Let a user using Mozilla browser , On three tabs he login to his yahoo account ,gmail and hotmail.
Now if we Clear Recent History , all three session will be cleared.
But at the same time if there is another session in any another browser it will not be cleared.
So What i am trying to ask here is , the cookies and session related details ,browser cache will be in the local computer and it will be cleared on clearing history.
But is it browser specific?
The cookie and all will have any browser specific id , how it will differentiate that now clear the IE history or clear chrome history.
You can in fact use two different accounts on two different browsers at the same time. The browser history/cookies etc are specific to the browser in question.
There isn't a "standard" where browser save their settings, each do it as they file. MSIE might use the Windows Registry while Firefox might use a local database file.
For the server to keep track of a client session a session id is sent to the client. Which the client uses in each request to the server.
On the local computer each browser has it's own way of saving the cookie files. So when you clear the cookies in Firefox, then the cookies saved by Firefox will be deleted. Same thing with Chrome, IE, Safari etc.
They could even be using a own way of serializing the cookies for all that I know.
Related
I know that websites store cookies to validate users on different websites of the same domain , but when I tried to replicate it on my gmail account it didn't work.
I am using editthiscookie to export and then import cookies in the incognito browser .
Theoretically the browser should log me into my gmail account but it doesn't happen.
I had read it somewhere that the servers on the backend check the ip , but that shouldn't be the problem as it's my own PC both the time.
So what's wrong going on ??
Note:
1. EditThisCookie shows all the cookies including 'HttpOnly' and 'Secure'
2. I haven't logged off from my account on the other browser session i.e. the normal session (in case anyone might think of cookie expiration ).
Incognito mode operates as a clean slate, it does not have access to cookies from normal mode.
We have about 100 users accessing our website daily. A majority of them have no issues logging in. However, once a month we get a call or email ticket with complaints that users just see the login page refresh, with no error messages or anything.
All error messages are sent through the PHP Session cookie, and of course everything after logging in is based off of that session. The only reason I could think that the page just refreshes HAS to be because they are blocking that session cookie on their local machine...
Now most often the user is on internet explorer, but occationally it even happens with Chrome or Firefox. I've even had a user (on OSX) who tried Safari, Chrome, FF - and it would NEVER let them log in, the page would just basically refresh. I had the user add the website as trusted, and still no luck.
It's the worst because I cannot reproduce it from any network or from any browser/computer, ever.
Does anyone know what could be causing something like this? The site IS forcing SSL (the HTACCESS file redirects to HTTPS). The site IS forcing the session cookie as HTTP-Only and the Secure flag is also set to TRUE (and these 2 are somewhat recent changes).
I'm unsure what other settings on the server or the PHP instance would be causing something like this, or if it's soley a client-side issue (which it appears to be). And if it's client side, I'd like to learn the issue and possible solutions to it.
To preempt everyone, no - I cannot share the website URL for debugging because the client would not appreciate that, unfortunately. Thanks for any help, I'll be happy to answer any question that I can!
Do you have more than one web server behind a load balancer? And are the PHP sessions stored locally on each web server? If so it is the load balancer's job to make sure a user keeps going back to the same server on repeated accesses. If something goes wrong, they could get sent to a server where they do not have a session. It could be some intermittent glitch sending users to the wrong server.
Just guessing, because as others noted, we don't really have enough info.
Does your session cookie have a valid name? I've run into this problem in the past where some browsers don't accept a session cookie if it has an invalid name, but other browsers do accept them;
http://php.net/manual/en/function.session-name.php
Can we Fetch Values from Cross Browser Cookie ???
For Example USer Can use mozilla or chrome or any other browser
when we print_r($_COOKIE);
All Browsers Cookie Will Print.
No, cookies are stored only within one browser's cache. If you want to save data specific to a certain computer you will need to use Flash objects or server side databases
You will never be able to see all cookies set in a browser. Only the ones that are destined for the domain the request was sent to. For more information on cookies and the domain policy see here.
All browsers which have cookies enabled will send data to PHP which is added to $_COOKIE, assuming cookie data has been set...
That said, a browser will only "serve up" cookie data from itself and from the current domain. It cannot read another browser's cookies and it will not let you get data from another website.
It isn't clear what you are asking, so here are three answers:
How can I use cookies and have them work no matter what browser my visitors use?
Cookies are a standard. You use the same HTTP headers (or JavaScript) to set them for all browsers, and all browsers send them to the server in the same way.
How can I access the cookies I set before the user switched browser?
You can't read a cookie stored by (for example) Internet Explorer when the user visits using (also for example) Chrome. Chrome does not have access to the cookies stored by Internet Explorer so cannot send them to the server.
How can I access cookies set by a different website?
You cannot read a cookie stored for a different domain as browsers will only send cookies belonging to a given website to that website (to do otherwise would require vast amounts of bandwidth and be a terrible security problem).
The only cookies your website can read are those that were issued from the same domain to the users current browser.
For security reasons, browsers will only send cookie information to the same domain which issued it. Sometimes, it's even limited to a particular subdomain, rather than being valid for the entire site. This is a very good thing, since cookie information often contains session data which can (partially or wholly) give access to a website account to the holder of a cookie. This is called session hijacking. Basically, if a browser served up all your cookies to every site which requested them, a malicious site owner could take over your accounts on other sites just by making a request to them using the cookie data for that site.
Also, cookies are local to the particular browser that a user is using at the time the cookie is created. This is why if you were to log into your Facebook account from Firefox, you would have to log in again if you switched to Chrome.
In short, what you are asking for is impossible, and it is impossible for very good reasons.
This might be a duplicate question but as you can see they didn't get the correct answer.
How to uniquely identify a computer?
Uniquely identify one computer
how would you remembers a computers regardless of ip, "browser" cookies, and browser itself. So It will recognize it once you use it from another browser, or ip address. Any ideas?
UPDATE
I found out that there is a possibility using flash cookies:
it seems that it's shared across browsers and clearing the browser cookies does not remove it.
my question now is how can I see my flash cookies and know if that is what facebook is doing?
Ubiquitous availability (95 percent of visitors will probably have flash)
You can store more data per cookie (up to 100 KB)
Shared across browsers, so more likely to uniquely identify a machine
Clearing the browser cookies does not remove the flash cookies. --Joeri Sebrechts
I suppose a flash cookie is a bit more cross browser and persists.
Facebook only remembers based on the cookie in your browser.
The proof to the pudding is if you login and then switch to a different browser, you are not logged in there.
I have two open sessions on different browsers (Firefox, Opera). Both of them run on different user accounts. When I navigate through the administration page, the cookies are ok. But when I try to upload some images, the uploading php script receives the same cookies as in Firefox.
This doesn't happen if I use Internet Explorer instead of Opera.
If you're using Flash - which it seems like you do - this is because all browsers share Flash cookies since they're stored in the same location on the computer. This is not a browser problem, but rather a Flash problem (or feature).
Edit: See Local Shared Object on Wikipedia for a bit more information about Flash cookies.