I simply try to set cookie when form is submitted but it seems that the function sets
cookie on every refresh of page
function Sub(){
var exdays="3000";
var value="asdf";
var exdate=new Date();
var c_name="asdf";
exdate.setDate(exdate.getDate() + exdays);
var c_value=escape(value) + ((exdays==null) ? "" : "; expires="+exdate.toUTCString());
document.cookie=c_name + "=" + c_value;
alert("asdf"); //just for debugging
return true; }
</SCRIPT>
<form id="myform" action="http://localhost" onsubmit="return Sub();">
The cookie will be sent by the browser on each request for the same URL until it is deleted, it expires, or for session cookies, until a new session is created.
You're setting an expiration, so it's not a session cookie. So your browser will send the cookie on each page load to that URL, regardless of whether you clicked something or not.
Try removing the expiration date, clearing your cookie cache, and restarting your browser.
The cookie will not be present until you submit once. Then the cookie will be present until you close your session (restart the browser).
Do you mean the cookie is changed on every reload or that the cookie exists?
I am assuming here that you are using the cookie to send a bit of information to the server along with the form.
Cookies are persistent, and will stick around until they are changed. It might make more sense to have a hidden field in the form, and change the value of that, instead of setting a cookie.
Related
I'm setting a "SESSION" cookie via JS:
var d = new Date();
d.setTime(d.getTime() + (2*24*60*60*1000));
var expires = "expires="+ d.toUTCString();
document.cookie = cookie.name + "=" + cookie.value +";"+ expires + ";
path="+cookie.path+";domain="+data.shared_domain+";";
Then I'm deleting the cookie by making it expire, via JS:
document.cookie = "SESSION=; expires=Thu, 01 Jan 1971 00:00:01 UTC; path=/;domain="+domain;
After doing this, console.log(document.cookie) will return all other cookies except this one, which is what I would expect.
On the other hand, I am doing session checks via PHP, trying to read the cookie by doing $_COOKIE["SESSION"].
isset($_COOKIE["SESSION"]) will return true, and I can read the old value of the cookie. No matter how many times I refresh the page, it still reads it.
Am I misunderstanding how cookies work? Is there another way to check if a cookie has expired in PHP?
Update:
Yes, the problem is that the cookie has an HttpOnly flag.
So now I'm trying to delete it via PHP. Based on this other question, I do:
setcookie("SESSION", "", time()-3600);
if (isset($_COOKIE['SESSION'])) unset($_COOKIE['SESSION']);
When I'm done, I check that it's gone with a quick var_dump($_COOKIE), and yes, it is nowhere to be seen.
Except that Chrome still sees it (expired in 1969), and when I navigate to another part of the site, checking for that cookie will return a value.
I will add one extra piece of information, in case it makes a difference: This cookie is shared by sub.domain.com and app.sub.domain.com. When I set it, I set it for .domain.com. And I unset it for .domain.com as well.
How can I get rid of that cookie for good?
It's not clear how you're creating the cookie in the first place; I assume using PHP's session handler, but you haven't specified.
Either way, it is likely being generated with cookie security settings that limit access to it from the JavaScript. This setting is called httpOnly and is typically used on session cookies and other similar cookie data that is intended for use only by the server-side code.
If this cookie setting has been set (and any good session handler will have set it), then you simply won't be able to set or unset this cookie from the browser; you will have to do it from your PHP code.
For more info on this topic, see this wikipedia article: https://en.wikipedia.org/wiki/Secure_cookie
Is there a way to get the value of a cookie set by Javascript inside the Yii 2 framework?
Using this code
if(Yii::$app->getRequest()->getCookies()->has('HELLO'))
{
die("YES COOKIE");
}
else
{
die("NO COOKIE");
}
And I am seeing the HELLO cookie has been set when I inspect. However, the code is returning NO COOKIE.
The cookie was set with Javascript like so
function setCookie(cname, cvalue, exdays) {
var d = new Date();
d.setTime(d.getTime() + (exdays*24*60*60*1000));
var expires = "expires="+ d.toUTCString();
document.cookie = cname + "=" + cvalue + ";" + expires + ";path=/";
}
cookies you set in javascript won't pass yii validation when you attempt to access them.
the whole purpose of the validation is to ensure that cookies that yii reads and writes are not tampered with.
i dont know your exact use case, but if you need a client action to set cookie data, i'd prefer to set it via an ajax request.
if it's not something sensitive (like getting a tab state or smth), use the $_COOKIE global to access it.
or, the nuclear option, disable cookie validation altogether in application config
docs could help you out here
I want to use a cookie to create a session where it expires when the user closes the browser window. All of the posts online says the way to do so is to remove the expires attribute from the cookie. But I tried to do that and that did not work.
I have the following cookie string:
example=true;path=/
Note that I did not set the expires attribute.
What happens is that the expires attribute gets set to 1 year from now.
Try setting this cookie with expires=0.
session_set_cookie_params($expire, $path, $domain, $secure, true);
// Open
session_set_cookie_params(0, '/', '.example', false, false);
// Locked Down
session_set_cookie_params('o, /forums', 'www.example.com', isset($_SERVER["HTTPS"]), true)
I have a function that request a data for the user one time. I need reload the page after save these data in a cookie and server read these cookie, but i dont know if these cookie are defined or not. ¿How i reload only one time if i dont have a counter and dont like use parameter? the referrer dont change with reload.
I now have this methot, but i like change for remove parameters:
function getURLParameter(name) {
return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search) || [, ""])[1].replace(/\+/g, '%20')) || null
}
if (getURLParameter('reload') != 'true') {
//here have function for load cookie
window.location = window.location.href + '?reload=true';
}
HTTP is a stateless protocol, which mean there is not way - within the protocol - to know the state of a request. For instance : is it the first time it's launched or the second time ?
Usual workarounds are adding a parameter to the request, as you suggests or using a cookie on the browser's side. This is how sessions are implemented in platforms like Java EE or PHP.
Why don't you test for another cookie like 'never been reloaded', if it does not exists : create this cookie and reload the page.
The tricky part is when should you delete the cookie, ie : when does your business logic wants you to reload the page again ? That's up to you to decide.
I am attempting to set a cookie on a particular page to be read on another page. I wish to know why the other page is not being sent the cookie. Examining what is going on shows that the cookie is being set, but is not being sent to the server. My understanding was that if the path of a cookie is not set, the cookie will be sent to any page on the domain, though I tried adding path=/ to the cookie in case that would help anyhow. Opera has the cookie tagged as "Only sent to creator" for whatever reason. I'm sure I'm missing something simple.
<script type="text/javascript">
function setCookie(c_name,value,expiredays)
{
var exdate=new Date();
exdate.setDate(exdate.getDate()+expiredays);
document.cookie=c_name+ "=" +escape(value)+((expiredays==null) ? "" : "; expires="+exdate.toGMTString());
}
setCookie("mycookie",document.location.href,7);
</script>
http://www.site.com/Folder/subfolder/page.aspx - Cookie set here
http://www.site.com/folder/page.aspx - Cookie should be sent here. Why isn't it?
As you said yourself, add the path:
document.cookie=c_name+ "=" +escape(value)+((expiredays==null) ? "" : "; expires="+exdate.toGMTString()+" ;path=/");
If it's not working, clear all cookies and start again. Old cookies without the path set might be messing something up.
It certainly won't work without explicitly setting path; it certainly should work if you are setting the path.