Book said, persistent cookie stay on client machine till it expires.
session cookie will be gone after browser closed.
i tried it, like:
setcookie("name", "value"); // before any output
but after closing browser and restart, it is still there
(from print_r($_COOKIE)).
i tried couple of different browsers like safari, chrome, firefox,
it is all like that. only eclipse is different:)
so, are all current browsers not following that "rule" ?
or there is some default time-out for a session cookie i am
not aware of?
thanks.
EDIT:
I checked in firebug it said:
Name Value Domain Expires
name value localhost session
Check your PHP settings for session cookie name, domain and path, and unset the cookie using the same values given to setcookie(). They can all be read with ini_get() and fed to variables.
The above advice assumes you're using PHP built-in session mechanism, ie. you don't use a framework with it's own, custom session library.
What you set there is not a session cookie. After the page is loaded in the browser go check the cookies set from your server (localhost if it's local machine), you'll see a SESS_ID cookie which is set by the server and it goes when you close the browser
What you are actually trying to set is a persistent cookie..A session cookie or simply session can be simply set by starting a session or storing a value in session like $_SESSION['name']=$value.
What you are doing is a persistent cookie it wont expire even if browser is closed. It expires only after the time set in cookie expires.
Like setcookie($cookie_name, $cookie_value, time() + (86400 * 30), "/"); it will set cookie info for 1 day..even if browser it closed..
You can set time and cookie info according to your needs...
`
That's because you're setting a cookie.
Sessions are not cookies. Cookies are not sessions.
http://www.tuxradar.com/practicalphp/10/1/0
Quoted from the first page:
Cookies can be set to a long lifespan, which means that data stored in a cookie can be stored for months if not years.
And sessions, via the page on sessions:
It is also important to note that sessions only last till the user closes their browser, whereas cookies can be configured to last longer.
Thanks to everyone's response. It's my problem.
i am working on macbook, i thought clicking the red cross will close
the browser. but although browser is gone. on the very top of my screen,
it is still safari menu bar. i have to click safari and quit it.
now, all my session cookies are gone after closing the browser:)
Related
I can't seem to find a definitive answer on the internet, so I'm asking here.
When one uses session_start(); in a .php script and saves some values, when does the session end? So when would those values not be accessible again?
I've found that refreshing the page or stopping the session code-wise would stop it, and a possible time-out would stop the session as well. But what about navigating away from the site and returning a minute later? And closing the browser?
As for the last one, on mobile, what does 'closing the browser' mean? Closing the tab or even minimalising the site?
If your session values are not linked to any cookie, the session will end when the windows browser will be closed.
If your session variable comes from a cookie, the session will end after time specified in the cookie file.
In PHP, sessions work with a cookie of type session. Server-side, the session information is constantly deleted.
To set the lifetime of a cookie in php, you can use the function session_set_cookie_params, before the session_start:
session_set_cookie_params(3600,"/");
session_start();
For ex, 3600 seconds is a one hour, for 2 hours 3600*2 = 7200.
But it's a session cookie, the browser can make it expire by himself, if you want to save longer sessions (like remember login), you need save the data in the server and a standard cookie on the client side.
Navigating away from a site when using cookies will not break the session.
There are two things that can effectively end a session:
The cookie linking it to the browser gets destroyed. PHP typically uses session cookies. These are deleted when the browser is closed. The browser, not the tab. They can also be deleted manually.
When the server hasn't received a request from the browser with the session cookie for the session for a certain amount of time (defined in session.gc_maxlifetime) and it cleans up the session data.
I want to add a cookie using PHP to the browser which the expiration date is one year after the cookie is set. I have set the variable name,value,path "/",domain and the expiry date. However, when I close the browser and open the website again using the same browser, no cookies are sent to the web page. What happened? The cookie is still applicable if I only close the window only. Yet things happened when the application is shut down and opened again.
setcookie("LANG","english",time()+365*60*60*24,"/","sub.domain.org");
This is how to set the cookie:
$expire=time()+60*60*24*365;
setcookie("name", value, $expire);
to bring to cookie again:
$_COOKIE['name']
I've seen various questions like mine, though none provide the correct answer.
I've a PHP script:
session_start();
setcookie(session_name('DSWLogin'),session_id(),time()+2*7*24*60*60, '/');
//This will only be set once (when the user logs in)
$_SESSION['test'] = 'Yup, I am working';
if (isset($_SESSION['test'])){
echo 'Session is set and ready!';
} else {
echo 'No session was set...';
}
and that all works fine except after a browser restart, my PHP script ignores the session.
When my browser hasn't restarted yet, it'll echo 'Session is set and ready!'; just fine.
And when I look into my cookie tab, it indeed says a cookie, named DSWLogin has been set with a certain value.
When I restart my browser, my cookie tab still says that a cookie, named DSWLogin has been set with the same value it had before the restart, so it is still there!
