I want to clear all the cookies of a particular website in the users browser when a person runs a php script in my website.
Go through all of your cookies and run this:
setcookie("cookie_name", $site_name, time()-timeout);
You cannot do this as the browser maintains the cookies for that web site, not your web site. This would be a breach in the contract between the web server and the browser.
Also it is up to the browser to handle cookies in the way that it sees fit - after all a cookie is asking the browser to do the web server a favour by storing some info between web page visits from that server (domain).
But if the cookies are from your domain/server then you can ask the browser to either make them time out or give them an invalid value.
Related
Is it possible to read the cookies that are sent by a third-party homepage using php?
In concrete, i want to find out if a page using GTM does also set .ga cookies.
I was thinking of a "virtual browser" solution on the server, is that possible / is anybody experienced with that?
Thanks!
No, because PHP runs on the server and gets only the cookies of that domain
Cookies are stored on the client (browser). PHP is executed on the other side. The cookies are stored in the browser and the browser sends the cookie values along with the HTTP request to the server.
Therefore, the PHP process only gets to see the cookies of that domain.
And if you think of it, everything else would be a security flaw because every site could read for example secrets of sessions that are open on another site!
If I have an Application that requires the user to log in. If I log in at home on one network then go some where else, like the library down the street and switch networks will the session continue?
In my question this is about Flash SWF embedded in an HTML page requesting a PHP page for login.
Also, it would be helpful to know how this behavior is the same with HTML requests. I mean if Flash uses the browser to send requests then the result is the same for SWFs applications and HTML applications correct?
Most web requests with Flash are made via the browser and so follow the same rules in terms of what cookies are sent, etc. (the exception is the old file uploader, for which you had to hardcode it into the URL).
If your session are created via the standard PHP session module and you have enabled cookies (i.e. session.use_cookies ini setting), the browser will keep sending the session cookie until you close it.
If you have implemented IP address checks (which you shouldn't, but that's a personal thing), it might be possible for a session to get invalidated based on IP changes which are very likely to happen when you switch networks.
I think the question as it's asked is overly simplifying things.
The only sort of "session" that the browser is aware of is the concept of a session cookie. This is a snippet of information stored against a domain which will expire when you close the browser.
PHP sessions are implemented on top of session cookies, so until you close the browser you are in the same session, even if your IP address changes.
I don't know if Flash has its own concept of sessions at all. If not then whether your session expires depends on exactly how the flash application is coded.
I hope this clarifies things.
So if I use a server to make call to web page (cURL or file_get_contents or something), and that web page assigns a session to that call (like I use that call to add an item to a shopping cart), is it possible to then migrate that session to a user's browser from the server?
If I'm understanding correctly, you want your server code to browse to a separate site behind the scenes, do something there that creates a session, and then redirect the user of your app to that separate site, but using the same session you created.
If the session is maintained using a cookie, as is likely, than no, you can't -- you'd have to set the cookie in the user's browser as if it came from that other site, and you can't. In general, this seems like it would be prevented by any sort of session hijacking protection, which most decent sites do have.
The alternative, I suppose, is to proxy for your user for their entire use of that other site (i.e. they click on stuff in your app and you pass it on to the other site behind the scenes).
I would suggest to use simpletest's scriptable browser ( http://simpletest.sourceforge.net/en/browser_documentation.html ) to keep track of states while browsing the interwebs form your PHP codez
Probably not - That call to cURL / file_get_contents will likely generate specific session information for the machine that requested it (i.e. your server). The remote machine should be keeping track of things like IP address and other identifiable information to prevent such a maneuver.
If this is possible, then your shopping cart software is horrifically vulnerable to session hijacking.
I don't believe that is possible. But you can start a session between the user's browser and your server, which keeps track of the session cookie that the remote web page issues you.
Can we Fetch Values from Cross Browser Cookie ???
For Example USer Can use mozilla or chrome or any other browser
when we print_r($_COOKIE);
All Browsers Cookie Will Print.
No, cookies are stored only within one browser's cache. If you want to save data specific to a certain computer you will need to use Flash objects or server side databases
You will never be able to see all cookies set in a browser. Only the ones that are destined for the domain the request was sent to. For more information on cookies and the domain policy see here.
All browsers which have cookies enabled will send data to PHP which is added to $_COOKIE, assuming cookie data has been set...
That said, a browser will only "serve up" cookie data from itself and from the current domain. It cannot read another browser's cookies and it will not let you get data from another website.
It isn't clear what you are asking, so here are three answers:
How can I use cookies and have them work no matter what browser my visitors use?
Cookies are a standard. You use the same HTTP headers (or JavaScript) to set them for all browsers, and all browsers send them to the server in the same way.
How can I access the cookies I set before the user switched browser?
You can't read a cookie stored by (for example) Internet Explorer when the user visits using (also for example) Chrome. Chrome does not have access to the cookies stored by Internet Explorer so cannot send them to the server.
How can I access cookies set by a different website?
You cannot read a cookie stored for a different domain as browsers will only send cookies belonging to a given website to that website (to do otherwise would require vast amounts of bandwidth and be a terrible security problem).
The only cookies your website can read are those that were issued from the same domain to the users current browser.
For security reasons, browsers will only send cookie information to the same domain which issued it. Sometimes, it's even limited to a particular subdomain, rather than being valid for the entire site. This is a very good thing, since cookie information often contains session data which can (partially or wholly) give access to a website account to the holder of a cookie. This is called session hijacking. Basically, if a browser served up all your cookies to every site which requested them, a malicious site owner could take over your accounts on other sites just by making a request to them using the cookie data for that site.
Also, cookies are local to the particular browser that a user is using at the time the cookie is created. This is why if you were to log into your Facebook account from Firefox, you would have to log in again if you switched to Chrome.
In short, what you are asking for is impossible, and it is impossible for very good reasons.
This might be a duplicate question but as you can see they didn't get the correct answer.
How to uniquely identify a computer?
Uniquely identify one computer
how would you remembers a computers regardless of ip, "browser" cookies, and browser itself. So It will recognize it once you use it from another browser, or ip address. Any ideas?
UPDATE
I found out that there is a possibility using flash cookies:
it seems that it's shared across browsers and clearing the browser cookies does not remove it.
my question now is how can I see my flash cookies and know if that is what facebook is doing?
Ubiquitous availability (95 percent of visitors will probably have flash)
You can store more data per cookie (up to 100 KB)
Shared across browsers, so more likely to uniquely identify a machine
Clearing the browser cookies does not remove the flash cookies. --Joeri Sebrechts
I suppose a flash cookie is a bit more cross browser and persists.
Facebook only remembers based on the cookie in your browser.
The proof to the pudding is if you login and then switch to a different browser, you are not logged in there.