I am using query.cookie.js to set a cookie as in the following code:
$.cookie('objectID', objectID);
var theTarget = '/mvtm?page_id=4252' ;
window.open(theTarget, "Detail").focus();
Then in the targeted page, in an iframe, I am using PHP code to access the cookie:
$variable = $_COOKIE['objectID'];
However, that index in $_COOKIE is undefined! I can see the cookie in the browser in both the page where it is set and the targeted page (using browser developer tools). These pages are all in the same domain (localhost) and the cookies are intended to be simple session cookies.
Does the fact that both the set and get code above are in iframes have any bearing? I've tried this in both Safari and Firefox.
Make the cookie available across the entire domain by setting the path
$.cookie('objectID', objectID, { path: '/' });
by default it's only available on the page where it was created.
Related
I'm newbie learning laravel and have the following in my route file::
Route::get("/setcookie", function(){
$cookie = Cookie::make("low-carb","almond cookie",30);
return Redirect::to("getcookie")->withCookie($cookie);
});
Route::get("/getcookie", function(){
$cookie = Cookie::get("low-carb");
return View::make("getcookie")->withCookie($cookie);
});
I set a cookie and redirect to a different page. I want to be able to show the cookie via javascript dialog box in a view page. The "getcookie" view page looks like::
<html>
<body>
this is the cookie page
<script language="javascript">
window.onload = showCookies;
function showCookies(){
alert("Cookie is: " + document.cookie);
}
</script>
</body>
</html>
The only thing i see on the popup dialog box is "Cookie is". The value am expecting doesn't show up.
I know definitely that am doing something wrong because when i check the cookies in the chrome developer tools, i see for the "setcookie" route, the keys REQUEST COOKIE and RESPONSE_COOKIE (laravel_session and low-carb) both have values but for the "getcookie" route where it is redirected to, the REQUEST COOKIE key in chrome has both "laravel_session and low-carb" but the RESPONSE_COOKIE key only has the "laravel_session" and the "low-carb" key-value is missing.
What am i doing wrong?
By default Laravel cookies are marked as httponly - this means that they they can't be accessed via JS. This is often what you want, hence it being the default.
If you look at the source here: https://github.com/laravel/framework/blob/master/src/Illuminate/Cookie/CookieJar.php#L41, you'll see that the method signature looks like:
public function make($name, $value, $minutes = 0, $path = null, $domain = null, $secure = false, $httpOnly = true)
where the last variable passed in is the httpOnly variable.
So, if you change from:
Cookie::make("low-carb","almond cookie",30);
to
Cookie::make("low-carb","almond cookie",30, null, null, false, false);
Then your cookie will not be marked as httponly, and will be accessible via JS.
You can check if a cookie httponly or not by using your browsers dev tools, in Chrome's Dev Tools go to Resources, then to Cookies, then to oyur domain, and there is a column in that table called HTTP - it has a Tick if that cookies is HTTPonly.
Edit: All cookies are encrypted and signed in Laravel, so that users can't tamper with them. Not 100% on this personally - $_SESSION is for persistent data that the user can't edit, $_COOKIE is for data that you want the user to be able to read and edit. Anyway, just use PHP's native:
setcookie("low-carb", "almond cookie", time()+(30*60));
instead of the laravel method if you want to do this.
You might also want to think whether there is a "better" way to deal with this - perhaps you don't need Cookies for this anyway (remember they are sent with every request that matches the cookie's path, CSS, JS, images, fonts - everything)
I have created one php web page which creates a cookie. That web page redirects the user on another (second) php web page. On this second web page I'm trying to delete the cookie which is created by the first page. But cookie is not getting deleted. And the second web page shows an error like "can not modify header information"
My php code format for deleting that cookie is like:
if(isset($_COOKIE['cookieName']))
{
setCookie('cookieName','values',time()-3600,'/','example#domain.com',0);
}
I hope you are making use of unset()
Do like this
if(isset($_COOKIE['cookieName']))
{
unset($_COOKIE['cookieName']));
}
Can you try this,
unset($_COOKIE['cookieName']);
setcookie('cookieName', null, -1, '/');
Path:
The path on the server in which the cookie will be available on. If set to '/', the cookie will be available within the entire domain. If set to '/foo/', the cookie will only be available within the /foo/ directory and all sub-directories such as /foo/bar/ of domain. The default value is the current directory that the cookie is being set in.
Domain:
The domain that the cookie is available to. Setting the domain to 'www.example.com' will make the cookie available in the www subdomain and higher subdomains. Cookies available to a lower domain, such as 'example.com' will be available to higher subdomains, such as 'www.example.com'.
Setting cookies is done in the HTTP header. This header is sent before the actual content of the page. As a result, you can only (un)set the cookie of you have not yet sent any output.
This is also stated in the setcookie documentation:
Like other headers, cookies must be sent before any output from your
script (this is a protocol restriction). This requires that you place
calls to this function prior to any output, including and
tags as well as any whitespace.
For example:
<?php
if (isset($_COOKIE['cookieName'])) {
unset($_COOKIE['cookieName']);
setcookie("cookieName", "", time()-3600);
}
?>
<html>
....
