on one domain i use command as::
setcookie( "cookiename", "cookievalue", time()+86400, "/", "domain1.com" );
on other domain i used a pixel code as
<img src="http://domain1.com/?action=trackcookie" width=1 height=1 />
that url not able to read cookie , but the same url able to read cookie when it is called directly. when i put htat url as a pixel code on other domain . it is not able to read value.
what might be the problem for this ??
Best Regards,
Satish Kalepu
Hi, Yes I have checked httpwatch and firebug also..
http://www.domain1.com/tracking.php?action=setcookie
that url put cookies:
Set-Cookie topinno=1; expires=Tue, 27-Apr-2010 09:24:16 GMT; path=/
Set-Cookie newkhan=%3A+2010-04-26+14%3A54; expires=Thu, 06-May-2010 09:24:16 GMT; path=/
on domain2 this url is called: in a iframe tag..
http://www.domain1.com/tracking.php?leadno=CREATEDLEADNO&city=CITYOFTHELEAD
then those cookies are not coming...
but when i call the same url directly. again i am able to see cookies in request:
PHPSESSID=diebgrgusqofs2gckahu2nbm04; topinno=1; newkhan=%3A+2010-04-26+14%3A54; __utma=97007629.526966387.1270733785.1272261298.1272265835.45; __utmz=97007629.1270733785.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
Cookies are per domain based, you couldn't able to do that in another domain.
And If you do it in same domain, expires after two days should be "expires after two days" you are missing quotes, or it should be numbers in seconds.
Many browsers optionally put limitations on ‘third-party cookies’, that is cookies set by resources served from a different hostname than the main page address. Users hate tracking beacons; you should not rely on them always working.
In particular for the default settings of IE, you must create a P3P policy promising to be nice, or the browser will refuse to allow third-party cookies.
More background.
For reasons of privacy, many browsers block cookies that come from a different domain to the page itself.
Related
I have created one php web page which creates a cookie. That web page redirects the user on another (second) php web page. On this second web page I'm trying to delete the cookie which is created by the first page. But cookie is not getting deleted. And the second web page shows an error like "can not modify header information"
My php code format for deleting that cookie is like:
if(isset($_COOKIE['cookieName']))
{
setCookie('cookieName','values',time()-3600,'/','example#domain.com',0);
}
I hope you are making use of unset()
Do like this
if(isset($_COOKIE['cookieName']))
{
unset($_COOKIE['cookieName']));
}
Can you try this,
unset($_COOKIE['cookieName']);
setcookie('cookieName', null, -1, '/');
Path:
The path on the server in which the cookie will be available on. If set to '/', the cookie will be available within the entire domain. If set to '/foo/', the cookie will only be available within the /foo/ directory and all sub-directories such as /foo/bar/ of domain. The default value is the current directory that the cookie is being set in.
Domain:
The domain that the cookie is available to. Setting the domain to 'www.example.com' will make the cookie available in the www subdomain and higher subdomains. Cookies available to a lower domain, such as 'example.com' will be available to higher subdomains, such as 'www.example.com'.
Setting cookies is done in the HTTP header. This header is sent before the actual content of the page. As a result, you can only (un)set the cookie of you have not yet sent any output.
This is also stated in the setcookie documentation:
Like other headers, cookies must be sent before any output from your
script (this is a protocol restriction). This requires that you place
calls to this function prior to any output, including and
tags as well as any whitespace.
For example:
<?php
if (isset($_COOKIE['cookieName'])) {
unset($_COOKIE['cookieName']);
setcookie("cookieName", "", time()-3600);
}
?>
<html>
....
</html>
(Also see the question Remove a cookie.)
