I am having some trouble adding the path of "/" to my cookie, which is set with a function.
function WriteCookie(){
if(document.part1.pn1.value==""){
return;
}
var cookievalue=escape(document.part1.pn1.value) + ";";
document.cookie="partnumber1=" + cookievalue;
I'm sure it is a very simple answer, but I just can't seem to get it to work.
I have tried something like:
function WriteCookie(){
if(document.part1.pn1.value==""){
return;
}
var cookievalue=escape(document.part1.pn1.value) + ";";
document.cookie="partnumber1=" + cookievalue + path=/;
But clearly this is not correct.
This is the answer you need:
document.cookie = name+"="+value+expires+"; path=/";
If you set path=/ the cookie is available for the whole domain. Otherwise, your cookie is saved just for the current page you can't access it on another page.
For more info read- http://www.quirksmode.org/js/cookies.html - review the Domain and path section
Related
I have built a bunch of Django websites at a single domain:
example.com
site1.example.com
site2.example.com
site3.example.com
They are supposed to be completely independent — used by different people for different purposes.
However cookies set by example.com are given priority by Django, and values set by site1.example.com, site2.example.com etc. are ignored if the parent domain has set a cookie with the same name.
How it works:
When the first page is loaded, it sets a cookie so the server knows to send a computer page or a mobile page with the next request.
The Django program builds the correct version based on the cookie value.
When site1.example.com loads, it sets a cookie asking for the mobile version. But then the Django program sees the value set by example.com and ignores the correct cookie.
So, I need a way to do one of the following:
prevent site1.example.com from reading the cookie of example.com
differentiate in Django the domain associated with the cookie so I can tell that the value is wrong
find a way to set a parent domain cookie in Javascript that makes it inaccessible to subdomains (I'm not using www)
If I can't find an elegant solution, I will likely end up changing the cookie name to vary with the domain name.
I know that I could use the session framework, but apart from this particular issue, everything works great. I would really like to avoid modifying my existing system, though obviously I will if I have to.
[update] Here is the cookie-setting function:
function setCookie(cname, cvalue, exdays) {
var domain = window.location.hostname;
if (exdays > 7) exdays = 7; // max in Safari
var d = new Date();
d.setTime(d.getTime() + (exdays*24*60*60*1000));
var name = cname + '=' + cvalue + '; ';
var expy = 'expires=' + d.toUTCString(); + '; ';
var domn = '; domain=' + domain + '; ';
var path = 'path=/; ';
var secu = 'samesite=lax; secure;';
var complete = name + expy + domn + path + secu;
document.cookie = complete;
}
Since you say the websites are supposed to be completely independent the 3rd solution you propose seems most sensible. You should not be setting cookies in such a way that they are accessible by subdomains. Currently you are specifying the domain in the cookie, you should be skipping the domain which would mean the cookie would only be sent for the current domain (At least in modern browsers, IE does not follow this specification). If a domain is specified in the cookie it means that the cookie would also be used for the subdomains.
As mentioned in RFC 6265 - section 4.1.2.3:
If the server omits the Domain attribute, the user agent will return
the cookie only to the origin server.
Hence your cookie setting function should be like the following:
function setCookie(cname, cvalue, exdays) {
// Domain should not be set unless cookie needs to be accessed by subdomains
// var domain = window.location.hostname;
if (exdays > 7) exdays = 7; // max in Safari
var d = new Date();
d.setTime(d.getTime() + (exdays*24*60*60*1000));
var name = cname + '=' + cvalue + '; ';
var expy = 'expires=' + d.toUTCString(); + '; ';
// Domain should not be set unless cookie needs to be accessed by subdomains
// var domn = '; domain=' + domain + '; ';
var path = 'path=/; ';
var secu = 'samesite=lax; secure;';
var complete = name + expy + path + secu;
document.cookie = complete;
}
As a temporary fix, I added some code to my setCookie function:
var domain = window.location.hostname;
deleteParentCookieIfNecessary(name, domain);
deleteParentCookieIfNecessary contains:
function deleteParentCookieIfNecessary(name, domain){
var parts = domain.split('.');
if (parts.length > 2){ // on subdomain
var domain = parts.slice(-2).join('.');
document.cookie = cname + '=;domain=.' + domain + ';path=/;max-age=0';
}
}
The result is that when the cookie is set, if the url is a subdomain then the parent-domain's cookie of the same name will be automatically deleted.
When creating a cookie using javascript using document.cookie
document.cookie = name + "=" + value + "; " + expires + ";path=/";
will the domain be populated or do I need to specify it?
You can only create cookies for the domain that your script is running under. So yes, the browser will set the cookie for the proper domain.
It will be populated.
You can run this in the console and then look at the cookies and Domain will be populated.
document.cookie = "val=val;Session;path=/";
I have been searching for reading cookies for last several hours and posted questions in this site but still no luck.
All I need to do is set cookie on one page and read cookie on other page. I have tried escape and unescape but no result.
Here is my code on first page where I am setting cookie
document.cookie = 'province=' +window.escape($(elem).text()) +'; expires=Fri, 3 Dec 2014 20:47:11 UTC; path=/';
And here I am reading it
function re() {
var a = get_cookie("province");
alert(a);
window.location = "lp.aspx?"+a;
}
function get_cookie(cookie_name) {
var results = document.cookie.match('(^|;) ?' + cookie_name + '=([^;]*)(;|$)');
if (results)
return (window.unescape(results[1]));
else
return null;
}
I have tried all the answers on stackoverflow but still looking for solution.
Again I need to set cookie on one page and read it on other page.
Try using the following
var testcookieValue = $.cookie("testcookie"); // read
$.cookie("testcookie", 1); // write
Hope it helps.
I'm using this code to save cookies:
function saveCookie(name,value) {
var date = new Date();
date.setTime(date.getTime()+(60*24*60*60*1000));
var expires = "; expires="+date.toGMTString();
document.cookie = name+"="+value+expires+"; path=/";
}
My problem is that it saves the cookie with domain "example.com" and I want to write them to ".example.com" so I can also read them from subdomains. This is easy to do with PHP but I don't know how to do it with javascript. How can I add a dot before the domain when I save the cookie?
You already have path in there, domain is specified in the same way.
To permit reading from other sub-domains, try:
'; path=/; domain=.'+window.location.host;
I've created a cookie like below and can retrieve all font_size, back_color and font_name. But once I close the browser the cookie is lost. From what I know is if we get expiry date wrong cookie can be lost but I've tested the date, expireGMT and is fine. Have I done anything wrong in the code below? Do I need to include path as well?
document.cookie = "font_size=14";
document.cookie = "back_color=Gray";
document.cookie = "font_name=Georgia";
document.cookie = "expires=" + expireGMT;
Each individual write to document.cookie is the setting of a cookie, and any options (including that cookie's expiration date) must be set on that write. You need to include the expiring time on every cookie assignment:
document.cookie = "font_size=14; expires=" + expireGMT;
document.cookie = "back_color=Gray; expires=" + expireGMT;
document.cookie = "font_name=Georgia; expires=" + expireGMT;
without that, each cookie will be created as session cookies and expire when the browser's closed.