I want to use a cookie to create a session where it expires when the user closes the browser window. All of the posts online says the way to do so is to remove the expires attribute from the cookie. But I tried to do that and that did not work.
I have the following cookie string:
example=true;path=/
Note that I did not set the expires attribute.
What happens is that the expires attribute gets set to 1 year from now.
Try setting this cookie with expires=0.
session_set_cookie_params($expire, $path, $domain, $secure, true);
// Open
session_set_cookie_params(0, '/', '.example', false, false);
// Locked Down
session_set_cookie_params('o, /forums', 'www.example.com', isset($_SERVER["HTTPS"]), true)
Related
I'm setting a "SESSION" cookie via JS:
var d = new Date();
d.setTime(d.getTime() + (2*24*60*60*1000));
var expires = "expires="+ d.toUTCString();
document.cookie = cookie.name + "=" + cookie.value +";"+ expires + ";
path="+cookie.path+";domain="+data.shared_domain+";";
Then I'm deleting the cookie by making it expire, via JS:
document.cookie = "SESSION=; expires=Thu, 01 Jan 1971 00:00:01 UTC; path=/;domain="+domain;
After doing this, console.log(document.cookie) will return all other cookies except this one, which is what I would expect.
On the other hand, I am doing session checks via PHP, trying to read the cookie by doing $_COOKIE["SESSION"].
isset($_COOKIE["SESSION"]) will return true, and I can read the old value of the cookie. No matter how many times I refresh the page, it still reads it.
Am I misunderstanding how cookies work? Is there another way to check if a cookie has expired in PHP?
Update:
Yes, the problem is that the cookie has an HttpOnly flag.
So now I'm trying to delete it via PHP. Based on this other question, I do:
setcookie("SESSION", "", time()-3600);
if (isset($_COOKIE['SESSION'])) unset($_COOKIE['SESSION']);
When I'm done, I check that it's gone with a quick var_dump($_COOKIE), and yes, it is nowhere to be seen.
Except that Chrome still sees it (expired in 1969), and when I navigate to another part of the site, checking for that cookie will return a value.
I will add one extra piece of information, in case it makes a difference: This cookie is shared by sub.domain.com and app.sub.domain.com. When I set it, I set it for .domain.com. And I unset it for .domain.com as well.
How can I get rid of that cookie for good?
It's not clear how you're creating the cookie in the first place; I assume using PHP's session handler, but you haven't specified.
Either way, it is likely being generated with cookie security settings that limit access to it from the JavaScript. This setting is called httpOnly and is typically used on session cookies and other similar cookie data that is intended for use only by the server-side code.
If this cookie setting has been set (and any good session handler will have set it), then you simply won't be able to set or unset this cookie from the browser; you will have to do it from your PHP code.
For more info on this topic, see this wikipedia article: https://en.wikipedia.org/wiki/Secure_cookie
I am making a dynamic form and submitting it, when user clicks a href tag.
Here is the code
<script>
$(document).ready(function () {
$("#logout").click(function () {
var form = document.createElement('form');
form.setAttribute('action', '${pageContext.request.contextPath}/logout/user');
form.setAttribute('method', 'POST');
document.body.appendChild(form);
form.submit();
});
});
</script>
Issue is that, i have to also submit a cookie which was previously set when user logged in my application. Currently at the back end i am not getting the cookie.
How to submit the cookie as well.
You can then do:
$.cookie("test", 1);
To delete:
$.removeCookie("test");
Additionally, to set a timeout of a certain number of days (10 here) on the cookie:
$.cookie("test", 1, { expires : 10 });
If the expires option is omitted, then the cookie becomes a session cookie, and is deleted when the browser exits.
To cover all the options:
$.cookie("test", 1, {
expires : 10, //expires in 10 days
path : '/', //The value of the path attribute of the cookie
//(default: path of page that created the cookie).
domain : 'jquery.com', //The value of the domain attribute of the cookie
//(default: domain of page that created the cookie).
secure : true //If set to true the secure attribute of the cookie
//will be set and the cookie transmission will
//require a secure protocol (defaults to false).
});
I'm trying to remove all cookies from my website that were created before today... so that anyone who's a returning to the site will lose all of their old cookies and will get a fresh set of cookies.
I can't use RequestHeader unset Cookie because it will just keep removing cookies until I remove it, I want it so it removes all cookies made before 07/01/2015
I'm also trying to "fix" my site so that browsers remember the directory /f1fol/ because for some reason no browser remembers that page (not sure what's causing the problem)
Anyone know how to do this/what's the problem?
Here's the thing: a browser never reports the creation date of a cookie. When a cookie is created, only the expiration date the server specified during its creation is stored along with its value, and hence, only that gets reported back to the server until the day the cookie crumbles/expires.
But, the end effect which you want, that anyone who's returning to the site should lose all of their old cookies and get a fresh new set is possible to achieve. Add the following code to a PHP include file named, say, purge_old_cookies.php
<?
