I have set the cookie on my website like this
setcookie('src_from','',time()+60*60*24*2,'/');
but when i am doing inspect element, In cookie section of under my website its showing another website name in domain column.
This is strange, why this is happening i am not able to understand, Please help me to sort out this problem.
If you include elements from other sites (i.e. images, scripts) - these sites can send headers with cookie. And you can see cookies from another sites on this pages. But another sites can't see cookies of each other (and overwrite too) - because of policy of your browser.
It can be possible but if you control those two websites/scripts.
In other cases it would be very hard to do that.
The thing is that you might haven't done it properly.
Try providing the domain name as a next parameter.
Or reload the site with using ctrl+F5 or clear all cookies in a browser.
You are setting a cookie expiration time in the past:
echo date("Y-m-d H:i:s", time()-60*60*24*2);
so you are actually removing the cookie - it's not overwriten by another cookie
Related
I like to use PHP to see if a cookie PHPSID27258STATUS is present with the value COMPLETE en if so do stuff.
In google chrome (in Options) I can see this cookie is present and has the value COMPLETE.
If I run this PHP script I get 'Not Set'. What am I doing wrong here?
$cookiename="PHPSID27258STATUS";
if (isset($_COOKIE[$cookiename]) && $_COOKIE[$cookiename] == "COMPLETE")
--update
The cookie is set by "limesurvey" an open source survey platform. Although its probably not the best way. I use limesurvey to have a small survey (iframe) on an site i'm building. I like to let the survey disappear on the next visit when it has bin posted.
Limesurvey runs from the same host (localhost now). And is in a sub directory of the site.
I guess (but there's a lot of code in LS) this is how the cookie is made after an poll/post is completed.
$cookiename="PHPSID".returnglobal('sid')."STATUS";
setcookie("$cookiename", "COMPLETE", time() + 31536000); //Cookie will expire in 365 days
You can only read cookies which belong to the same domain as the reading script. For instance if the cookie PHPSID27258STATUS was set by domain xyz.com, you can not read it using a script on abc.com. So make sure the domain of your desired cookie is the same. Also show us the code part where you are setting your cookie.
Edit:
setcookie($cookiename, "COMPLETE", (time() + 31536000) , '/');
Try setting the cookie with this code:
setcookie("cookiename", "cookievalue", time() + 31536000, "/");
This makes the cookie available to the whole domain, I recently encountered the same issue and when I tried this, it made it work, the reason is, your browser stores cookies for both domain.com and www.domain.com so you never know which your setting and getting from, it's good practice to set the domain even if you don't have this problem.
You cannot access a cookie immediately after you set it. At least last time it was like that. Make sure you do not have this issue. If it is not may be you have a problem setting the cookie, and in that case please post that part as well.
You mention that the cookie is set by a program running in its own sub-directory. You don't mention whether the cookie itself is set to be in that sub-directory, but I suspect this is where your problem is.
If a cookie is set to a path, then it will only be accessible to pages within that path. This behaviour is described in the PHP setcookie() manual page.
When you're setting cookies from a page within a sub-directory, then in order for the cookie to be accessible to the whole site, setcookie() needs to be called with the optional path parameter set to "/".
You state that the cookie is being set by LimeSurvey. I don't know this software, but you should be able to look at the source and see whether it's using the path parameter when it sets the cookie. If not, your best option would be to modify it so that it does. Then the cookie will be accessible to the whole site. (It would be quite understandable if the LineSurvey developers had chosen not to set it for the whole site, because it would allow the software to be run as a more isolated entity from anything else on the site).
Is it possible to set session variables or cookies that will exist across all tabs?
I thought firefox kept session across all existing tabs, however im testing and finding that only the current tab where the session was originally set is the session available.
Thanks!
EDIT:
Tab 1:
setcookie("testcookie", "something", time()+(60*60*24*365));
Tab 2:
print_r($_COOKIE['testcookie']);
Tab 2 only prints an empty array. If I move this to tab 1, it will print out the cookie.
Cookies are always sent to the server providing that:
The domain matches (including sub-domain).
The path matches (cookies can be assigned to specific path -- assigning them to root means the entire domain).
The port matches.
The protocol (http/https) matches if you set the cookie as secure.
As long as all those things are true, you should have your cookie / cookie based session on all tabs. You will need to refresh the tab in order to see any effects of the cookie (including seeing it in Javascript of Firefox extensions).
If all those are true and you are still not seeing your cookie on all tabs then you have a lot of debugging to do... that is not standard behavior.
When i test with the code you show in your edit i have no problems at all...
A few things you could try is:
Clear all cookies from firefox and run again (if you've set the cookie before but with other settings the browser sometimes get confused...
Try with another browser, or on another computer.
set path of the cookie to "/" and optionally domain to .youdomain.com like this setcookie("testcookie", "something", time()+(60*60*24*365), "/", ".yourdomain.com");
If you still cant make it work, my best bet would be cleaning up the server, possibly with a fresh install of PHP and Apache.
To have a universal storage, go with a cookie.
