I have been working on a web application on my localhost (xampp) where I have two subdomains set up. Lets call these domains abc.localhost and xyz.localhost.
I have both of these set up in my host file to have an entry of
127.0.0.1 abc.localhost
127.0.0.1 xyz.localhost
I also have them set up in my vhost file like normal pointing to different locations.
My application is set up to go through abc.localhost first which is where i set up some cookies
setcookie('AUTHORIZATION', time()+3600, 0, '/', '.localhost');
setcookie('SOMEOTHERCOOKIE','here is the val',0,'/','.localhost');
this then forwards the user to xyz.localhost. In order for the user to get access to xyz.localhost the authorization has to be set by abc.localhost and pass over a cookie.
I have tried to change the ".localhost" to be xyz.localhost and every other combination i can think of. Leaving off the . does not work either.
Please help me figure this out. Thank you!
You can not set cookies for a top level domain (the last part of a domain). To achieve what you want change your HOST entries to abc.myproject.loc and xyz.myproject.loc or something alike.
Then you can set your cookies for myproject.loc.
Related
I am having a problem with SetCookie. I have two different PHP websites hosted on two subdomains, site1.myweb.com and site2.myweb.com. I want to set a cookie on the domain site2 from site1. And this cookie should only be able to access by site2 and not any other subdomains like site3 or site4.
But when I use setcookie function in PHP from site1 with domain set to site2.myweb.com, the cookie is not set on the browser (but the response contains the cookie). The browser gives an error saying This attempt to set a cookie via a set-cookie header was blocked because its domain attribute was invalid with regards to the current host url.
Can somebody please tell me if this is possible to do?
I have tried setting cookies but the problem is in setting domain. When i tried to set domain in setcookies() it doesn't set any value. Without domain setting it will automatically set my domain (for ex. localhost).
If I am using any .com it will set it by default but I cannot set domain in cookies.
Can any one please help me setting domain in php.
setcookie('session_id',$sessionID[1],strtotime($expireTime[1]),'/',$domain);
When I set it without domain it sets the cookies to my localhost or on which domain I am.
Can any one help me.
you can not set a cookie attributed to a domain other than that you are using. this is generally considered a good thing.
If you put a domain to setcookie, you'll see in your header that PHP has set your cookie with the right domain name. But, your browser will just ignore it for safety reasons.
If you need to set a cookie for an auto-login or such, you need to play with your hosts file to make your browser believe that you're on the same domain than the domain where you want to set a cookie.
Example :
If you add :
127.0.0.1 autologin.amazon.co.uk
in your hosts file, and go to http://autologin.amazon.co.uk instead of http://localhost, your remote script will be allowed to set any .amazon.co.uk cookie.
Thanks in advance.
I have a local installation of Xampp. My sites are setup as follows. I have my main domain i.e. 'domain' installatiopn directory: C:\xampp\htdocs\domain
Within this i have a subdomain setup i.e. 'subdomain.domain' installation directory: C:\xampp\htdocs\domain\subdomain
The goal of this is to have a single sign on on the main domain site and be able to access the same session data when the user accesses the subdomain site (and thus not have to re-authenticate the user once they have logged into the domain portal site).
I create the session in my domain index.php as follows:
session_set_cookie_params(0, '/', '.3pccap');
session_name('mysessionname');
session_start();
Subdomain index.php
session_name('mysessionname');
session_start();
I've added a var_dump($_SESSION); on each index.php page to confirm what session data is available. Once I log into my main domain, the session if populated with the users data. I then navigate to my subdomain site which also runs a var_dump of the session variable. The variable is displaying as an empty array.
I have attempted setting the session cookie domain within my php.ini file, no change in behaviour.
Any assistance is most appreciated.
You need to make the Session cookie visible for your subdomain (thus, calling the session_set_cookie on both, your domain and your subdomain):
session_set_cookie_params (0, '/', '.domain.com');
session_name('mysessionname');
session_start();
EDIT (From comments, which solved the issue)
A domain hostname should consist of two parts (even for local development), e.g. domain.local instead of domain
When COOKIES are set, there is a parameter that allows you to specify the PATH and DOMAIN, if you set the DOMAIN to "domain.com" and the PATH to "/" this will make the COOKIE available accross all subdomains, some old browsers require the DOMAIN to use a leading dot(.) ".domain.com"...
Checkout the params on this page, session_set_cookie_params also has the DOMAIN and PATH arguments
There is a website with several subdomains.
On the main subdomain cookies are set:
#setcookie( $name, $value, $expires, '/', '.www.mysite.com');
I can see the cookie on www.mysite.com and sub1.mysite.com.
The directories are:
www.mysite.com: public/index.php
sub1.mysite.com: public/sub1/index.php
How can that be possible that I can't see it in the new subdomain sub2.mysite.com?
sub2.mysite.com public/sub2/index.php
Setting the domain to 'www.example.com' or '.www.example.com' will
make the cookie only available in the www subdomain.
If you want to make the cookie available on all subdomains of example.com (including example.com itself) then you'd set it to '.example.com'.
make sure the path is set to / so it works for the whole site, otherwise it might not work for sub directories on your site
Using # is not a wise act in general but using it in front of setcookie() is exceptionally unwise, if not to say a stronger word.
Subdomain should be set to .mysite.com'
path should be set, not omitted. If you want to have access to the cookie in any directory, set path to /.
Nevertheless, the reason can be any. One have to debug their code, not asking for the possible reasons.
Why is it that if I create a cookie on www.example.com and check it on example.com, the cookie doesn't exist there? I am planning to just use .htaccess redirect non-www to a www domain. But how do I solve this?
Browsers are the main culprit here, not PHP. They store by domain, and don't know that www is a special case; from their perspective, www.mydomain.com and mydomain.com are different strings, and therefore have different security policies. However, there is something you can do.
When setting the cookie, use .mydomain.com (with the leading dot). This will tell your user's browser make the cookie accessible to mydomain.com and all subdomains, including www. PHP's setcookie has the argument $domain, but it's fifth on the list, so you may need to set $expire and $path to their default values in order to get at it.
setcookie('name', 'value', time()+3600, '/', '.mydomain.com');
For consistency, however, you may wish to consider rerouting all web traffic to a specific domain, i.e. send mydomain.com traffic to www.mydomain.com, or vice-versa. My vague knowledge of SEO (edit if incorrect) tells me that it's helpful so as not to have duplicate content, and it saves you all such authentication issues. Additionally, if you store assets on a subdomain, having cookies on there slows down traffic by having to transport it each time, so storing application cookies only on www earns you that speed boost.
Here is a tutorial on how to accomplish such a redirect in Apache.
setcookie("CookieName", "value", time()+3600, "/", ".mydomain.com");
I believe you can set the cookie at example.com (really .example.com) and it will be sent if they go to www.example.com, but not vice versa. This standard security policy is to prevent users' private data from being sent to unintended servers.
Personally, I use virtualhosts in my apache2.conf:
<VirtualHost *:80>
ServerName example.com
RedirectMatch (.*) http://www.example.com$1
</VirtualHost>
... in this example, everyone trying to load e.g. http://example.com/index.html is redirected to http://www.example.com/index.html.
because php translates www.mydomain.com differently from mydomain.com. If the domains are not 100% identical the cookie wont match.
And I'm sure the browser also looks for 100% match of the domain name before allowing servers to overwrite them.
Just use .htaccess to redirect. It's the only SURE way to tackle this in all browsers.