That's my problem: I have an website, example.com, in which index.html file a introduced a <script src="website.net/js.js"></script> You can see, that this is on other web server.
In the js.js I have some data that I want to send to php. For that, I am using Ajax. So, I made a request to "website.net/data.php" using method get. In data.php file everything is ok,I received the value, but I want to set a cookie which value is what I received through ajax. Here is the problem. The setcookie function says that the cookie was set, but when I check in the browser, there's no cookie!
It works fine if the index.html file where I use <script src="website.net/js.js"></script> is hosted on the same domain where I am making the request. If it is on another domain, it doesn't work anymore.
I have read something about Ajax cross site, but I don't want to send something back to example.com. All I want is to send some data from example.com to website.net and then setting a cookie based on that value.
From the example.net I take a single value. On website.net I receive that value, I check if it's not already a cookie set, if it's not, I set it. On the same page, website.net, I use this cookie too.
Where do you check if the cookie is set? On the domain example.com or on the domain website.net?
In case you try to access the cookie using example.com, it is simply not possible to write/access or do anything with a cookie of an other domain. This is for security reasons. If you could, every other website could access you cookie and steal your identity easily.
Try to set the cookie within an iframe. I'm not sure if you can actually set cookies for website.net using JavaScript just because js.js is loaded from that domain.
Thank you very much!
I found an other way to send the data to a php file without ajax using basic javascript and <img /> tag
For example:
example.com has in index:
<script type="text/javscript" src="http://website.net/js.js"></script>
In the js.js file I have
var important_data = 123; //
var src = "http://website.net/process.php?important_data=" + important_data;
document.write('<img src="' + src + '"/> ');
Now, every time I load example.com, it sends to website.net the important data. I tried to set a cookie in process.php file and it worked! I tested that idea on localhost (both 'websites' were in my local server), but it should works also between 2 different domains. I'll try to see if it works between 2 different websites. After that, I'll come back to share the result.
Thank you!
Later Edit:
I checked if I can set a cookie using that method, and it works!
It works great! The cookie for website.net is not setted for that domain, it is setted for example.com. Exactly how I want!
Related
When I call the script using /landing.php?source=param I want the script to do a redirect to a URL on another domain, but I don't want the people on the other domain to see the source=param parameter in their analytics or server logs, I don't mind them being able to see the /landing.php URL.
Any ideas on a solution?
A solution is to redirect to an URL on your server (possibly the same page) that doesnt contain the query string first, and then send the user to your off-site destination. You can pass the needed parameter/url on your server with a $_SESSION or $_POST
/landing.php?source=param > /redirect.php > www.offsite.com
In your landing.php, check for the source variable and then redirect it to landing.php or another page without the GET variable e.g. :
if(!empty($_GET['source'])){
// Save the source into a COOKIE / SESSION
// Then redirect to another page to strip out the GET variable.
redirect('landing.php');
}
Then either in landing.php or another file, just redirect to the offsite URL. You'll have the source in a COOKIE / SESSION to use if you need to do anything else with it.
I have a cookie that will not set on the remote server, works find locally. No error messages, var_dump gets me Null, echo is blank.
<php
setcookie('ymp','14', time()+3600);
session_start();
?>
I can set a javascript cookie fine. The opening tag is line 1 of the page.
Any ideas
Thanks
Gary
On Edit
I have some comments I posted below, it is a 3 file process.
Page one is to set the cookie, as above.
Page two I have for debugging
<php var_dump($_COOKIE['ymp']); echo'<br />'.$_COOKIE['ymp'];?>
Page 3, and again this all worked locally I have
<?php
if($_COOKIE['ymp']!=='14')
{die('Sorry, you have not had your delightful little pastry yet.... try again.');}
?>
I set a js cookie, and changed the code to reflect the different cookie name and it worked fine.
I also reset the time to +86400, because of the two hour time difference to the server, though I don't think that is really required.
Thanks for all the help
Gary
You can't read the value of a cookie until a new page request is made. This is because the value of cookie data is sent with the page request. So it isn't available for to access its value until after it is set and a new page request is made.
Also, session_start() has no effect on cookies. They are two different things. (Sessions do typically use cookies to store the session ID but that is irrelevant).
This is rather peculiar - I assume this could have something to do with PHP configuration.
See what the return value of setcookie function is - it may be FALSE if output has been already sent before the function call. You did mention it is right at the start of your script, however there could be other entities outputting data (pre-executed scripts on the server perhaps?)
It's also possible that your browser is set to not accept cookies from certain domain - check your configuration.
Please provide any other relevant code and indicate how you check if cookies are set.
This problem never did solve, I ended up writing a new file to a different domain on the same host, gave the cookie a different name and value (is it possible that a 3 character name cookie with a 2 digit value too small??) and it worked as supposed expected.
Thank you all for your help... too busy to do a CSI investigation as to the how's and whys.
