Can we Fetch Values from Cross Browser Cookie ???
For Example USer Can use mozilla or chrome or any other browser
when we print_r($_COOKIE);
All Browsers Cookie Will Print.
No, cookies are stored only within one browser's cache. If you want to save data specific to a certain computer you will need to use Flash objects or server side databases
You will never be able to see all cookies set in a browser. Only the ones that are destined for the domain the request was sent to. For more information on cookies and the domain policy see here.
All browsers which have cookies enabled will send data to PHP which is added to $_COOKIE, assuming cookie data has been set...
That said, a browser will only "serve up" cookie data from itself and from the current domain. It cannot read another browser's cookies and it will not let you get data from another website.
It isn't clear what you are asking, so here are three answers:
How can I use cookies and have them work no matter what browser my visitors use?
Cookies are a standard. You use the same HTTP headers (or JavaScript) to set them for all browsers, and all browsers send them to the server in the same way.
How can I access the cookies I set before the user switched browser?
You can't read a cookie stored by (for example) Internet Explorer when the user visits using (also for example) Chrome. Chrome does not have access to the cookies stored by Internet Explorer so cannot send them to the server.
How can I access cookies set by a different website?
You cannot read a cookie stored for a different domain as browsers will only send cookies belonging to a given website to that website (to do otherwise would require vast amounts of bandwidth and be a terrible security problem).
The only cookies your website can read are those that were issued from the same domain to the users current browser.
For security reasons, browsers will only send cookie information to the same domain which issued it. Sometimes, it's even limited to a particular subdomain, rather than being valid for the entire site. This is a very good thing, since cookie information often contains session data which can (partially or wholly) give access to a website account to the holder of a cookie. This is called session hijacking. Basically, if a browser served up all your cookies to every site which requested them, a malicious site owner could take over your accounts on other sites just by making a request to them using the cookie data for that site.
Also, cookies are local to the particular browser that a user is using at the time the cookie is created. This is why if you were to log into your Facebook account from Firefox, you would have to log in again if you switched to Chrome.
In short, what you are asking for is impossible, and it is impossible for very good reasons.
Related
Is it possible to read the cookies that are sent by a third-party homepage using php?
In concrete, i want to find out if a page using GTM does also set .ga cookies.
I was thinking of a "virtual browser" solution on the server, is that possible / is anybody experienced with that?
Thanks!
No, because PHP runs on the server and gets only the cookies of that domain
Cookies are stored on the client (browser). PHP is executed on the other side. The cookies are stored in the browser and the browser sends the cookie values along with the HTTP request to the server.
Therefore, the PHP process only gets to see the cookies of that domain.
And if you think of it, everything else would be a security flaw because every site could read for example secrets of sessions that are open on another site!
I'm learning about Laravel passport package and creating a SPA using Vue.js to test it, I'm wondering about saving the Token in the client browser, If I saved it on local storage it would be accessible from Javascript and anyone run js on the browser would be able to read it !
My questions are; What is the solution for this situation ?
If I saved the token in the cookies It would be accessible too, and I read about httpOnly cookies, so How can I set the cookies to save the token from the response from the API if it's not accessible by Javascript ?
Is there a way to save the cookies from the API ?
I hope I can find answers for my Questions.
Well, there are a couple of things to understand here.
HTTP only cookie
First, HTTP cookies are set by the server using set-cookie header. In this case, you as a developer need not do anything. The browser will automatically set it for you and will send back to the server on each Ajax or non-ajax requests. It will send the cookie as long as it is not expired.
LocalStorage
When using LocalStorage for storing the token, any JavaScript code can read it (known as XSS attack if misused). But, the key thing to understand here is that other domain's JavaScript code cannot read the LocalStorage. The scope is restricted to your own site. Other website's JS cannot read it. So, if you are not using any external dependency or compromised CDN, you are safe.
Cross-site cookie
No. It is impossible to set a cross-domain cookie under any circumstances. Only other domain's server can set a cookie for itself (Unless you have some backend mechanism like Gmail + Youtube to share session). However, in case of a subdomain, the following things are allowed:
Parent domain can set a cookie for any child domain. That is example.com can set a cookie for *.example.com.
Child domain can set a cookie for the parent domain. That is xyz.example.com can set a cookie for example.com.
Of course, the rules are more complicated than that. This article should help you understand further.
Im familiar with reading cookies using php, but i was wandering if there is a way you can read a users browser cookies set by another 3rd party site (ie. not your own.)
Could somthing like this be written to view all of the users set cookies ?
print_r($_COOKIE);
No, it's impossible.
You can only read cookies that come from your own domain. The other cookies are not even sent to your server.
If you could read every cookies the user has, you would be able to obtain personal information such as their facebook password, connection to their bank etc.
It would be a serious breach of privacy, and as such, browsers do not send cookies except those from the same domain.
No
When you visit a website, your web browser requests information from that domain (somedomain.com), and that third-party domain is allowed to set a cookie. Each domain can only read the cookie it created, so there is no way anotherdomain.com could access the cookie created by somedomain.com.
To read a cookie you must match the domain that the cookie was originally created under. Browsers consider this a security principle and will not let a site access any cookies that they did not create.
Note that there are several other security considerations that could potentially circumvent this rule, such as DNSMasq in combination with spoofed browser certificates. This is why DNSSec (and SOPA) were such a hot issue; the security hole DNSSec plugs will also protect your cookies from getting stolen from your cookie jar.
There are real-world examples of security holes that have leaked in the past. See here for an example of an even different security vulnerability from 2008.
No, this is not possible, because browser only sends the cookie that set by your domain, usually, it's attached to header of the HTTP request if previously being set by the domain.
Third party cookie are those cookie that set by another domain in the context of the target domain, for example: while opening example.com it might has a banner from another website (example2.com), at this case, if example2.com set cookie it can't be read by example.com because they are from different Origin that Browser prevent even scripts to access it.
No, of course not. Otherwise your website would know my bank's login cookie, and you'd be able to steal all my money. Cookies are only available to the domain that set them.
I want to clear all the cookies of a particular website in the users browser when a person runs a php script in my website.
Go through all of your cookies and run this:
setcookie("cookie_name", $site_name, time()-timeout);
You cannot do this as the browser maintains the cookies for that web site, not your web site. This would be a breach in the contract between the web server and the browser.
Also it is up to the browser to handle cookies in the way that it sees fit - after all a cookie is asking the browser to do the web server a favour by storing some info between web page visits from that server (domain).
But if the cookies are from your domain/server then you can ask the browser to either make them time out or give them an invalid value.
This might be a duplicate question but as you can see they didn't get the correct answer.
How to uniquely identify a computer?
Uniquely identify one computer
how would you remembers a computers regardless of ip, "browser" cookies, and browser itself. So It will recognize it once you use it from another browser, or ip address. Any ideas?
UPDATE
I found out that there is a possibility using flash cookies:
it seems that it's shared across browsers and clearing the browser cookies does not remove it.
my question now is how can I see my flash cookies and know if that is what facebook is doing?
Ubiquitous availability (95 percent of visitors will probably have flash)
You can store more data per cookie (up to 100 KB)
Shared across browsers, so more likely to uniquely identify a machine
Clearing the browser cookies does not remove the flash cookies. --Joeri Sebrechts
I suppose a flash cookie is a bit more cross browser and persists.
Facebook only remembers based on the cookie in your browser.
The proof to the pudding is if you login and then switch to a different browser, you are not logged in there.