I am having a problem with setting cookie with php. I am trying to set a cookie (id) from www.example.com/login.php and I want to use from every place on the website. for example I want to use it in:
www.example.com/main.php
www.example.com/users.php
www.example.com/login.php
this is my php code
$expire = time() + 31556926;
$cookie_id = $insert_userid;
setcookie ("id");
setcookie("id", $cookie_id, $expire, '/', 'www.example.com');
i do not have any subdomain. Also For the domain index in the setcookie function I am not sure which on to provide. www.example.com or example.com
www.example.com
If you had subdomains and wanted to allow them:
.example.com
Wikipedia is pretty useful on this:
Most browsers, by default, allow first-party cookies—a cookie with
domain to be the same or sub-domain of the requesting host. For
example, a user visiting www.example.com can have a cookie set with
domain www.example.com or .example.com, but not .com.
Related
I have a web site wrote with PHP and running on Nginx HTTP server. I have a cookie called "locale" which represents the user locale. For 6 months, I am sending the cookie like this:
setCookie("locale", "fr", time() + 36000, "/");
As a cookie less domain, I understand it's only available on my single domain "www.mydomain.com".
But now, I want to create 2 news sub domains:
m.mydomain.com (the mobile part)
secure.mydomain.com (a secure version)
I see "locale" cookie set on www is not accessible by m or secure. So now I am sending the cookie like this:
setCookie("locale", "fr", time() + 36000, "/", ".mydomain.com");
Yeah my cookie is available everywhere now! But as I have some users who had already browsed my web site, they have the domain less cookie + the new one, their browser send me both cookies but PHP gives me the former one. As a result nobody can change the locale any more.
Question is: how can I migrate from this domain less cookie to a domain specified cookie? Without change the cookie name.
The first cookie you set without the domain defaulted to www.mydomain.com and because that's more specific than '.mydomain.com' it's choosing the original cookie. Read the accepted answer here.
How to get the domain of a specific cookie?
As conclusion, I will put this in my index.php file during 1 week:
setCookie('locale', null, time() - 5000, '/');
In order to delete the domain-less cookie. I have tested on all major browser, and I don't see any conflict with:
setCookie('locale', 'fr', time() + 36000, '/', '.mydomain.com');
I have:
mydomain.com (which is the portal of the game, global setting and stuff)
game.mydomain.com (which is the the actual game)
The problem is that I want to set a cookie that is available globally, on game.mydomain.net, mydomain.net (and whatever subdomain i'm going to create in the future).
I've been trying to set the cookie from another subdomain as I've read that subdomains can set cookies to parent domains but not vice versa (which is wierd and I guess I've read it wrong). Whatever, so I've done another account.mydomain.com (from which I'm making an ajax call form mydomain.net so the user can authenticate) and I'm using
setcookie('session', $value, time() + 2592000 (one month), '/', '.tribul.net');
Then, return the success message and refresh the main page on mydomain.net so it can read the new cookie value.. problem is, there's no cookie set. I've also been trying to set the cookie from mydomain.com (as .tribul.net) so it can be avaialable on all subdomains but it's available only on the main domain. What's wrong?
I need to connect all subdomains and the domain to the same cookie, TO BE NOTICED, I am setting the cookie in a backend file named process.php (placed in account.domain.com) as result of an ajax request.
Try this setcookie('session', $value, time() + 2592000 , '', '.tribul.net');
In php.ini:
session.cookie_path = /
session.cookie_domain = ".mydomain.com"
Set Cookie:
setcookie('session', $value, time() + 2592000, '/', 'mydomain.com');
I used Klaus Hartl's jquery cookie plugin in order to use my problem since I haven't been able to set up a global cookie from the ajax backend.
I'm using this login script, http://tutorialzine.com/2009/10/cool-login-system-php-jquery/
I'm setting a cookie on encrypted.site.com, but I also want it to function on site.com and *.site.com. How could I do this?
It sets 2 cookies, tzLogin & tzRemember, one permanent, one session cookie.
Set the 5th parameter (domain) to allow for any subdomains by prefixing a period. This will allow requests for site1.site.com, site2.site.com as well as site.com to send the cookie along:
setcookie('cookiename', 'cookiedata', time()+86400, '/', '.site.com');
http://us.php.net/manual/en/function.setcookie.php
I'm having this problem where the cookie not saving, and it has to do with the domain.
I am setting the domain like:
$cookie_domain = $_SERVER['HTTP_HOST'];
And setting it like:
setcookie($name, $value, time() + $cookie_lifetime, $cookie_path, $cookie_domain, $cookie_secure, $cookie_httponly);
And it doesn't not work. But if I do:
setcookie($name, $value, time() + $cookie_lifetime, $cookie_path, '', $cookie_secure, $cookie_httponly);
Its fine. What gives?
What is $_SERVER['HTTP_HOST'] value?
According to PHP: The domain that the cookie is available to. To make the cookie available on all subdomains of example.com (including example.com itself) then you'd set it to '.example.com'. Although some browsers will accept cookies without the initial ., » RFC 2109 requires it to be included. Setting the domain to 'www.example.com' or '.www.example.com' will make the cookie only available in the www subdomain.
How to get session cookies working / to be accessible under domain and subdomains?
For session cookies you need to override the cookie params:
So you can either use:
ini_set('session.cookie_domain', '.website.com');
or
session_set_cookie_params(0, '/', '.website.com');
The '.' in front makes it accessible under the domain and the subdomains.
Note: you will have to delete all existing cookies from your browser for the domain you're working with so they can be re-initialized properly to work.
If you set the cookie for the "top" domain (example.com), the cookie will also apply to subdomains (sub.example.com, another.example.com).
As an aside, this is the reason why some larger companies use completely separate domains to serve static stuff, like stackoverflow uses http://sstatic.net/
I'm assuming you are using setcookie(). If so just set the cookie for ".domain.com".
setcookie("testcookie", "1", 0, "", ".domain.com");