Mobile browser(chrome, safari) not killing cookies with expire time set to '0', Same cookie persists when browser is reopened...
Cookies must be deleted with the same parameters as they were set with. If the value argument is an empty string, or FALSE, and all other arguments match a previous call to setcookie, then the cookie with the specified name will be deleted from the remote client. This is internally achieved by setting value to 'deleted' and expiration time to one year in past.
From the official manual: http://php.net/manual/en/function.setcookie.php
Related
I don't remember password of the email account in my office (so my superior do). I said him 'no problemo' and saved the cookie, to open the same account at home, but now the browser seem to disagree with me when I try to equal document.cookie with the cookie I saved as a string. It set the cookie default every time.
What me to do to open that account?
Cookies are valid only for a session, not for the lifetime of the account. If your account auto-logs out after say 20 minutes, the cookie is meaningless after that. Cookies are so that you don't have to relogin for every single request within that time span.
I set session cookies but it creates new cookies. I'm tired of this Do you know how to fix it?
Code:
document.cookie = ".ROBLOSECURITY=cookie; expires=session; path=/";
Let's check documentation
;domain=domain (e.g., 'example.com' or 'subdomain.example.com'). If
not specified, this defaults to the host portion of the current
document location. Contrary to earlier specifications, leading dots in
domain names are ignored, but browsers may decline to set the cookie
containing such dots. If a domain is specified, subdomains are always
included.
Note: The domain must match the domain of the JavaScript
origin. Setting cookies to foreign domains will be silently ignored.
Your first cookie with domain www.roblox.com will be accessible only at www.roblox.com/... page but .roblox.com's cookie may be accessed by JS from all roblox.com subdomains.
Here is a good answer
So as #smac89 wrote in comment, You should add domain when create new cookie
document.cookie = ".ROBLOSECURITY=cookie; expires=session; path=/; domain=.roblox.com"
There is no syntax for what you want.
You can either not set the expiration value, the cookie will expire at the end of the session, or choose an arbitrarily large value.
Be aware that some browsers have problems with dates past 2038 (when the Unix epoch time exceeds a 32-bit integer).
See : https://stackoverflow.com/a/532660/1901857
I am using the following procedure to refresh linkedin oauth2 access tokens
https://developer.linkedin.com/docs/oauth2#refresh
After initiating the oauth procedure in the browser, the dialog is skipped as described, and a new code is issued which I then use to obtain a new, different access_token. However the expires_in field ( seconds till expiration ) is lesser than the one in the previous access_token it is in fact referencing the same expiration date.
This means that the expiration date effectively has not been extended, Which is the purpose of refreshing the access token.
Does refreshing an access token extend the expiration time ?
Or is there anything I am missing here ?
( perhaps the expiration date can only be extended after a certain time of usage ? )
The expires_in will always be the same as the previous access_token because expires_in is just the number of expires that the token will be valid for. I don't know what LinkedIn return for this value, but I'm guessing you are seeing a nice round number each time?
https://www.rfc-editor.org/rfc/rfc6749#section-4.2.2
expires_in
RECOMMENDED. The lifetime in seconds of the access token. For
example, the value "3600" denotes that the access token will
expire in one hour from the time the response was generated.
If omitted, the authorization server SHOULD provide the
expiration time via other means or document the default value.
I successfully set a cookie with javascript on one page like this:
..
I went to this article and took the code from it:
UPDATE :
**http://techpatterns.com/downloads/javascript_cookies.php**
The code works.. but I can set and read my cookie from one page only, when I go to the document root , the cookie isnt available there anymore..
I set my cookie when i am in a subfolder of my directory
I am also trying to set it this way:
document.cookie =
"landing_page_ref=" + encodeURIComponent("FBLND1") +
"; path=/; " ;
but i dont know where i am wrong
Session cookies (which are deleted when the browser is closed) are created by not specifying an explicit expiration time.
function setSessionCookie(c_name,value,exdays) {
document.cookie=c_name + "=" + escape(value);
}
That said, I'd use a robust cookie library to handle cookies rather than trying to roll-my-own.
There's no way to set a cookie to expire based on closing the browser and have an expiration time. That functionality is determined by the user's browser. If they have it set up to clear their cookies upon closing, then it will delete your cookie regardless of expiration time.
Your best bet would be setting the cookie to a relatively short lifetime (say 30 minutes or so) and refreshing that cookie on each page view. That would allow you to expire the cookie after 30 minutes of inactivity on your site. It's not quite the same thing, but as there's no way to enforce what you're looking for, it's a close second.
There are two type of cookies. persistent and session. Use session cookie for it. These cookies expire whenever you close your browser. To convert a persistent cookie to a session cookie just skip expire time.
I was wondering if there is a way to set multiple expire options for one cookie. For example, I want a cookie to expire when the user closes their browser and in 30 minutes.
Is this possible?
YAHOO.util.Cookie.setSubs("cookiename", cookieData, { expires: 0, expires: time() - 1800, path: "/", domain: "cbc.ca" });
From the RFC:
If an attribute appears more than once in a
cookie, the behavior is undefined.
There's no way to set up a cookie to expire like that; at least, there's no cross-browser way to do it. (Also, as far as I know the appropriate attribute is "Max-Age", not "expires"; maybe that name is part of the YUI api however.)
Expiring a session after a period of time is generally something that secure server-side code does on its own, and explicitly. (In other words, the session cookie is explicitly rejected as invalid if its timestamp indicates excessive age.)
You can have the cookie set the onload event, but you can not have two expire times. You can get the time the page unloads and then set the cookie for +30 minutes. But you Cant have the cookie set when the browser closes, you would need a plugin to do that, but when the page closes you can.