I like to use PHP to see if a cookie PHPSID27258STATUS is present with the value COMPLETE en if so do stuff.
In google chrome (in Options) I can see this cookie is present and has the value COMPLETE.
If I run this PHP script I get 'Not Set'. What am I doing wrong here?
$cookiename="PHPSID27258STATUS";
if (isset($_COOKIE[$cookiename]) && $_COOKIE[$cookiename] == "COMPLETE")
--update
The cookie is set by "limesurvey" an open source survey platform. Although its probably not the best way. I use limesurvey to have a small survey (iframe) on an site i'm building. I like to let the survey disappear on the next visit when it has bin posted.
Limesurvey runs from the same host (localhost now). And is in a sub directory of the site.
I guess (but there's a lot of code in LS) this is how the cookie is made after an poll/post is completed.
$cookiename="PHPSID".returnglobal('sid')."STATUS";
setcookie("$cookiename", "COMPLETE", time() + 31536000); //Cookie will expire in 365 days
You can only read cookies which belong to the same domain as the reading script. For instance if the cookie PHPSID27258STATUS was set by domain xyz.com, you can not read it using a script on abc.com. So make sure the domain of your desired cookie is the same. Also show us the code part where you are setting your cookie.
Edit:
setcookie($cookiename, "COMPLETE", (time() + 31536000) , '/');
Try setting the cookie with this code:
setcookie("cookiename", "cookievalue", time() + 31536000, "/");
This makes the cookie available to the whole domain, I recently encountered the same issue and when I tried this, it made it work, the reason is, your browser stores cookies for both domain.com and www.domain.com so you never know which your setting and getting from, it's good practice to set the domain even if you don't have this problem.
You cannot access a cookie immediately after you set it. At least last time it was like that. Make sure you do not have this issue. If it is not may be you have a problem setting the cookie, and in that case please post that part as well.
You mention that the cookie is set by a program running in its own sub-directory. You don't mention whether the cookie itself is set to be in that sub-directory, but I suspect this is where your problem is.
If a cookie is set to a path, then it will only be accessible to pages within that path. This behaviour is described in the PHP setcookie() manual page.
When you're setting cookies from a page within a sub-directory, then in order for the cookie to be accessible to the whole site, setcookie() needs to be called with the optional path parameter set to "/".
You state that the cookie is being set by LimeSurvey. I don't know this software, but you should be able to look at the source and see whether it's using the path parameter when it sets the cookie. If not, your best option would be to modify it so that it does. Then the cookie will be accessible to the whole site. (It would be quite understandable if the LineSurvey developers had chosen not to set it for the whole site, because it would allow the software to be run as a more isolated entity from anything else on the site).
Related
I am new to php. I have some silly php session doubts below:
session_set_cookie_params($params['lifetime'], '/folder1');
session_name('MYSITE_SID');
Q1) Above /folder1 means what? will cookie store under '/folder1'? so does cookie looks visible under folder1?
We have a websites like :
www.mysite.com/folder1
www.mysite.com/folder2
Q2) Can I keep same session_name for above 2 folders of same website? or should keep different session names?
Note: If user already logged in 'www.mysite.com/folder1', he should NOT be able to get loggedin automatically in www.mysite.com/folder2
Sorry for stupid queries. but please I wanna learn.
The path parameter in session_set_cookie_params makes the server send a cookie header only when that path exists in the requested resource.Eg:
Set-Cookie: name=Nicholas; path=/blog
In this example, the path option would match /blog, /blogroll, etc.; anything that begins with /blog is valid. So it's not about cookie visibility through out your site but more of when the cookie will be set by the server. Read this for more info.
For your second question, you should use the same session name through out your site as I don't see a practical reason why you would need to change it IMHO. Finally, restricting parts of your site to users has more to do with AAA (Authentication, Authorization, and Accounting) than with sessions.
Good luck!
I have set the cookie on my website like this
setcookie('src_from','',time()+60*60*24*2,'/');
but when i am doing inspect element, In cookie section of under my website its showing another website name in domain column.
This is strange, why this is happening i am not able to understand, Please help me to sort out this problem.
If you include elements from other sites (i.e. images, scripts) - these sites can send headers with cookie. And you can see cookies from another sites on this pages. But another sites can't see cookies of each other (and overwrite too) - because of policy of your browser.
It can be possible but if you control those two websites/scripts.
In other cases it would be very hard to do that.
The thing is that you might haven't done it properly.
Try providing the domain name as a next parameter.
Or reload the site with using ctrl+F5 or clear all cookies in a browser.
You are setting a cookie expiration time in the past:
echo date("Y-m-d H:i:s", time()-60*60*24*2);
so you are actually removing the cookie - it's not overwriten by another cookie
Is it possible to set session variables or cookies that will exist across all tabs?
