My set Cookie js function
function setCookie(name, value, expires, path){
cookieStr = name + "=" + escape(value) + "; ";
if(expires){
expires = setExpiration(expires);
cookieStr += "expires=" + expires + "; ";
}
if(path){
cookieStr += "path=" + path + "; ";
}
document.cookie = cookieStr;
}
When I create a cookie,
setCookie('MyCookie','cookieName',3,'/Members')
How to get cookie's path?
TL:DR;
You cannot read through cookies based on path using javascript.
In JavaScript, you can only set or get cookies by using the internal object document.cookie. And the content of this object will be a string of key value pairs of non-httpOnly cookie names and values separated by a ;. And that is pretty much it.
There is no way you could get a trace of Path, Domain and other attributes of cookies as they are only read by browsers and not shown to JavaScript.
On the other hand, If you are using any form of AJAX, You could try to intercept and parse the request headers by xhr.getResponseHeader("Set-Cookie") and store the value in localStorage or sessionStorage as per your need. I still advise you that it is not a good idea. Some of the browsers might consider Set-Cookie header as one of the forbidden headers to be read by javascript. but I think that restriction is only for httpOnly cookies.
Related
Is there a way to get the value of a cookie set by Javascript inside the Yii 2 framework?
Using this code
if(Yii::$app->getRequest()->getCookies()->has('HELLO'))
{
die("YES COOKIE");
}
else
{
die("NO COOKIE");
}
And I am seeing the HELLO cookie has been set when I inspect. However, the code is returning NO COOKIE.
The cookie was set with Javascript like so
function setCookie(cname, cvalue, exdays) {
var d = new Date();
d.setTime(d.getTime() + (exdays*24*60*60*1000));
var expires = "expires="+ d.toUTCString();
document.cookie = cname + "=" + cvalue + ";" + expires + ";path=/";
}
cookies you set in javascript won't pass yii validation when you attempt to access them.
the whole purpose of the validation is to ensure that cookies that yii reads and writes are not tampered with.
i dont know your exact use case, but if you need a client action to set cookie data, i'd prefer to set it via an ajax request.
if it's not something sensitive (like getting a tab state or smth), use the $_COOKIE global to access it.
or, the nuclear option, disable cookie validation altogether in application config
docs could help you out here
I have two subdomains foo.example.com and bar.example.com, I am setting javascript cookies on the foo.example.com, but not able access it on bar.example.com, please suggest a way to access the cookie created on the foo.example.com on bar.example.com
In php I set a persistent cookie to do something similar, if it can be accessed from separate browsing sessions it can be accessed cross-domain i'd imagine.
I have "borrowed" this javascript from #pete because I'm not a JS expert, and barely even a novice, but I think something along these lines could work, set a cookie to expire after a year or other time period, as opposed to when browser session closes or the page has been left.
You'll need to do some messing about with it but hey, that's the fun part!
// Build the expiration date string:
var expiration_date = new Date();
var cookie_string = '';
expiration_date.setFullYear(expiration_date.getFullYear() + 1);
// Build the set-cookie string:
cookie_string = "test_cookies=true; path=/; expires=" +
expiration_date.toUTCString();
// Create or update the cookie:
document.cookie = cookie_string;
I'm having trouble with cookies and getting some weird behavior. For now the cookie are set on sign in like so:
document.cookie = "cookie1=" + cookie1 + "; expires=0; path=/";
document.cookie = "basicAuth=" + basicAuth + "; expires=0; path=/";
document.cookie = "cookie2=" + cookie2 + "; expires=0; path=/"
That works fine. I have a sign out button in the header and on click it does the following:
document.cookie = "cookie1=";
document.cookie = "basicAuth=";
document.cookie = "cookie2=";
In the header script I have a simple check to see if cookie1 is empty and to hide the header nav bar and redirect to sign in if it is:
if (getCookie("cookie1") == "") {
$(".navbar").css({"display":"none"});
window.location.href = "/signin";
}
Right now I am able to log out effectively the first time, but logging back in and logging out again seems not to work properly. I still see the navbar and the redirect seems to only work selectively. Is there a better way to set or delete cookies?
When you delete a cookie, you should also add the date and path, and the date should be in the past to remove the cookie, so something like
document.cookie = "cookie1=; expires=Thu, 01 Jan 1970 00:00:01 GMT;";
The specification says
...to remove a cookie, the server returns a Set-Cookie header with an
expiration date in the past. The server will be successful in
removing the cookie only if the Path and the Domain attribute in the
Set-Cookie header match the values used when the cookie was created.
Cookies are generally easier to work with in Javascript if you use helper functions that set the name, value, UTC timestamp etc. for you, instead of doing it every time you set or get a cookie.
What you're doing just sets the cookie to an empty string, it's never really removed.
Using Javascript & Jquery, I'm creating a cookie on a click event, and then redirecting the user to another page. I'm doing that like this:
<script type="text/javascript">
$(".my-div").click(function() {
document.cookie ="answers=:" + myAnswers + "; path=/; domain=.mydomain.com;";
setTimeout("location.href = '/my-destination-page.php/';", 5000);
});
</script>
When I reach my-destination-page.php, I can see the cookie is set correctly in Google Developer Tools. However, PHP doesn't detect that it's set:
<?php
var_dump($_COOKIE['answers']);
?>
The above returns a big fat NULL.
Any ideas why this is happening?
try to change,
document.cookie ="answers=:" + myAnswers + "; path=/; domain=.mydomain.com;";
to
document.cookie ="answers=:" + myAnswers + "; expires=Thu, 12 Aug 2015 20:47:11 UTC;path=/; domain=.mydomain.com;";
and check
I didn't test your specific code -- but I know building raw cookie strings manually is a finicky, error prone thing. If you get something wrong the cookie processing code on the server (won't recognize your cookies).
Since you're already using jQuery, I'd try using the jQuery cookie plugin. Even if you don't want to deploy with this plugin, you can use it to set your cookie, examine the request headers, and determine where your cookie string is incorrect (or determine that your cookie strings is correct, and that your problem lies elsewhere)
I've created a cookie in Scala, which I would like Javascript to be able to delete and/or modify.
Here is how I created the cookie in Scala ensuring the httpOnly param is set to false: (
Sticky Cookies in Scala
)
I used the following method to delete the cookie in JavaScript, but the cookie does not delete.
( javascript - delete cookie )
Aside from attempting to delete the cookie, it doesn't seem like I can modify the contents of the cookie either.
How can I ensure the JavaScript can modify and delete the cookie created in Scala?
I fixed the issue.
I had to ensure that both the cookie created in Scala and the one deleted/modified in JavaScript both had the same path.
For example, in Scala:
new Cookie(sCookieID, sValue, Option(nSecondsExpire), "/", scala.None, false, false)
In JavaScript:
document.cookie = sCookieID + "=" + sValue+ "; " + sExpire + "; path=/";
Notice the path in both examples used "/". Once I used the same path, I was able to delete/modify the cookies in JavaScript. Before this I hadn't explicitly set the path in the JavaScript code.