Cookies are Client Side
Session is Server Side
I need to use the same session in different subdomains.
First I put
php_value session.cookie_domain ".aaaa.com"
on .htaccess file and upload it to root path.
when I need to use sessions. I just call
session_start();
Sometimes it works but sometimes it doesn't.
I tested this and found that.
If I go to login page the first time, then login and go to subdomain page. It works!
If I go to subdomain page and click to login page and go back to subdomain page by javascript window.location = 'http://sub.aaaa.com'; it does not work!!
If I login on 2 web browser with the same account it does not work!!
Are there another way? Or how do I fix this problem. I want my website to use a single login.
Make sure you have session_start() on every page you are using sessions, including some that might not be visible to the user.
If you are using two web browsers the sessions are independent from each other, and this is by design.
To debug your #2 problem, use an HTTP monitor such as HTTPFox to view the headers coming to/from the server as you log in and surf around, make sure the cookie is being properly set with the correct domain and path restrictions.
Probm #3 - I'm not sure what you're getting at. Are you using two seperate browsers (say Firefox and Chrome?), or do you mean you're using two windows/tabs of the same browser? For the first, two different browsers will not share cookies, so you can't share a single session between them, without doing some hacks to manually transfer cookies between them.
As for two different tabs/windows of the same browser, such an implementation depends on your login logic. If the login script starts a new session unconditionally, then you second login attempt will get a completely seperate session from the first login, and most likely overwrite the first login's cookie as well.
I have two domains. One domain contains the login script. It creates a cookie when logged in. Another domain have a URL shortener.
So, on the 2nd domain that have the URL Shortener script have a file called session.php. Usually I was using $_COOKIE['sessionid'] to get the session id and match it using database.
How can I get the session id now? I have tried few ways but none of them have solve my problem.
For obvious security reasons, you can't read a cookie that belongs to another domain. You can do it across sub-domains though.
Why not append the session id to the forwarded URL?
Have you considered using a SSO implementation?
http://www.jasig.org/cas
http://en.wikipedia.org/wiki/Single_sign-on
We use it at work, it's awesome! It means we don't have to worry about these types of problems.
Cookies are sent by the browser and only to the domain, the cookies were set for.
There is not much (meaning nothing ;) ) you can do.
But if your domains are two different subdomains (e.g. login.yourdomain.com and shortener.yourdomain.com) you just have to set the domain name accordingly to make the cookie valid for all subdomains.
In this case, it would be .yourdomain.com.
You might want to read the documentation of setcookie().
Maybe it is better if you clearly describe what you want to accomplish. Probably there is another solution that does not involve cookies.
Just while setting cookie from the login page
set the cookie to entire domain like this
setcookie("c","value",time()*3600*24,"/");
in this way you can set cookie to your entire domain.
You can't read a cookie from the other domain.
though there are several ways to pass a session id. You can search SO for the cross-domain authorization
The easiest way is to pass a session id via query string
You can't. Cookies are bound to a single domain. You can use cookies across multiple subdomains though.
i am using php 5.2.8
i have index.html, which loads LOAD.PHP from IFRAME.
iframe src="load.php".....
i printed out load.php's session id.
then i ran another test.php, and printed out it's session id.
php session id's were different.
therefore, i cannot pass any session variables....
what is happening here ? this problem did not happen before, suddenly today it started happening.... however this problem still exists....its driving me nuts !
session.saved_path is same for both.... /var/php5, cookie path is same...
If PHP is creating a second session ID on the second load of the page, then it means that the first one was not passed back properly. Likely, the cookie is not being set for some reason. Things to check:
Test in multiple browsers?
Did you disable cookies in your browser somehow?
Is the iframe on a different domain or subdomain that might prevent cookie passing?
Install LiveHTTPHeaders or some other firefox add-in to check the cookies you are receiving
http://www.example.com will have a different sessionID than http://example.com
(not really an answer as your questions doesn't seem to me to have enough data to provice a certain answer, but rather a few things to check about)
The files are in the same domain and directory and the cookie are not limited to a different directory (i.e. path=/)? (note: they're not limited unless you tell that explicitly with session_set_cookie_params)
Is the browser sending the cookie (or are you maybe in "incognito mode")? If cookies don't work PHP will probably try to pass Session IDs in the QueryString and fail, if you go to test.php writing its name manually and not following a link (usually I use session.use_only_cookies=1 to avoid that).
They will have different SID if they have different cookie domain or cookies are not working at all and PHP is configured to use only cookies for session ID (session.use_only_cookies=1).
Cookies domain is explained here
Only hosts within the specified domain can set a cookie for a domain and domains must have at least two (2) or three (3) periods in them to prevent domains of the form: ".com", ".edu", and "va.us". Any domain that fails within one of the seven special top level domains listed below only require two periods. Any other domain requires at least three. The seven special top level domains are: "COM", "EDU", "NET", "ORG", "GOV", "MIL", and "INT".
The default value of domain is the host name of the server which generated the cookie response.
So set a common domain for your hosts and they will share cookies, thus PHP SID :)