I have tried setting cookies but the problem is in setting domain. When i tried to set domain in setcookies() it doesn't set any value. Without domain setting it will automatically set my domain (for ex. localhost).
If I am using any .com it will set it by default but I cannot set domain in cookies.
Can any one please help me setting domain in php.
setcookie('session_id',$sessionID[1],strtotime($expireTime[1]),'/',$domain);
When I set it without domain it sets the cookies to my localhost or on which domain I am.
Can any one help me.
you can not set a cookie attributed to a domain other than that you are using. this is generally considered a good thing.
If you put a domain to setcookie, you'll see in your header that PHP has set your cookie with the right domain name. But, your browser will just ignore it for safety reasons.
If you need to set a cookie for an auto-login or such, you need to play with your hosts file to make your browser believe that you're on the same domain than the domain where you want to set a cookie.
Example :
If you add :
127.0.0.1 autologin.amazon.co.uk
in your hosts file, and go to http://autologin.amazon.co.uk instead of http://localhost, your remote script will be allowed to set any .amazon.co.uk cookie.
Related
I am having a problem with SetCookie. I have two different PHP websites hosted on two subdomains, site1.myweb.com and site2.myweb.com. I want to set a cookie on the domain site2 from site1. And this cookie should only be able to access by site2 and not any other subdomains like site3 or site4.
But when I use setcookie function in PHP from site1 with domain set to site2.myweb.com, the cookie is not set on the browser (but the response contains the cookie). The browser gives an error saying This attempt to set a cookie via a set-cookie header was blocked because its domain attribute was invalid with regards to the current host url.
Can somebody please tell me if this is possible to do?
As I have searched recently, I found some specific information about domain and path.
Domain restriction:
When a website sets a cookie, it is by default tied to the originating domain. For instance, if server1.cookie-domain.com set the cookie, the web browser will automatically send the cookie with all subsequent requests to that domain and it sub-domains (admin.server1.cookie-domain.com).
But the cookie will not be sent to the parent domain or peer domains (cookie-domain.com or server2.cookie-domain.com).
Path restriction:
If an application residing at http://cookie-domain.com/app1/index.jsp sets a cookie, the browser will automatically send this cookie to all requests for pages residing under the /app1/ directory and also any sub-directories but if those attributes have been set to $wgCookieDomain = '' and $wgCookiePath = '/'.
So, my question:
Do the cookies have their path set to an appropriately
restrictive value for the application?
I have a website with n number of sub-domains, and one reserved for static content. I need to set up a cookie across all sub-domains except the static sub-domain. My home-page is on a sub-domain-less (domain.lk) manner. It is possible to route it to www.domain.com if necessory
It is more important to keep the static sub-domain cookie free.
I have tried the following line of code before reading cookies
ini_set('session.cookie_domain', 'domain.lk');
and
ini_set('session.cookie_domain', 'www.domain.lk');
That line was present only on dynamic sub-domains. But it didn't work. Cookie was not accessible from different sub-domains.
My static sub-domain is hard coded in to many contents (database records), therefor changing that is not a good option.
There's no means of setting a domain level cookie and making it not visible on given sub-domain. (You will however need to prefix the domain with a period as such...)
ini_set('session.cookie_domain', '.domain.lk');
However, if the static domain doesn't require cookies (or indeed presumably the existence of PHP at all), the fact that this cookie doesn't exist shouldn't be an issue.
That said, you should be able to overcome this using the mod_headers Apache module on the given sub-domain (so that it's not transmitted to the browser client) via...
RequestHeader unset Set-Cookie
I have been working on a web application on my localhost (xampp) where I have two subdomains set up. Lets call these domains abc.localhost and xyz.localhost.
I have both of these set up in my host file to have an entry of
127.0.0.1 abc.localhost
127.0.0.1 xyz.localhost
I also have them set up in my vhost file like normal pointing to different locations.
My application is set up to go through abc.localhost first which is where i set up some cookies
setcookie('AUTHORIZATION', time()+3600, 0, '/', '.localhost');
setcookie('SOMEOTHERCOOKIE','here is the val',0,'/','.localhost');
this then forwards the user to xyz.localhost. In order for the user to get access to xyz.localhost the authorization has to be set by abc.localhost and pass over a cookie.
I have tried to change the ".localhost" to be xyz.localhost and every other combination i can think of. Leaving off the . does not work either.
Please help me figure this out. Thank you!
You can not set cookies for a top level domain (the last part of a domain). To achieve what you want change your HOST entries to abc.myproject.loc and xyz.myproject.loc or something alike.
Then you can set your cookies for myproject.loc.
There is a website with several subdomains.
On the main subdomain cookies are set:
#setcookie( $name, $value, $expires, '/', '.www.mysite.com');
I can see the cookie on www.mysite.com and sub1.mysite.com.
The directories are:
www.mysite.com: public/index.php
sub1.mysite.com: public/sub1/index.php
How can that be possible that I can't see it in the new subdomain sub2.mysite.com?
sub2.mysite.com public/sub2/index.php
Setting the domain to 'www.example.com' or '.www.example.com' will
make the cookie only available in the www subdomain.
If you want to make the cookie available on all subdomains of example.com (including example.com itself) then you'd set it to '.example.com'.
make sure the path is set to / so it works for the whole site, otherwise it might not work for sub directories on your site
Using # is not a wise act in general but using it in front of setcookie() is exceptionally unwise, if not to say a stronger word.
Subdomain should be set to .mysite.com'
path should be set, not omitted. If you want to have access to the cookie in any directory, set path to /.
Nevertheless, the reason can be any. One have to debug their code, not asking for the possible reasons.