I have two servers, 'www.domain.local' and 'api.domain.local'. I want to set a cookie in a script on the api server that is called from the www. Chrome does not let me do that (didn't try other browsers yet)
my PHP code:
header("Access-Control-Allow-Origin:*");
echo json_encode(array("cookie"=>print_r($_COOKIE,true)));
setcookie("test","ok",time()+24000*3600,"/",".domain.local");
in my jQuery:
$.getJSON("http://api.domain.local/test.php",{
command:"setcookie"
},function(fb){
alert(fb.cookie);
});
The PHP is first returning the cookies it has, the first run this should be zero, and it is. In the header of the PHP script I see the following:
Set-Cookie:test=ok; expires=Tue, 27-Oct-2015 22:52:52 GMT; path=/; domain=.domain.local X-Powered-By:PHP/5.3.14
Which is what I expect. But the cookie isn't set. When I run the jQuery again I am expecting the cookie to be set (get an alert with the print_r of $_COOKIE), but I get nothing. One thing I noticed in the 'cookies' tab of the network resources in the debug part of Chrome is that the expiry was set as "Invalid Date". If I run the PHP script directly I don't have this problem though.
Is it possible to set a cookie in a PHP script called from jQuery and if so, how?
Let's see, set a cookie on a different domain to the one that the page is loading on and in PHP from jQuery
Someone might post how you're supposed to do it.
I might just cheat.
www.domain.local/test.html includes
$.getScript("http://api.domain.local/test.php?dowhat=setcookie");
api.domain.local/test.php is
<?php
switch ($_GET['dowhat']){
case 'showcookie':
print_r($_COOKIE);
break;
case 'setcookie':
setcookie("test",date('Y m D H:i:s'),time()+24000*3600,"/");
break;
}
header("Content-type: application/javascript"); // may as well, it expects this
die;
Now go to http://api.domain.local/test.php?dowhat=showcookie
Array ([test] => 2013 01 Thu 00:20:52 )
Ta-da!
P.S. I wouldn't advise doing it this simply if you need it to be set without someone naughty being able to cheat too.
There seems to be a problem with your code. On the first line you forgot to close your string with ".
so i need a cookie set for 21 days on a browser when a user hits the site and everytime the user returns in that 21 day period i need to retrieve that value
if($_REQUEST['ref'] == "something"){
setcookie('something_value', "something" ,time()+60*60*24*21,'/','mydomain.com');
}
in the view
<?php if(isset($_COOKIE['something'])) { ?>
but when i view the cookies in safari and firefox i dont see "something"
am I missing something
Looks like you've swapped the first two parameters of setcookie. The first parameter should be the name of the cookie.
// prefix the mydomain.com with a . (makes it work on more browsers)
setcookie('something_value', "something" ,time()+60*60*24*21,'/','.mydomain.com');
I've also had that problem and putting a . in front of the domain name made wonders for me.
Do not view cookies in safari and firefox. Cookie is an HTTP header and nothing else. Do not rely on inner browser's mechanism. But rely on HTTP log only. Do you see your cookie in HTTP log?
what is it's name? "something_value"? Don't you mess something? ;)
I have set my cookie in PHP using the following:
setcookie("id", 100, time()+100000, "/AP", "www.mydomain.com", 0, true);
When I look at the cookies stored in the browser it looks like this:
Name: id
Content: 100
Domain: .www.mydomain.com
Path: /AP
Notice the . in the Domain
When I set a cookie in javascript I get the same results except:
Name: id
Content: 100
Domain: www.mydomain.com
Path: /AP
The domain is different. Why does my PHP cookie put a '.' in front of www.mydomain.com and javascript does not.
The following is the javascript code that I'm using to create a cookie:
function SetCookie(cookieName,cookieValue,nDays) {
var today = new Date();
var expire = new Date();
if (nDays==null || nDays==0) nDays=1;
expire.setTime(today.getTime() + 3600000*24*nDays);
document.cookie = cookieName+"="+escape(cookieValue)
+ ";expires="+expire.toGMTString();
}
Any ideas?
Update:
When I try to read this using the following function in javascript:
function ReadCookie(cookieName) {
var theCookie=""+document.cookie;
var ind=theCookie.indexOf(cookieName);
if (ind==-1 || cookieName=="") return "";
var ind1=theCookie.indexOf(';',ind);
if (ind1==-1) ind1=theCookie.length;
return unescape(theCookie.substring(ind+cookieName.length+1,ind1));
}
I can't get the value using the ReadCookie function (above) from the cookie that contains:
Domain: .www.mydomain.com
However the cookie that contains:
Domain: www.mydomain.com
works just fine.