Gary
It could be because you don't specify a path and/or a domain for the cookie. Try this instead:
<?php
setcookie('ymp','14', time()+3600, '/', 'yourdomain.com')
?>
when use GET Method for receive JSON data , we can acsses the result directly from web browser , for example i send a mydata value from ajax to a main.php file and it process and get answer show a result some thing like below :
<?php
if (isset($_GET["mydata"])) {
if ($_GET["mydata"]=="hello"){
echo "hello world";
}
}
?>
but when a user call it in browser directly like http:mysite.com/mydata.php?mydata=hello recive answer . i want dont allow users to get answer of http request directly , and just can show it from ajax result of main page is it possible ?
You're asking how to prevent an ajax-only request from being accessed directly by copy-pasting the URL into the web browser; that is, only allowing the URL to be accessible via ajax on the main web page.
Well, there are a few things you can try:
Check the Referrer for the URL of the main page with $_SERVER['HTTP_REFERER']
Set a header in Javascript using xhr.setRequestHeader() and then ensure it's value by checking for $_SERVER['HTTP_X_....'] in PHP
Like Jay Bhatt recommended, check for the X_REQUESTED_WITH header, but be aware this might not always be set (see: X-Requested-With header not set in jquery ajaxForm plugin)
However, in any of these situations you should be aware that anyone who knows what they are doing can easily set any HTTP header, variable, or even modify the referrer which is sent to the server. As such, there is no 100% guarantee that your resouce can be accessed only via AJAX on the main web page. There is no control built in the internet to verify where a request is coming from, so anyone can easily spoof or fake it.
I have a cookie that will not set on the remote server, works find locally. No error messages, var_dump gets me Null, echo is blank.
<php
setcookie('ymp','14', time()+3600);
session_start();
?>
I can set a javascript cookie fine. The opening tag is line 1 of the page.
Any ideas
Thanks
Gary
On Edit
I have some comments I posted below, it is a 3 file process.
Page one is to set the cookie, as above.
Page two I have for debugging
<php var_dump($_COOKIE['ymp']); echo'<br />'.$_COOKIE['ymp'];?>
Page 3, and again this all worked locally I have
<?php
if($_COOKIE['ymp']!=='14')
{die('Sorry, you have not had your delightful little pastry yet.... try again.');}
?>
I set a js cookie, and changed the code to reflect the different cookie name and it worked fine.
I also reset the time to +86400, because of the two hour time difference to the server, though I don't think that is really required.
Thanks for all the help
Gary
You can't read the value of a cookie until a new page request is made. This is because the value of cookie data is sent with the page request. So it isn't available for to access its value until after it is set and a new page request is made.
Also, session_start() has no effect on cookies. They are two different things. (Sessions do typically use cookies to store the session ID but that is irrelevant).
This is rather peculiar - I assume this could have something to do with PHP configuration.
See what the return value of setcookie function is - it may be FALSE if output has been already sent before the function call. You did mention it is right at the start of your script, however there could be other entities outputting data (pre-executed scripts on the server perhaps?)
It's also possible that your browser is set to not accept cookies from certain domain - check your configuration.
Please provide any other relevant code and indicate how you check if cookies are set.
This problem never did solve, I ended up writing a new file to a different domain on the same host, gave the cookie a different name and value (is it possible that a 3 character name cookie with a 2 digit value too small??) and it worked as supposed expected.
Thank you all for your help... too busy to do a CSI investigation as to the how's and whys.
Gary
It could be because you don't specify a path and/or a domain for the cookie. Try this instead:
<?php
setcookie('ymp','14', time()+3600, '/', 'yourdomain.com')
?>
Coles Notes version:
index.php?map_id=foo is loaded into iframe on www.not-my-domain.com. index sets SESSION['map_id'] = foo. Flash file tries to get SESSION['map_id'] thru Authenticate.php, but Authenticate.php has no values set for any SESSION varaibles.
-- Only first-load, cross domain issue.
Verbose:
I have an index while where I set: SESSION['map_id'] = foo
The index file then loads a flash file. When initialized, the flash accesses an 'Authenticate.php' file which echo's out the SESSION['map_id'] and is loaded into flash via LoadVars. Flash then displays the appropriate data.
This step cannot be done another way
This all works just fine on our main site. The issue comes when we try to port out to other sites by providing iframe embed codes:
<iframe src="http://www.mydomain.com/?map_id=foo&code=bar" ... ></iframe>
On a fresh load of the embed code from another site (www.anotherdomain.com), it seems that the SESSION variables have been destroyed, as flash simply says they are empty. ( $map_id outputs a blank )
The index file will still properly echo $map_id as 'foo', it just seems the 'Authenticate.php' file cannot access the SESSION varaibles.
I have ensured session_start() is present in all appropriate files.
PHP session ids are passed through cookies by default, but you can't transfer cookies across domains. Try passing the session id through the url instead.
Here is the appropriate page in the php documentation.
There are a few ways you can get php to pass the session id in the url if it's not being done automatically.
You can manually pass the session id in the url (must come before other get variables):
<iframe src="http://www.mydomain.com/?&map_id=foo&code=bar">
You can disable cookies, forcing every request to have the session id automatically added to the url:
ini_set("session.use_cookies","0");
You can edit the url_rewriter.tags setting, which tells PHP which html tags to rewrite with the session id. Here, iframe=src has been added to the default set:
ini_set("url_rewriter.tags", "a=href,area=href,frame=src,iframe=src,input=src,form=fakeentry");