// Check if this script has run before
if (!isset($_COOKIE['purged_once'])) {
// Check for old cookies
if (isset($_SERVER['HTTP_COOKIE'])) {
$cookies = explode(";", $_SERVER['HTTP_COOKIE']);
// Iterate and unset all cookies
foreach ($cookies as $cookie) {
$fields = explode("=", $cookie);
$name = trim(fields[0]);
// unset any cookie for the current path
setcookie($name, "", time() - 3600);
// unset the cookie for the root path
setcookie($name, "", time() - 3600, "/");
}
}
// Set a purged marker for the current path
setcookie("purged_once", "1", strtotime("+6 months"));
}
?>
A cookie is forced to expire by setting its expiration date in the past. The code above sets it to yesterday.
Notice, the setcookie() method is fired twice as the cookies must be deleted with the same parameters as they were set with. The above would suffice in most cases but if your site had set cookies with different domain, secure or httponly parameters, you may have to pass them as well.
Once the above script is ready, just include it at the beginning of all the required pages.
<?
include '/path/to/purge_old_cookies.php';
...
?>
If you're sure that your site never set a cookie for a specific /dir/path i.e. always passed a path value of /, then you can unset all the cookies by adding this script to just /index.php. The two setcookie() calls (with and without /) then effectively become the same and you can drop one. The purged_once cookie would also be set on root as
setcookie("purged_once", "1", strtotime("+6 months"), "/");
This would also restrict the marker cookies to just one per user.
Please Note:
Keep the marker purged_once cookie set to expire after a long time
like 3 to 6 months. If you keep it very low and forget to
remove the script, you'll end up purging all the new cookies your site
sets from the time this script was introduced.
In PHP setcookie function, you can set the time the cookie expires. If you want it to expire today, you can try something like that:
setcookie('var', 'value', strtotime(date('Y-m-d 23:59:59'));
and this will make it to expire in the last second of the current day. You can check cookie existence like that:
if (isset($_COOKIE['var'])) {
//do something with it
} else {
//store cookie var and do something else
}
If you need to store a directory path for a longer time, you can set expiry time to a far future date.
May be from PHP, you can also change the life span of a cookie from javascript as well. You can simply read the cookie and if date is less than your desired time delete the cookie .more
I simply try to set cookie when form is submitted but it seems that the function sets
cookie on every refresh of page
function Sub(){
var exdays="3000";
var value="asdf";
var exdate=new Date();
var c_name="asdf";
exdate.setDate(exdate.getDate() + exdays);
var c_value=escape(value) + ((exdays==null) ? "" : "; expires="+exdate.toUTCString());
document.cookie=c_name + "=" + c_value;
alert("asdf"); //just for debugging
return true; }
</SCRIPT>
<form id="myform" action="http://localhost" onsubmit="return Sub();">
The cookie will be sent by the browser on each request for the same URL until it is deleted, it expires, or for session cookies, until a new session is created.
You're setting an expiration, so it's not a session cookie. So your browser will send the cookie on each page load to that URL, regardless of whether you clicked something or not.
Try removing the expiration date, clearing your cookie cache, and restarting your browser.
The cookie will not be present until you submit once. Then the cookie will be present until you close your session (restart the browser).
Do you mean the cookie is changed on every reload or that the cookie exists?
I am assuming here that you are using the cookie to send a bit of information to the server along with the form.
Cookies are persistent, and will stick around until they are changed. It might make more sense to have a hidden field in the form, and change the value of that, instead of setting a cookie.
I am attempting to set a cookie on a particular page to be read on another page. I wish to know why the other page is not being sent the cookie. Examining what is going on shows that the cookie is being set, but is not being sent to the server. My understanding was that if the path of a cookie is not set, the cookie will be sent to any page on the domain, though I tried adding path=/ to the cookie in case that would help anyhow. Opera has the cookie tagged as "Only sent to creator" for whatever reason. I'm sure I'm missing something simple.
<script type="text/javascript">
function setCookie(c_name,value,expiredays)
{
var exdate=new Date();
exdate.setDate(exdate.getDate()+expiredays);
document.cookie=c_name+ "=" +escape(value)+((expiredays==null) ? "" : "; expires="+exdate.toGMTString());
}
setCookie("mycookie",document.location.href,7);
</script>
http://www.site.com/Folder/subfolder/page.aspx - Cookie set here
http://www.site.com/folder/page.aspx - Cookie should be sent here. Why isn't it?
As you said yourself, add the path:
document.cookie=c_name+ "=" +escape(value)+((expiredays==null) ? "" : "; expires="+exdate.toGMTString()+" ;path=/");
If it's not working, clear all cookies and start again. Old cookies without the path set might be messing something up.
It certainly won't work without explicitly setting path; it certainly should work if you are setting the path.