I have a php site with an iframe that leads to a .net site, if the user leaves the website we send the user a email that gives them a link that sets a session and a cookie that will allow the user to return to the site with all their details still filled out, we do this by sending the user to a link that leads to a page that is on the .net sites domain and sets a cookie and a session variable and then redirects to the php page that has the .net IFrame
In Chrome and firefox we have no problems what so ever but with IE the cookie and session are not being read, I have read that the now unused p3p policy is still enforced by IE when cookies are used with iframes so I have set content headers through IIS (and tried to set different cp values as well) but this has changed nothing
does anyone have any idea what I could try to get this working with IE? Thanks
Update
OK so the p3p headers on the domain setting the cookie (and the domain receiving the cookie as well) is p3p CP="NID DSP ALL COR" and the set cookie header is Set-Cookie cookiename=CustId=249674; expires=Wed, 23-Oct-2013 08:29:03 GMT; path=/ it also seems to pick up the cookie on the cookies section of the network tab when on the php page with the IFrame,but the request that the iframe makes get no cookies
You should start by reading this article, then you should share the HTTP response headers that contain both the Set-Cookie and the P3P header. You can collect these headers with Fiddler or the F12 Developer Tools' Network tab.
It Seems IE was having problems with the page contained in the Iframe only being part of a virtual directory in IIS and not actually in the website, when I removed the virtual directory and placed the files within the actual website all IE Problems disappeared, very odd but it works now
Related
I send the user to the bank site for online payment.
After the user returned from the bank site to my site, the site cookies were completely removed.
This problem has occurred to me recently and is not a problem in Firefox browser.
What is the cause of this problem?
My site is with PrestaShop
If this issue only persist in Chrome, i am guessing it could be an issue with Chrome disabling "SameSite" cookies as default value.
Allow cross-origin cookies:
go to /yourstore/.htaccess and add on top of this file the code SameSite=None
Make sure to clear your brower cookies
More details about SameSite cookies can be found here
If I have a general cookie applicable to a whole site (eg. stackoverflow.com), does that cookie get downloaded only for each Web page load, or does it get downloaded for every file downloaded on that Web page (such as image files)?
A cookie is just additional information provided in the Header part of a HTTP request.
Setting a cookie happens by including the line
Set-Cookie: key=value
in the HTTP response from the server to the client. It only needs to be set once and stays in the browser unless cookie storage is cleared.
Cookies can also automatically expire if needed
Set-Cookie: key=value; Expires=Wed, 09 Jun 2021 10:18:14 GMT
If a cookie for a site is set, the client includes it in every request to the server, adding something like this to the request header
Cookie: key=value
If and for which files the Set-Cookie header is added depends on the configuration of your server and your web application.
Does this answer your question?
You may also find the Wikipedia article covering cookies useful:
https://en.m.wikipedia.org/wiki/HTTP_cookie
I am trying to follow YSLOW's guidelines to optimize my site. I noticed that when static content like images, js and css files are hosted on my main domain, they are downloaded with unnecessary cookies. Therefore, I put them on a new domain (not subdomain) to avoid this.
I then found out that YSLOW says that this static content needs far future expire headers. Wouldn't that cause cookies to be enabled? Is this an either/or case or is it possible to host static content on a cookie free domain AND add expire headers? If so, how?
Cookies are not expire headers. Cookies are set with the Set-Cookie HTTP header, which specifically instructs the browser to save a small piece of text and send it again every time it contacts the same domain. Expire headers are set with the Expires and related headers and tell the browser when the content should be regarded as expired. This causes the browser to not contact the server at all and cache the data locally.
They're both entirely separate headers and mechanisms. See here for a list of all the other headers you can send and their effect, and use your browsers inspector's network tab to have a look at what kind of headers are being sent back and forth on each request.
I am facing one issue when I close my chrome browser and it will not show my cookies information in where I print information using $_COOKIE
I set Cookies for 30 days here is the code which is used to set cookies:
setcookie("cookie[".$_product->getSku()."]","".$_product->getSku()."",time()+2592000,'/','new.domain.com',true);
my site is secure so I set true as last parameter
it shows correct cookies information if I am not closing my browser but when O close my browser and come again it will not show the information which I set in cookies.
But when I show cookies information it will show me the cookies which were set earlier.
i also set setting of chrome to unchecked the option so when i close browser it will not delete my cookies too from chrome browser setting.
cookies is working correctly in FireFox eventhough if i close browser, but i can't get an idea what is the issue comes in chrome so if anybody is there which has faced this type of issue then please let me know what i can do to solve this issue
note: i also set expire time of cookies
Odd that it works in Firefox. I assume your Chrome installation is up to date!? Have you tried using setcookie() whist omitting the path and domain parameters to see if that alerts the behaviour in Chrome?
I have simple php application, it works on all browsers except on IE8 beta 2, problem occurs when I try to update table field using Ajax call (jQuery post method). Using IE8 debugger I figure out that IE8 doesn't send session cookie so php scripts redirects to login page instead of executing requested action.
What can I do to make this work.
Edit:
I haven't mention that i was using Code Igniter so i have solved this problem by replacing Code Igniter default session implementation with native one. Code igniter default session implementation uses cookie to store all data.
Yesterday I had similar problem and found the solution. I hope this will help someone else also.
Problem: Suppose there's a website www.somewebsite.com and IFRAME inside it whcih loads php file from my server, www.myserver.com/welcome.php. Website was loading successfully as well as my welcome page and it showed something like "Hello Bob", so it successfully found user and logged him in.
Afterwards my JavaScript was making AJAX calls to another PHP file, and response was kind of in "not authorized" state, so SESSION data was completely missing. After page refresh, everything was working correctly. And this was happening only under IE8!
I thought that problem was with sending session cookies to the server, but when I installed Fiddler, I found that IE8 was sending cookies as well as PHPSESSID correctly, but server was kind of unable to detect correct SESSION object. Another strange thing was that 2nd time server sent following header:
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
but first time no. After adding that header manually in PHP script, everything worked like a charm!
Then, when I googled that "p3p abracadabra", I found following web site:
http://adamyoung.net/IE-Blocking-iFrame-Cookies
Conclusion: Make sure that you're sending the header on every page that sets a cookie.
And this is not only related to IE8 + PHP combination, same problem happens in case of IE8 + ASP.NET, IE8 + JSP, etc.
I don't have IE8 myself, but your cookie might be blocked by Internet Explorer's strange security policies. A possible workaround can be to employ P3P (which is also the method for getting cookies working inside an IFRAME).
Generating the right P3P policy can be a bit of work, but you should be able to find the information you need at http://www.p3ptoolbox.org/
I had the same problem in IE8 RC1:
1)a user goes to the login page and a blank session cookie is set
2)The user logs in and a validated session cookie is set and javascript opens a new window and closes the current window.
3)The new window is opened and contains a blank session cookie.
4)The user is redirected to the login page
I changed step 1 so that the blank cookie was not set - I only send the session cookie if its been validated. This fixed the problem for me.
I am having trouble getting IE8 to use SSL Certificates (PK12) files as a means of authorization. If I want to protect a directory and force a matching web certificate to be present in the browser before granting access. It works fine with IE7 and all versions of Mozilla - just not IE8. It has rendered my wife's dictation system useless. One other thing I noticed is that when it sets the PHPSESSID cookie, it list the domain as .net and not mydomain.net.
As a workaround, you can embed the SessionID as a parameter on the uri.
See passing session id in the php manual.