Is it possible to set session variables or cookies that will exist across all tabs?
I thought firefox kept session across all existing tabs, however im testing and finding that only the current tab where the session was originally set is the session available.
Thanks!
EDIT:
Tab 1:
setcookie("testcookie", "something", time()+(60*60*24*365));
Tab 2:
print_r($_COOKIE['testcookie']);
Tab 2 only prints an empty array. If I move this to tab 1, it will print out the cookie.
Cookies are always sent to the server providing that:
The domain matches (including sub-domain).
The path matches (cookies can be assigned to specific path -- assigning them to root means the entire domain).
The port matches.
The protocol (http/https) matches if you set the cookie as secure.
As long as all those things are true, you should have your cookie / cookie based session on all tabs. You will need to refresh the tab in order to see any effects of the cookie (including seeing it in Javascript of Firefox extensions).
If all those are true and you are still not seeing your cookie on all tabs then you have a lot of debugging to do... that is not standard behavior.
When i test with the code you show in your edit i have no problems at all...
A few things you could try is:
Clear all cookies from firefox and run again (if you've set the cookie before but with other settings the browser sometimes get confused...
Try with another browser, or on another computer.
set path of the cookie to "/" and optionally domain to .youdomain.com like this setcookie("testcookie", "something", time()+(60*60*24*365), "/", ".yourdomain.com");
If you still cant make it work, my best bet would be cleaning up the server, possibly with a fresh install of PHP and Apache.
To have a universal storage, go with a cookie.
Cookies are Client Side
Session is Server Side
Related
Book said, persistent cookie stay on client machine till it expires.
session cookie will be gone after browser closed.
i tried it, like:
setcookie("name", "value"); // before any output
but after closing browser and restart, it is still there
(from print_r($_COOKIE)).
i tried couple of different browsers like safari, chrome, firefox,
it is all like that. only eclipse is different:)
so, are all current browsers not following that "rule" ?
or there is some default time-out for a session cookie i am
not aware of?
thanks.
EDIT:
I checked in firebug it said:
Name Value Domain Expires
name value localhost session
Check your PHP settings for session cookie name, domain and path, and unset the cookie using the same values given to setcookie(). They can all be read with ini_get() and fed to variables.
The above advice assumes you're using PHP built-in session mechanism, ie. you don't use a framework with it's own, custom session library.
What you set there is not a session cookie. After the page is loaded in the browser go check the cookies set from your server (localhost if it's local machine), you'll see a SESS_ID cookie which is set by the server and it goes when you close the browser
What you are actually trying to set is a persistent cookie..A session cookie or simply session can be simply set by starting a session or storing a value in session like $_SESSION['name']=$value.
What you are doing is a persistent cookie it wont expire even if browser is closed. It expires only after the time set in cookie expires.
Like setcookie($cookie_name, $cookie_value, time() + (86400 * 30), "/"); it will set cookie info for 1 day..even if browser it closed..
You can set time and cookie info according to your needs...
`
That's because you're setting a cookie.
Sessions are not cookies. Cookies are not sessions.
http://www.tuxradar.com/practicalphp/10/1/0
Quoted from the first page:
Cookies can be set to a long lifespan, which means that data stored in a cookie can be stored for months if not years.
And sessions, via the page on sessions:
It is also important to note that sessions only last till the user closes their browser, whereas cookies can be configured to last longer.
Thanks to everyone's response. It's my problem.
i am working on macbook, i thought clicking the red cross will close
the browser. but although browser is gone. on the very top of my screen,
it is still safari menu bar. i have to click safari and quit it.
now, all my session cookies are gone after closing the browser:)
I have set the cookie on my website like this
setcookie('src_from','',time()+60*60*24*2,'/');
but when i am doing inspect element, In cookie section of under my website its showing another website name in domain column.
This is strange, why this is happening i am not able to understand, Please help me to sort out this problem.
If you include elements from other sites (i.e. images, scripts) - these sites can send headers with cookie. And you can see cookies from another sites on this pages. But another sites can't see cookies of each other (and overwrite too) - because of policy of your browser.
It can be possible but if you control those two websites/scripts.
In other cases it would be very hard to do that.
The thing is that you might haven't done it properly.
Try providing the domain name as a next parameter.
Or reload the site with using ctrl+F5 or clear all cookies in a browser.
You are setting a cookie expiration time in the past:
echo date("Y-m-d H:i:s", time()-60*60*24*2);
so you are actually removing the cookie - it's not overwriten by another cookie
I like to use PHP to see if a cookie PHPSID27258STATUS is present with the value COMPLETE en if so do stuff.
In google chrome (in Options) I can see this cookie is present and has the value COMPLETE.
If I run this PHP script I get 'Not Set'. What am I doing wrong here?
$cookiename="PHPSID27258STATUS";
if (isset($_COOKIE[$cookiename]) && $_COOKIE[$cookiename] == "COMPLETE")
--update
The cookie is set by "limesurvey" an open source survey platform. Although its probably not the best way. I use limesurvey to have a small survey (iframe) on an site i'm building. I like to let the survey disappear on the next visit when it has bin posted.
Limesurvey runs from the same host (localhost now). And is in a sub directory of the site.
I guess (but there's a lot of code in LS) this is how the cookie is made after an poll/post is completed.
$cookiename="PHPSID".returnglobal('sid')."STATUS";
setcookie("$cookiename", "COMPLETE", time() + 31536000); //Cookie will expire in 365 days
You can only read cookies which belong to the same domain as the reading script. For instance if the cookie PHPSID27258STATUS was set by domain xyz.com, you can not read it using a script on abc.com. So make sure the domain of your desired cookie is the same. Also show us the code part where you are setting your cookie.