So someone with the same problem can easily find the answer in the future. Here's my comment in answer form:
You're settings the cookie to httponly, meaning javascript cannot interact with it. Remove the last parameter of setcookie or set it to false and you should be able to access it using javascript.
setcookie("id", 100, time()+100000, "/AP", "www.mydomain.com", false, false);
Glad I could help!
A cookie with domain .www.mydomain.com is sent not only to www.mydomain.com, but also to subdomain.www.domain.com, sub.subdomain.www.domain.com and so on.
However, I can't reproduce the behavior you mention:
a.php
<?php
setcookie("id", 100, time()+100000, "/AP", "www.mydomain.com", 0, true);
HTTP request:
GET /a HTTP/1.1
Host: localhost:81
HTTP/1.1 200 OK
Date: Tue, 03 Aug 2010 03:49:59 GMT
Server: Apache/2.2.13 (Win32) PHP/5.3.0
X-Powered-By: PHP/5.3.0
Set-Cookie: id=100; expires=Wed, 04-Aug-2010 07:36:41 GMT; path=/AP; domain=www.mydomain.com; httponly
Content-Length: 0
Content-Type: text/html
Why does my PHP cookie put a '.' in front of www.mydomain.com and javascript does not.
PHP's probably doing it for compatibility reasons. This may vary between PHP versions.
The dot at the front means that the cookie should not just be assigned to the specified hostname, but also to any sub-domains below that hostname.
So a cookie set for .www.example.com should work on both www.example.com and site1.www.example.com.
I'm going to answer this question just so I can mark an answer, however the credit goes to: munch. If he puts an answer to this question I will delete this and use his answer. Please do not "up" vote my answer. Please "up" vote his comment under my original question.
The answer that munch gave:
#Jeff V: You're settings the cookie to http only, meaning javascript cannot interact with it. Remove the last parameter of setcookie or set it to false and you should be able to access it using javascript.
I immediately tried that and low and behold it worked! After wards I wanted to find out what they heck he was talking about. So I went to: http://php.net/manual/en/function.setcookie.php to find out what this HTTP parameter was all about.
httponly
When TRUE the cookie will be made
accessible only through the HTTP
protocol. This means that the cookie
won't be accessible by scripting
languages, such as JavaScript. This
setting can effectively help to reduce
identity theft through XSS attacks
(although it is not supported by all
browsers). Added in PHP 5.2.0. TRUE or
FALSE
munch was absolutely right. Please up his comment when reading this.
I have problem in overwriting cookies value cross sub domains, a website running in ASP which is in www.domain.com and mobile site running in PHP with m.domain.com sharing same cookie
Cookie created in www.domain.com via asp as follow:
Response.Cookies("cookie_name")="value1"
Response.Cookies("cookie_name").Expires=DateAdd("m", 1, Date())
Response.Cookies("cookie_name").Domain = ".domain.com"
Response.Cookies("cookie_name").Path = "/"
Response.Cookies("cookie_name").Secure = false
When i tried to overwrite the value in PHP (m.domain.com) as follow:
setcookie("cookie_name",'value2',time()+60*60*24*30, "/", ".domain.com",false);
the execution return true but when i check the cookie the value wasnt change still "value1"
also had tried to set via header
header("Set-Cookie: cookie_name=value2; path=/; domain=.domain.com; expires=".gmstrftime("%A, %d-%b-%Y %H:%M:%S GMT",time()+60*60*24*30));
but still no efects, any ideas? big thanks.
Finally i made it work
header("Set-Cookie: cookie_name=value2; expires=".gmstrftime("%A, %d-%b-%Y %H:%M:%S GMT",time()+60*60*24*30)."; path=/; domain=domain.com");
Note the domain part (no dot), hope this helps others
PHP and JavaScript sometimes can't work together aswell so I recognise the problem.
I don't know how much you depend on Javascript, but you could use it to set the cookie values(echo-ing "document.cookie = "=;expires=;path="; ").
It's dirty but at least there will be one common divider to worry about; not two.....