I thought firefox kept session across all existing tabs, however im testing and finding that only the current tab where the session was originally set is the session available.
Thanks!
EDIT:
Tab 1:
setcookie("testcookie", "something", time()+(60*60*24*365));
Tab 2:
print_r($_COOKIE['testcookie']);
Tab 2 only prints an empty array. If I move this to tab 1, it will print out the cookie.
Cookies are always sent to the server providing that:
The domain matches (including sub-domain).
The path matches (cookies can be assigned to specific path -- assigning them to root means the entire domain).
The port matches.
The protocol (http/https) matches if you set the cookie as secure.
As long as all those things are true, you should have your cookie / cookie based session on all tabs. You will need to refresh the tab in order to see any effects of the cookie (including seeing it in Javascript of Firefox extensions).
If all those are true and you are still not seeing your cookie on all tabs then you have a lot of debugging to do... that is not standard behavior.
When i test with the code you show in your edit i have no problems at all...
A few things you could try is:
Clear all cookies from firefox and run again (if you've set the cookie before but with other settings the browser sometimes get confused...
Try with another browser, or on another computer.
set path of the cookie to "/" and optionally domain to .youdomain.com like this setcookie("testcookie", "something", time()+(60*60*24*365), "/", ".yourdomain.com");
If you still cant make it work, my best bet would be cleaning up the server, possibly with a fresh install of PHP and Apache.
To have a universal storage, go with a cookie.
Cookies are Client Side
Session is Server Side
I have a site which I have been testing in a sub-folder of my client's site-root.
I had no log in problems during testing, but then I moved the new site files from a sub-directory to the main site root, and now I'm losing my logged in state after almost every page refresh in secure areas.
I am running a $_session based login system that refreshes the session id on every page load, with a comparison value stored in the MySQL database.
Does anyone have suggestions for what could be causing this problem?
krico was right in suggesting that the cookie path may be the cause (but the solution proposed seems a bit daft) however you've said that is not the case.
Check to see exactly what cookies (name, path, expiry, flags) are being set and returned by using iehttpheaders (MSIE) LiveHeaders (Firefox) or using a network sniffer like wireshark. Then ask the question again providing details of what you found out.
C.
Cookies are usually path relevant. Your previous sub-directory based site was probably setting the cookie (that binds the browser to the user) only for that sub-directory.
A way to fix it is to put a redirection page on the old subdir that adds a cookie to '/' and then redirects to new site on root.
If you change session id you will loose all data stored in previous session. You must set session name after every session start command
<?php
session_name('AnySessName');
?>
or use other mechanism to store your variables cross sessions.
i am using php 5.2.8
i have index.html, which loads LOAD.PHP from IFRAME.
iframe src="load.php".....
i printed out load.php's session id.
then i ran another test.php, and printed out it's session id.
php session id's were different.
therefore, i cannot pass any session variables....
what is happening here ? this problem did not happen before, suddenly today it started happening.... however this problem still exists....its driving me nuts !
session.saved_path is same for both.... /var/php5, cookie path is same...
If PHP is creating a second session ID on the second load of the page, then it means that the first one was not passed back properly. Likely, the cookie is not being set for some reason. Things to check:
Test in multiple browsers?
Did you disable cookies in your browser somehow?
Is the iframe on a different domain or subdomain that might prevent cookie passing?
Install LiveHTTPHeaders or some other firefox add-in to check the cookies you are receiving
http://www.example.com will have a different sessionID than http://example.com
(not really an answer as your questions doesn't seem to me to have enough data to provice a certain answer, but rather a few things to check about)
The files are in the same domain and directory and the cookie are not limited to a different directory (i.e. path=/)? (note: they're not limited unless you tell that explicitly with session_set_cookie_params)
Is the browser sending the cookie (or are you maybe in "incognito mode")? If cookies don't work PHP will probably try to pass Session IDs in the QueryString and fail, if you go to test.php writing its name manually and not following a link (usually I use session.use_only_cookies=1 to avoid that).
They will have different SID if they have different cookie domain or cookies are not working at all and PHP is configured to use only cookies for session ID (session.use_only_cookies=1).
Cookies domain is explained here
Only hosts within the specified domain can set a cookie for a domain and domains must have at least two (2) or three (3) periods in them to prevent domains of the form: ".com", ".edu", and "va.us". Any domain that fails within one of the seven special top level domains listed below only require two periods. Any other domain requires at least three. The seven special top level domains are: "COM", "EDU", "NET", "ORG", "GOV", "MIL", and "INT".
The default value of domain is the host name of the server which generated the cookie response.
So set a common domain for your hosts and they will share cookies, thus PHP SID :)