</html>
(Also see the question Remove a cookie.)
Using JSONP on a site say xyz.com, I am calling a site abc.com/test.php. However, everytime I call this site, I get a new session id in IE6 and IE7. In other browsers it remains constant.
The code of test.php is something like:
<?php
session_start();
echo session_id();
?>
However, after I visit http://abc.com/test.php in another window, and then refresh my page at xyz.com with JSONP code, it shows a constant ID. I have no clue why. Any suggestions?
This happens only in IE6 and IE7. Rest all work as expected. Somehow IE6 and IE7 dont seam to retain the session id (i.e. cookie name) until I actually visit the site in another window.
Based on some info on PHP.net, will adding this header work?
<?php header('P3P: CP="CAO PSA OUR"'); ?>
Quote:
"workaround when using session variables in a .php file referred by a frame (.html, or
other file type) at a different server than the one serving the .php:
Under these conditions IE6 or later silently refuses the session cookie that is
attempted to create (either implicitly or explicitly by invoquing session_start()).
As a consequence, your session variable will return an empty value.
According to MS kb, the workaround is to add a header that says your remote .php page
will not abuse from the fact that permission has been granted.
Place this header on the .php file that will create/update the session variables you want:"
If this doesn't solve it, it might be something to do with the HTTReferer as IE doesn't send it on requests that initiate from JavaScript (e.g. doing this in IE will fail to send the HTTR Referer document.location.href = 'http://example.com/';
I have a method in users_controller.php of my CakePHP project which is used to remotely log a user in through an AJAX call on a WordPress site. The method works flawlessly when called through Firefox, but when I attempt to call it either via AJAX or directly from the browser in IE8 or Safari, it simply will not log in. The Auth->login() method returns true as if everything is fine, but it does not log in. Any ideas?
function remoteLogin($key)
{
# this method should only be called via AJAX
$this->layout = 'ajax';
$matching_key = '***';
if($key == $matching_key)
{
# auto-login service account
$data['User']['username'] = '***';
$data['User']['password'] = $this->Auth->password('***');
$this->Auth->login($data);
}
}
Note: I have now confirmed that this method does not work in Opera either. I'm legitimately confused.
You might want to check your cookies and make sure they are being passed as you expect. Fiddler is helpful to see the http traffic as it goes by to figure out these AJAX issues.
Are www.domain.com and domain.com going to the same place?
If so this may be related to a CakePHP / IE issue I ran accross.
Delete any domain level cookies and see if it works.
In IE any domain cookies will take precidence over the subdomain cookies. So if you ever get a cookie going to domain.com and then later go to www.domain.com you can reset your session login, logout all day long but IE will ignore the www.domain.com cookies and continue to use the original domain.com one. I wrote a patch for an old version of Cake that would let you set/force the cookie scope to domain.com even when they are accessing the site as www.domain.com to get around this.
Don't now about IE8, but Safari does block cross-domain ajax, even between "siblings" under the same top domain. E.G. You can't have app.example.com load a div using ajax from helppages.example.com. Forget cookies, I am talking just plain html loaded using ajax.
I think the problem is your domain.
Ex: IE or some browser don't work if your domain like: abc_def.com, ...
Please check your domain and change it like abcdef.com => it'll be ok
Coles Notes version:
index.php?map_id=foo is loaded into iframe on www.not-my-domain.com. index sets SESSION['map_id'] = foo. Flash file tries to get SESSION['map_id'] thru Authenticate.php, but Authenticate.php has no values set for any SESSION varaibles.
-- Only first-load, cross domain issue.
Verbose:
I have an index while where I set: SESSION['map_id'] = foo
The index file then loads a flash file. When initialized, the flash accesses an 'Authenticate.php' file which echo's out the SESSION['map_id'] and is loaded into flash via LoadVars. Flash then displays the appropriate data.
This step cannot be done another way
This all works just fine on our main site. The issue comes when we try to port out to other sites by providing iframe embed codes:
<iframe src="http://www.mydomain.com/?map_id=foo&code=bar" ... ></iframe>
On a fresh load of the embed code from another site (www.anotherdomain.com), it seems that the SESSION variables have been destroyed, as flash simply says they are empty. ( $map_id outputs a blank )
The index file will still properly echo $map_id as 'foo', it just seems the 'Authenticate.php' file cannot access the SESSION varaibles.
I have ensured session_start() is present in all appropriate files.
PHP session ids are passed through cookies by default, but you can't transfer cookies across domains. Try passing the session id through the url instead.
Here is the appropriate page in the php documentation.
There are a few ways you can get php to pass the session id in the url if it's not being done automatically.
You can manually pass the session id in the url (must come before other get variables):
<iframe src="http://www.mydomain.com/?&map_id=foo&code=bar">
You can disable cookies, forcing every request to have the session id automatically added to the url:
ini_set("session.use_cookies","0");
You can edit the url_rewriter.tags setting, which tells PHP which html tags to rewrite with the session id. Here, iframe=src has been added to the default set:
ini_set("url_rewriter.tags", "a=href,area=href,frame=src,iframe=src,input=src,form=fakeentry");