But my PHP script apparently ignores is, and outputs 'No session was set...'...
Thanks in advance,
Isaiah v. Hunen
What you are trying to do is not really the correct way to achieve this. Sessions have two parts, a cookie with a session id set by default to expire at the end of the session (usually browser close) and a server side storage mechanism that is cleaned up automatically after a certain period of time after the last request was received.
What you are trying to do is extend the session to two weeks. While you could change the cookie settings and increase the timeout to session garbage collection doing this is not very reliable.
Instead you want to look at using a one time key stored in a cookie which acts as an alternate login path. This cookie can recreate the session just like a normal login would. There are some details that need to be considered for this to remain secure, but it will do what you are attempting to achieve.
Just because you are setting your session_id in some cookie doesn't mean it is THE session cookie. Most browsers will purge session cookies on browser close. This is what you are seeing. Look at the cookies in your browser that are set when your session is valid and compare this to the cookies that are still remaining after browser restart. You will notice your true session cookie has gone missing.
Quoting the manual:
The session name is reset to the default value stored in session.name
at request startup time. Thus, you need to call session_name() for
every request (and before session_start() or session_register() are
called).
Also if you want to change lifetime of session cookie, use session_set_cookie_params instead of forcing your own cookie.
Also read about session garbage collection and configuration, changing cookie lifetime might not be enough.
Are cookies and sessions depend on each other in PHP?
Does deleting or clearing either one of them affect the other?
Does by disabling either one of them in the browser affect the other?
P.S. I am newbie.
Edit: I was newbie at time of writing question. This question is faced by many newbies.
They are totally independent...
Cookies cannot store unlimited value, sessions can
You cannot store data in a cookie if user browser cookie is disabled where in session you can, because session id can append to URL
It is better to store data in sessions than to store in cookies because cookies can be tempered
If you delete cookies, then only those functionalities in your site will be disabled in which you are retrieving these cookies data but you'll be logged in and if you delete session cookie, you'll be logged out.. (1)
Cookies are stored on client machine where session are stored on your server
A session is ended if you close you browser while cookies stay there unless they are manually removed by the user or till they are expired
Inshort you've better control over sessions than on cookies
(1) For example if you are setting a cookie name demo and you are using a splash screen unless and until the demo is set you'll show a splash screen
if(!isset($_COOKIE['demo'])) { //Now this will show lightbox always if user has disabled his cookies
<script>...</script>
}
Articles
http://www.klovera.com/php-sessions-vs-cookies/
Reference
Session
Cookies
Sessions are stored on server, while cookies are on client. You can disable only cookies from your browser. Cookies can't affect session at all. In case of disabled cookies session id is passed via URL. If your cookies are enabled and session id is stored in cookie by deleting cookie you will not be able to access your session (It's still on server but you can't access it)
Also session can't affect cookies.
They are not connected, but by default PHP stores the session id within a cookie, The directive session.use_cookies is defaulted to 1
If cookies are disabled it uses URL. This can be set with session_use_trans_id. (default is disabled)
But if you delete a session cookie on the client, the next request to the server will not be able to find its associated session
Clearing session will not affect the cookies as cookies are attached with the HTTP request from the client to the server. A cookie can be set to expire after x amount of time, after which it is deleted on the client side.
All the answers are correct, just wanted to add this - If you do not set the timestamp for cookie, then the cookie is dependent on session and it will expire as soon as session ends.
Is it possible to set session variables or cookies that will exist across all tabs?
I thought firefox kept session across all existing tabs, however im testing and finding that only the current tab where the session was originally set is the session available.
Thanks!
EDIT:
Tab 1:
setcookie("testcookie", "something", time()+(60*60*24*365));
Tab 2:
print_r($_COOKIE['testcookie']);
Tab 2 only prints an empty array. If I move this to tab 1, it will print out the cookie.
Cookies are always sent to the server providing that:
The domain matches (including sub-domain).
The path matches (cookies can be assigned to specific path -- assigning them to root means the entire domain).
The port matches.
The protocol (http/https) matches if you set the cookie as secure.
As long as all those things are true, you should have your cookie / cookie based session on all tabs. You will need to refresh the tab in order to see any effects of the cookie (including seeing it in Javascript of Firefox extensions).
If all those are true and you are still not seeing your cookie on all tabs then you have a lot of debugging to do... that is not standard behavior.
When i test with the code you show in your edit i have no problems at all...
A few things you could try is:
Clear all cookies from firefox and run again (if you've set the cookie before but with other settings the browser sometimes get confused...
Try with another browser, or on another computer.
set path of the cookie to "/" and optionally domain to .youdomain.com like this setcookie("testcookie", "something", time()+(60*60*24*365), "/", ".yourdomain.com");
If you still cant make it work, my best bet would be cleaning up the server, possibly with a fresh install of PHP and Apache.
To have a universal storage, go with a cookie.
Cookies are Client Side
Session is Server Side