookie.
The domain does the same restriction, only with subdomains.
Cookies with the same name will overwrite each other, yes.
I believe you cannot set a cookie to another domain other than the page you're on due to security issues.
You're incorrect as to the use of the path argument from the manual:
The path on the server in which the cookie will be available on.
Cookies are always stored on the client's machine.
If you use different $paths you can have two cookies with the same name.
setcookie("foobar", "root", time()+3600, "/");
setcookie("foobar", "test", time()+3600, "/test");
The first cookie (root) can be accessed using any $path in this domain, except for /test/*. In /test/* only the second cookie can be accessed. Both cookies are stored by the user's browser and the browser decides which cookie to provide based on which cookie's $path matches the current URL.
EDITED, look at the end
I got a Symfony 1.2 project, that was running on two domains (different app used on each domain) : www.mywebsite.com and abonnement.mywebsite.com
I had two different cookie name/domain in each app.
We decided to use the same cookie for both apps. So, i edited the config for both apps and set the cookie_domain to .mywebsite.com, and setted the cookie_name to mywebsite_cookie in boths apps.
The problem is that when I visit abonnement.mywebsite.com, the old cookie is used. Manually deleting this cookie in my browser fixes the problem, but there are thousands of users on this website and I'm wondering if there's a solution to manually delete this cookie.
I tried :
if (isset($_COOKIE['abonnement_cookie'])) {
ini_set('session.cookie_domain', 'abonnement.mywebsite.com);
setcookie('abonnement_cookie', '', time() - 3600, '/');
$this->redirect('#internet_etape_1');
}
But no success.
Is there a way to do it?
I'm using Firefox 9.0.1
Thanks!
Edit:
I found the problem, cookie was created with "host" and not "domain".
To use the current host, you need to specify '' as domain :
setcookie('abonnement_cookie', 0, time() - 3600, '/', '');
Hope this helps!
You need to match the domain and path that which was used to create the cookie when destroying the cookie. This is because as you have discovered, it is possible to have a cookie with the same name and different scopes for the same domain. When destroying the cookie, you must match the scope that was used to create it, so the client knows which one to destroy.
Try:
setcookie('abonnement_cookie', '', time() - 3600, '/', 'abonnement.mywebsite.com');
I wonder how this quote from the PHP manual should be interpreted:
session.cookie_domain specifies the domain to set in the session
cookie. Default is none at all meaning the host name of the server
which generated the cookie according to cookies specification.
Does it mean that when calling session_start on URL www.somedomain.com/somepage.php the cookie will have the following form:
Set-Cookie PHPSESSID=e48gh5mqggccgmn8172f0j5a06; path=/; domain=.somedomain.com
Or
Set-Cookie PHPSESSID=e48gh5mqggccgmn8172f0j5a06; path=/; domain=www.somedomain.com
I have seen on index pages the first cookie header and on other pages a header without a domain.
Can someone bring some insight on this?
Thanks
No, php will usualy set the cookie for the current domain ex: wwww.domain.com.
To have everything consistent, you must either redirect all request to the same domain, or explicitly set the cookie for all subdomains.
EDIT: actualy, this is true for Firefox. I think PHP will not actualy set the domain, so the browser is free to use whatever he wants. Internet Explorer i think will set it for any subdomain
No PHP by default never set session cookie for all subdomains.
If you want to set a cookie across all subdomains then you can do this by using this code:
<?php
$currentCookieParams = session_get_cookie_params();
$rootDomain = '.example.com';
session_set_cookie_params(
$currentCookieParams["lifetime"],
$currentCookieParams["path"],
$rootDomain,
$currentCookieParams["secure"],
$currentCookieParams["httponly"]
);
session_name('mysessionname');
session_start();
setcookie($cookieName, $cookieValue, time() + 3600, '/', $rootDomain);
?>
For reference please visit http://www.php.net/manual/en/function.session-set-cookie-params.php
It does set the cookie for the domain visible in the client's browser (so, option 2 in your question). If you want to set a cookie for all subdomains you should call session_set_cookie_params() and put ".domain.com" in the $domain parameter.
How to get session cookies working / to be accessible under domain and subdomains?
For session cookies you need to override the cookie params:
So you can either use:
ini_set('session.cookie_domain', '.website.com');
or
session_set_cookie_params(0, '/', '.website.com');
The '.' in front makes it accessible under the domain and the subdomains.
Note: you will have to delete all existing cookies from your browser for the domain you're working with so they can be re-initialized properly to work.
If you set the cookie for the "top" domain (example.com), the cookie will also apply to subdomains (sub.example.com, another.example.com).
As an aside, this is the reason why some larger companies use completely separate domains to serve static stuff, like stackoverflow uses http://sstatic.net/
I'm assuming you are using setcookie(). If so just set the cookie for ".domain.com".
setcookie("testcookie", "1", 0, "", ".domain.com");
Why when set php cookie path to "/" doesn't work for every subdirs in the domain, but just for the current directory.
cookie is set like:
setcookie("name", "val", expire_time, "/");
It just doesn't want to work.
try including the domain parameter:
setcookie("name", "val", expire_time, "/", ".domain.com");
// don't forget the prefixing period: .domain.com
that will enable all sudomains of "domain.com"
Are you testing on localhost? In that case, you need to pass null as the value for $domain.
Setting the cookie path to / should make it available to the entire domain. If you set your cookie like that, and it isn't being sent, there is something else wrong.
Try using the Web Developer addon in Firefox. It shows you details on the available cookies. Maybe that can help you diagnose the problem.
Late to the party, I know. But I just discovered that my issue was pretty stupid, but I'll post it for completion:
I was neglecting to add time() to the expires time on the cookie, so it was expiring immediately.
The expires time should be time() + seconds