Edit:
setcookie($cookiename, "COMPLETE", (time() + 31536000) , '/');
Try setting the cookie with this code:
setcookie("cookiename", "cookievalue", time() + 31536000, "/");
This makes the cookie available to the whole domain, I recently encountered the same issue and when I tried this, it made it work, the reason is, your browser stores cookies for both domain.com and www.domain.com so you never know which your setting and getting from, it's good practice to set the domain even if you don't have this problem.
You cannot access a cookie immediately after you set it. At least last time it was like that. Make sure you do not have this issue. If it is not may be you have a problem setting the cookie, and in that case please post that part as well.
You mention that the cookie is set by a program running in its own sub-directory. You don't mention whether the cookie itself is set to be in that sub-directory, but I suspect this is where your problem is.
If a cookie is set to a path, then it will only be accessible to pages within that path. This behaviour is described in the PHP setcookie() manual page.
When you're setting cookies from a page within a sub-directory, then in order for the cookie to be accessible to the whole site, setcookie() needs to be called with the optional path parameter set to "/".
You state that the cookie is being set by LimeSurvey. I don't know this software, but you should be able to look at the source and see whether it's using the path parameter when it sets the cookie. If not, your best option would be to modify it so that it does. Then the cookie will be accessible to the whole site. (It would be quite understandable if the LineSurvey developers had chosen not to set it for the whole site, because it would allow the software to be run as a more isolated entity from anything else on the site).
I'm playing around with cookies. And I dont have any cookies called PHPSESSID.
Do i need it? Can i remove it?
Whats the "function" of it?
if (count($_POST)) {
setcookie("TestCookie", htmlspecialchars($_POST['val']), time()+3600);
}
print_r($_COOKIE);
Prints:
Array
(
[TestCookie] => blabla
[PHPSESSID] => el4ukv0kqbvoirg7nkp4dncpk3
)
PHP uses one of two methods to keep track of sessions. If cookies are enabled, like in your case, it uses them.
If cookies are disabled, it uses the URL. Although this can be done securely, it's harder and it often, well, isn't. See, e.g., session fixation.
Search for it, you will get lots of SEO advice. The conventional wisdom is that you should use the cookies, but php will keep track of the session either way.
PHPSESSID reveals you are using PHP. If you don't want this you can easily change the name using the session.name in your php.ini file or using the session_name() function.
It's the identifier for your current session in PHP. If you delete it, you won't be able to access/make use of session variables. I'd suggest you keep it.
Check php.ini for auto session id.
If you enable it, you will have PHPSESSID in your cookies.
PHPSESSID is an auto generated session cookie by the server which contains a random long number which is given out by the server itself
Using cookies in PHPv7.4 and Microsoft Edge browser, PHPSESSID only seems to be generated when first loading/initializing a web app. If I remove the cookie the browser setting (but keep the web application tab open), it kills the session and forces me to login again. However when I log back into the web application the PHPSESSID cookie does not regenerate and yet I still have my session variables working as expected.
I was testing this because I have a web app that loads an external form (from another site) within an iframe and when the form submits and redirects back to my web app (within the iframe) it loses the session within the iframe. Removing the PHPSESSID cookie fixed the problem of losing the session, but I'm not sure why the cookie is the problem (but that is for another thread).
i am using php 5.2.8
i have index.html, which loads LOAD.PHP from IFRAME.
iframe src="load.php".....
i printed out load.php's session id.
then i ran another test.php, and printed out it's session id.
php session id's were different.
therefore, i cannot pass any session variables....
what is happening here ? this problem did not happen before, suddenly today it started happening.... however this problem still exists....its driving me nuts !
session.saved_path is same for both.... /var/php5, cookie path is same...
If PHP is creating a second session ID on the second load of the page, then it means that the first one was not passed back properly. Likely, the cookie is not being set for some reason. Things to check:
Test in multiple browsers?
Did you disable cookies in your browser somehow?
Is the iframe on a different domain or subdomain that might prevent cookie passing?
Install LiveHTTPHeaders or some other firefox add-in to check the cookies you are receiving
http://www.example.com will have a different sessionID than http://example.com
(not really an answer as your questions doesn't seem to me to have enough data to provice a certain answer, but rather a few things to check about)
The files are in the same domain and directory and the cookie are not limited to a different directory (i.e. path=/)? (note: they're not limited unless you tell that explicitly with session_set_cookie_params)
Is the browser sending the cookie (or are you maybe in "incognito mode")? If cookies don't work PHP will probably try to pass Session IDs in the QueryString and fail, if you go to test.php writing its name manually and not following a link (usually I use session.use_only_cookies=1 to avoid that).
They will have different SID if they have different cookie domain or cookies are not working at all and PHP is configured to use only cookies for session ID (session.use_only_cookies=1).
Cookies domain is explained here
Only hosts within the specified domain can set a cookie for a domain and domains must have at least two (2) or three (3) periods in them to prevent domains of the form: ".com", ".edu", and "va.us". Any domain that fails within one of the seven special top level domains listed below only require two periods. Any other domain requires at least three. The seven special top level domains are: "COM", "EDU", "NET", "ORG", "GOV", "MIL", and "INT".
The default value of domain is the host name of the server which generated the cookie response.
So set a common domain for your hosts and they will share cookies, thus PHP SID :)