I have a web site wrote with PHP and running on Nginx HTTP server. I have a cookie called "locale" which represents the user locale. For 6 months, I am sending the cookie like this:
setCookie("locale", "fr", time() + 36000, "/");
As a cookie less domain, I understand it's only available on my single domain "www.mydomain.com".
But now, I want to create 2 news sub domains:
m.mydomain.com (the mobile part)
secure.mydomain.com (a secure version)
I see "locale" cookie set on www is not accessible by m or secure. So now I am sending the cookie like this:
setCookie("locale", "fr", time() + 36000, "/", ".mydomain.com");
Yeah my cookie is available everywhere now! But as I have some users who had already browsed my web site, they have the domain less cookie + the new one, their browser send me both cookies but PHP gives me the former one. As a result nobody can change the locale any more.
Question is: how can I migrate from this domain less cookie to a domain specified cookie? Without change the cookie name.
The first cookie you set without the domain defaulted to www.mydomain.com and because that's more specific than '.mydomain.com' it's choosing the original cookie. Read the accepted answer here.
How to get the domain of a specific cookie?
As conclusion, I will put this in my index.php file during 1 week:
setCookie('locale', null, time() - 5000, '/');
In order to delete the domain-less cookie. I have tested on all major browser, and I don't see any conflict with:
setCookie('locale', 'fr', time() + 36000, '/', '.mydomain.com');
Related
I have:
mydomain.com (which is the portal of the game, global setting and stuff)
game.mydomain.com (which is the the actual game)
The problem is that I want to set a cookie that is available globally, on game.mydomain.net, mydomain.net (and whatever subdomain i'm going to create in the future).
I've been trying to set the cookie from another subdomain as I've read that subdomains can set cookies to parent domains but not vice versa (which is wierd and I guess I've read it wrong). Whatever, so I've done another account.mydomain.com (from which I'm making an ajax call form mydomain.net so the user can authenticate) and I'm using
setcookie('session', $value, time() + 2592000 (one month), '/', '.tribul.net');
Then, return the success message and refresh the main page on mydomain.net so it can read the new cookie value.. problem is, there's no cookie set. I've also been trying to set the cookie from mydomain.com (as .tribul.net) so it can be avaialable on all subdomains but it's available only on the main domain. What's wrong?
I need to connect all subdomains and the domain to the same cookie, TO BE NOTICED, I am setting the cookie in a backend file named process.php (placed in account.domain.com) as result of an ajax request.
Try this setcookie('session', $value, time() + 2592000 , '', '.tribul.net');
In php.ini:
session.cookie_path = /
session.cookie_domain = ".mydomain.com"
Set Cookie:
setcookie('session', $value, time() + 2592000, '/', 'mydomain.com');
I used Klaus Hartl's jquery cookie plugin in order to use my problem since I haven't been able to set up a global cookie from the ajax backend.
php manual has setcookies syntax like this
setcookie ($name, $value, $expire, $path, $domain, $secure, $httponly)
It is said that cookies are stored on the remotely in client side. The syntax has path var that if applied cookies will be stored on the server side.
Now suppose if I mention that path var "/". And on user named denish log in and I create a cookie for username for remember me functionality
setcookie('site_username','denish',time + 3600,'/','.xyz.com')
Now each time the different user logs in. Would it over write the previous cookie or new cookie will be created?
What if I want to create a cookie client side and also want to apply $domain var. Is it possible?
Cookies are always stored in the client. The path only sets restrictions to what remote pages can access said cookies. For example, if you set a cookie with the path "/foo/" then only pages in the directory "/foo/" and subdirectories of "/foo/" can read the cookie.
The domain does the same restriction, only with subdomains.
Cookies with the same name will overwrite each other, yes.
I believe you cannot set a cookie to another domain other than the page you're on due to security issues.
You're incorrect as to the use of the path argument from the manual:
The path on the server in which the cookie will be available on.
Cookies are always stored on the client's machine.
If you use different $paths you can have two cookies with the same name.
setcookie("foobar", "root", time()+3600, "/");
setcookie("foobar", "test", time()+3600, "/test");
The first cookie (root) can be accessed using any $path in this domain, except for /test/*. In /test/* only the second cookie can be accessed. Both cookies are stored by the user's browser and the browser decides which cookie to provide based on which cookie's $path matches the current URL.
EDITED, look at the end
I got a Symfony 1.2 project, that was running on two domains (different app used on each domain) : www.mywebsite.com and abonnement.mywebsite.com
I had two different cookie name/domain in each app.
We decided to use the same cookie for both apps. So, i edited the config for both apps and set the cookie_domain to .mywebsite.com, and setted the cookie_name to mywebsite_cookie in boths apps.
