On mydomain.com if I run this code:
session_start();
$_SESSION['close_label'] = '1';
and then onspect the session cookie in my browser, it says:
domain: .mydomain.com
Is it possible to have it say:
domain: .someotherdomain.com
or not?
You cannot set cookies for a completely different domain. That would be a security nightmare. You can set cookies for the current domain and/or subdomains of it. That's all.
Related
Can anyone tell me how to read cookie from subdomain. I can set the cookie for subdomain but unable to read it.
Please tell me what is the syntax in PHP to read cookie from subdomain.
If you're enabled to read in other subdomain, it's probably because you didn't properly set the cookie to begin with.
$date_of_expiry=time()+ 3600;
setcookie( "cookie_name", "cookie_value", $date_of_expiry, "/", "example.com" );
It's important that you put the last argument for the cookie to be available in other subdomains.
Also, the cookies must be set before page output.
I'm using this login script, http://tutorialzine.com/2009/10/cool-login-system-php-jquery/
I'm setting a cookie on encrypted.site.com, but I also want it to function on site.com and *.site.com. How could I do this?
It sets 2 cookies, tzLogin & tzRemember, one permanent, one session cookie.
Set the 5th parameter (domain) to allow for any subdomains by prefixing a period. This will allow requests for site1.site.com, site2.site.com as well as site.com to send the cookie along:
setcookie('cookiename', 'cookiedata', time()+86400, '/', '.site.com');
http://us.php.net/manual/en/function.setcookie.php
php manual has setcookies syntax like this
setcookie ($name, $value, $expire, $path, $domain, $secure, $httponly)
It is said that cookies are stored on the remotely in client side. The syntax has path var that if applied cookies will be stored on the server side.
Now suppose if I mention that path var "/". And on user named denish log in and I create a cookie for username for remember me functionality
setcookie('site_username','denish',time + 3600,'/','.xyz.com')
Now each time the different user logs in. Would it over write the previous cookie or new cookie will be created?
What if I want to create a cookie client side and also want to apply $domain var. Is it possible?
Cookies are always stored in the client. The path only sets restrictions to what remote pages can access said cookies. For example, if you set a cookie with the path "/foo/" then only pages in the directory "/foo/" and subdirectories of "/foo/" can read the cookie.
The domain does the same restriction, only with subdomains.
Cookies with the same name will overwrite each other, yes.
I believe you cannot set a cookie to another domain other than the page you're on due to security issues.
You're incorrect as to the use of the path argument from the manual:
The path on the server in which the cookie will be available on.
Cookies are always stored on the client's machine.
If you use different $paths you can have two cookies with the same name.
setcookie("foobar", "root", time()+3600, "/");
setcookie("foobar", "test", time()+3600, "/test");
The first cookie (root) can be accessed using any $path in this domain, except for /test/*. In /test/* only the second cookie can be accessed. Both cookies are stored by the user's browser and the browser decides which cookie to provide based on which cookie's $path matches the current URL.
I wonder how this quote from the PHP manual should be interpreted:
session.cookie_domain specifies the domain to set in the session
cookie. Default is none at all meaning the host name of the server
which generated the cookie according to cookies specification.
Does it mean that when calling session_start on URL www.somedomain.com/somepage.php the cookie will have the following form:
Set-Cookie PHPSESSID=e48gh5mqggccgmn8172f0j5a06; path=/; domain=.somedomain.com
Or
Set-Cookie PHPSESSID=e48gh5mqggccgmn8172f0j5a06; path=/; domain=www.somedomain.com
I have seen on index pages the first cookie header and on other pages a header without a domain.
Can someone bring some insight on this?
Thanks
No, php will usualy set the cookie for the current domain ex: wwww.domain.com.
To have everything consistent, you must either redirect all request to the same domain, or explicitly set the cookie for all subdomains.
EDIT: actualy, this is true for Firefox. I think PHP will not actualy set the domain, so the browser is free to use whatever he wants. Internet Explorer i think will set it for any subdomain
No PHP by default never set session cookie for all subdomains.
If you want to set a cookie across all subdomains then you can do this by using this code:
<?php
$currentCookieParams = session_get_cookie_params();
$rootDomain = '.example.com';
session_set_cookie_params(
$currentCookieParams["lifetime"],
$currentCookieParams["path"],
$rootDomain,
$currentCookieParams["secure"],
$currentCookieParams["httponly"]
);
session_name('mysessionname');
session_start();
setcookie($cookieName, $cookieValue, time() + 3600, '/', $rootDomain);
?>
For reference please visit http://www.php.net/manual/en/function.session-set-cookie-params.php
It does set the cookie for the domain visible in the client's browser (so, option 2 in your question). If you want to set a cookie for all subdomains you should call session_set_cookie_params() and put ".domain.com" in the $domain parameter.
How to get session cookies working / to be accessible under domain and subdomains?
For session cookies you need to override the cookie params:
So you can either use:
ini_set('session.cookie_domain', '.website.com');
or
session_set_cookie_params(0, '/', '.website.com');
The '.' in front makes it accessible under the domain and the subdomains.
Note: you will have to delete all existing cookies from your browser for the domain you're working with so they can be re-initialized properly to work.
If you set the cookie for the "top" domain (example.com), the cookie will also apply to subdomains (sub.example.com, another.example.com).
As an aside, this is the reason why some larger companies use completely separate domains to serve static stuff, like stackoverflow uses http://sstatic.net/
I'm assuming you are using setcookie(). If so just set the cookie for ".domain.com".
setcookie("testcookie", "1", 0, "", ".domain.com");