I have to set cookies from subdomain to domain and I have to read them, how can I do it?
Example: sub1.domain.com -> domain.com
Thanks
Use .domain.com as your domain (note the dot before domain.com). This way the cookie is available on all other subdomains, including the www subdomain.
Learn more about here: http://www.w3schools.com/php/func_http_setcookie.asp
Related
We have a website www.example.com that use some cookies.
And we have a copy of this website in a subfolder like these:
www.example.com:8000/test/
The copy of this subfolder is for testing.
We create the cookies like this (for example) in the domain and in the subfolder:
setcookie("name", "value", time() + 1800);
And when we navigate into domain and subfolder on different tabs into the same navigator we have conflict between cookies because we have the same cookies in both.
I think that we can do this in the subfolder:
setcookie("name", "value", time() + 1800, "test", "www.example.com:8000");
To my knowledge this creates only the cookies in the subfolder and one part of the problem would be solved.
But, to my knowledge, when we create a cookie in the root of the domain, this cookie is also available in the subfolders... then the problem will continue...
Anyone knows how can I define a cookie only for the root folder of the domain?
Thanks a lot.
You can't
Cookies are strongly connected with website. A domain to be specific. And that's why they are great and powerfull. Any cookie defined anywhere within www.example.com will be accessible in any page on this domain. But on the www.blog.example.com however, that cookie will not be accessible, as subdomains are technically separate domains/websites. Folders and subdirectiories are not.
Using subfolder allows you to set cookie to more deep parts of website. But you cannot limit cookie to root only.
How to help you
Use different names for your cookies.
I'm writing session on mydomain.com/login.php I believe this can't be accessed in www.mydomain.com. Is that right?
How can I write to $_SESSION so I can access it from both the www. and non-www version of my domain?
have a look at session_set_cookie_params
it explains setting . in the domain will allows for access to subdomains as well,
Cookie domain, for example 'www.php.net'. To make cookies visible on all
subdomains then the domain must be prefixed with a dot like '.php.net'.
miki has an example
http://www.php.net/manual/en/function.session-set-cookie-params.php#94961
session_set_cookie_params("$lifetime","$path","$domain","$secure","$httponly") is the best one in php language for setting session in both www and non-www url
There is a website with several subdomains.
On the main subdomain cookies are set:
#setcookie( $name, $value, $expires, '/', '.www.mysite.com');
I can see the cookie on www.mysite.com and sub1.mysite.com.
The directories are:
www.mysite.com: public/index.php
sub1.mysite.com: public/sub1/index.php
How can that be possible that I can't see it in the new subdomain sub2.mysite.com?
sub2.mysite.com public/sub2/index.php
Setting the domain to 'www.example.com' or '.www.example.com' will
make the cookie only available in the www subdomain.
If you want to make the cookie available on all subdomains of example.com (including example.com itself) then you'd set it to '.example.com'.
make sure the path is set to / so it works for the whole site, otherwise it might not work for sub directories on your site
Using # is not a wise act in general but using it in front of setcookie() is exceptionally unwise, if not to say a stronger word.
Subdomain should be set to .mysite.com'
path should be set, not omitted. If you want to have access to the cookie in any directory, set path to /.
Nevertheless, the reason can be any. One have to debug their code, not asking for the possible reasons.
Greetings
I have a website with multiple subdomains, one subdomain per language: pl.example.com, en.example.cm, fr.example.com. I would like to keep one session across all subdomains so I'm setting session cookie and remember_me cookie for ".example.com". On the other hand all images should be served without cookies. Is it possible to tell the Apache to don't send cookies for this one particular subdomain (pl.example.com, en.example.com, fr.example.com - shared cookies, images.example.com - no cookies at all)
Best Regards
A.
In the appropriate httpd config section:
Header unset Set-Cookie
Or just don't try to set cookies in the first place.
I don't know a qualified solution to your question but - I'd build the structure another way:
- yourdomain.com
- /pl
- /en
- /fr
- /images
You would then be able to use mod_rewrite to rewrite your url pl.yourdomain.com to yourdomain.com/pl/.
I think this approach makes things much easier.
Why is it that if I create a cookie on www.example.com and check it on example.com, the cookie doesn't exist there? I am planning to just use .htaccess redirect non-www to a www domain. But how do I solve this?
Browsers are the main culprit here, not PHP. They store by domain, and don't know that www is a special case; from their perspective, www.mydomain.com and mydomain.com are different strings, and therefore have different security policies. However, there is something you can do.
When setting the cookie, use .mydomain.com (with the leading dot). This will tell your user's browser make the cookie accessible to mydomain.com and all subdomains, including www. PHP's setcookie has the argument $domain, but it's fifth on the list, so you may need to set $expire and $path to their default values in order to get at it.
setcookie('name', 'value', time()+3600, '/', '.mydomain.com');
For consistency, however, you may wish to consider rerouting all web traffic to a specific domain, i.e. send mydomain.com traffic to www.mydomain.com, or vice-versa. My vague knowledge of SEO (edit if incorrect) tells me that it's helpful so as not to have duplicate content, and it saves you all such authentication issues. Additionally, if you store assets on a subdomain, having cookies on there slows down traffic by having to transport it each time, so storing application cookies only on www earns you that speed boost.
Here is a tutorial on how to accomplish such a redirect in Apache.
setcookie("CookieName", "value", time()+3600, "/", ".mydomain.com");
I believe you can set the cookie at example.com (really .example.com) and it will be sent if they go to www.example.com, but not vice versa. This standard security policy is to prevent users' private data from being sent to unintended servers.
Personally, I use virtualhosts in my apache2.conf:
<VirtualHost *:80>
ServerName example.com
RedirectMatch (.*) http://www.example.com$1
</VirtualHost>
... in this example, everyone trying to load e.g. http://example.com/index.html is redirected to http://www.example.com/index.html.
because php translates www.mydomain.com differently from mydomain.com. If the domains are not 100% identical the cookie wont match.
And I'm sure the browser also looks for 100% match of the domain name before allowing servers to overwrite them.
Just use .htaccess to redirect. It's the only SURE way to tackle this in all browsers.