The problem is that when I visit abonnement.mywebsite.com, the old cookie is used. Manually deleting this cookie in my browser fixes the problem, but there are thousands of users on this website and I'm wondering if there's a solution to manually delete this cookie.
I tried :
if (isset($_COOKIE['abonnement_cookie'])) {
ini_set('session.cookie_domain', 'abonnement.mywebsite.com);
setcookie('abonnement_cookie', '', time() - 3600, '/');
$this->redirect('#internet_etape_1');
}
But no success.
Is there a way to do it?
I'm using Firefox 9.0.1
Thanks!
Edit:
I found the problem, cookie was created with "host" and not "domain".
To use the current host, you need to specify '' as domain :
setcookie('abonnement_cookie', 0, time() - 3600, '/', '');
Hope this helps!
You need to match the domain and path that which was used to create the cookie when destroying the cookie. This is because as you have discovered, it is possible to have a cookie with the same name and different scopes for the same domain. When destroying the cookie, you must match the scope that was used to create it, so the client knows which one to destroy.
Try:
setcookie('abonnement_cookie', '', time() - 3600, '/', 'abonnement.mywebsite.com');
Ok I have a cookie set, and I can clearly see it if I go to private data in Firefox... ok so when I echo it on one page in a certain directory it works, (www.example.com/dir), but on the index page of the site (www.example.com), it wont echo, it says the cookie is not set. Yes I have cookies enabled, yes I tried clearing cache and all that. Any ideas? PHP btw
Which directory are you in when the cookie gets set?
From the PHP manual on setcookie(), emphasis mine:
Path
The path on the server in which the cookie will be available on. If set to '/', the cookie will be available within the entire domain . If set to '/foo/', the cookie will only be available within the /foo/ directory and all sub-directories such as /foo/bar/ of domain . The default value is the current directory that the cookie is being set in.
Cookies can be bound to a specific domain, subdomain, path, and protocol (http/https). You need to specify the path when setting the cookie in PHP:
setcookie("TestCookie", "Value", time()+3600 , '/' );
The fourth parameter binds it to the root of the site and it will be available in any subdirectory of the main site.
If you want it available on the main domain and any subdomain, supply the fifth parameter like this:
setcookie("TestCookie", "Value", time()+3600 , '/', '.example.com' );
Now it will be readable at:
www.example.com
example.com/newdir
awesome.example.com/newdir
You need to check the path that the cookie is being set.
If it's not '/', there's your answer!
Yes try this, I was also facing this problem but resolved by below code.
setcookie("TestCookie", "Value", time()+3600 , '/' );
Set your path option; the default value is the current directory that the cookie is being set in. Because you're setting the cookie in the directory /dir , its only available within that directory or below it.
You get around this by explicitly setting the path, ie.
setcookie(name,value,expire,path,domain,secure)
Set the path to "/".
setcookie("Cookie_name", "Cookie_Value", time()+3600 , '/' );
fourth parameter ('/') will make your cookies accessible to pages in parent directories.
You need to set the $path to / in setcookie(), if you want to access it in all directories
Cookies Must Be Set Before Page Output !!!
Since cookies are sent by the script to the browser in the HTTP headers, before your page is sent, they must be set before you even send a single line of HTML or any other page output. The moment you send any sort of output, you are signalling the end of the HTTP headers. When that happens, you can no longer set any cookie. If you try, the setcookie() function will return FALSE, and the cookie will not be sent.
setcookie('cookie_username', $cookie_username, time() + (86400 * 30), "/"); // 86400 = 1 day, '/' denotes cookie available in entire directory.
and in another page:
$username = $_COOKIE['cookie_username'];
also make sure that browser is not blocking cookies.
If you want to use cookies in sub domain also:
setcookie('cookie_username', $cookie_username, time() + (86400 * 30), "/", ".subdomain.com"); // 86400 = 1 day, '/' denotes cookie available in entire directory.
Why when set php cookie path to "/" doesn't work for every subdirs in the domain, but just for the current directory.
cookie is set like:
setcookie("name", "val", expire_time, "/");
It just doesn't want to work.
try including the domain parameter:
setcookie("name", "val", expire_time, "/", ".domain.com");
// don't forget the prefixing period: .domain.com
that will enable all sudomains of "domain.com"
Are you testing on localhost? In that case, you need to pass null as the value for $domain.
Setting the cookie path to / should make it available to the entire domain. If you set your cookie like that, and it isn't being sent, there is something else wrong.
Try using the Web Developer addon in Firefox. It shows you details on the available cookies. Maybe that can help you diagnose the problem.
Late to the party, I know. But I just discovered that my issue was pretty stupid, but I'll post it for completion:
I was neglecting to add time() to the expires time on the cookie, so it was expiring immediately.
The expires time should be time() + seconds