tags:

views:

48

answers:

4
Q: 

Creating a cookie using PHP but having difficulty reading from javascript

I have set my cookie in PHP using the following:

setcookie("id", 100, time()+100000, "/AP", "www.mydomain.com", 0, true);

When I look at the cookies stored in the browser it looks like this:

Name:    id
Content: 100
Domain:  .www.mydomain.com
Path:    /AP

Notice the . in the Domain

When I set a cookie in javascript I get the same results except:

Name:    id
Content: 100
Domain:  www.mydomain.com
Path:    /AP

The domain is different. Why does my PHP cookie put a '.' in front of www.mydomain.com and javascript does not.

The following is the javascript code that I'm using to create a cookie:

            function SetCookie(cookieName,cookieValue,nDays) {
             var today = new Date();
             var expire = new Date();
             if (nDays==null || nDays==0) nDays=1;
             expire.setTime(today.getTime() + 3600000*24*nDays);
             document.cookie = cookieName+"="+escape(cookieValue)
                             + ";expires="+expire.toGMTString();
        }

Any ideas?

Update:

When I try to read this using the following function in javascript:

            function ReadCookie(cookieName) {
             var theCookie=""+document.cookie;
             var ind=theCookie.indexOf(cookieName);
             if (ind==-1 || cookieName=="") return "";
             var ind1=theCookie.indexOf(';',ind);
             if (ind1==-1) ind1=theCookie.length;
             return unescape(theCookie.substring(ind+cookieName.length+1,ind1));
        }

I can't get the value using the ReadCookie function (above) from the cookie that contains:

Domain: .www.mydomain.com

However the cookie that contains:

Domain: www.mydomain.com

works just fine.

A: 

A cookie with domain .www.mydomain.com is sent not only to www.mydomain.com, but also to subdomain.www.domain.com, sub.subdomain.www.domain.com and so on.

However, I can't reproduce the behavior you mention:

a.php

<?php
setcookie("id", 100, time()+100000, "/AP", "www.mydomain.com", 0, true);

HTTP request:

GET /a HTTP/1.1
Host: localhost:81
 
HTTP/1.1 200 OK
Date: Tue, 03 Aug 2010 03:49:59 GMT
Server: Apache/2.2.13 (Win32) PHP/5.3.0
X-Powered-By: PHP/5.3.0
Set-Cookie: id=100; expires=Wed, 04-Aug-2010 07:36:41 GMT; path=/AP; domain=www.mydomain.com; httponly
Content-Length: 0
Content-Type: text/html
Artefacto  2010-08-03 03:44:14
A: 

Why does my PHP cookie put a '.' in front of www.mydomain.com and javascript does not.

PHP's probably doing it for compatibility reasons. This may vary between PHP versions.

The dot at the front means that the cookie should not just be assigned to the specified hostname, but also to any sub-domains below that hostname.

So a cookie set for .www.example.com should work on both www.example.com and site1.www.example.com.

thomasrutter  2010-08-03 03:52:49
A: 

I'm going to answer this question just so I can mark an answer, however the credit goes to: munch. If he puts an answer to this question I will delete this and use his answer. Please do not "up" vote my answer. Please "up" vote his comment under my original question.

The answer that munch gave:

@Jeff V: You're settings the cookie to http only, meaning javascript cannot interact with it. Remove the last parameter of setcookie or set it to false and you should be able to access it using javascript.

I immediately tried that and low and behold it worked! After wards I wanted to find out what they heck he was talking about. So I went to: http://php.net/manual/en/function.setcookie.php to find out what this HTTP parameter was all about.

httponly

When TRUE the cookie will be made accessible only through the HTTP protocol. This means that the cookie won't be accessible by scripting languages, such as JavaScript. This setting can effectively help to reduce identity theft through XSS attacks (although it is not supported by all browsers). Added in PHP 5.2.0. TRUE or FALSE

munch was absolutely right. Please up his comment when reading this.

Jeff V  2010-08-03 14:30:45
+1  A: 

So someone with the same problem can easily find the answer in the future. Here's my comment in answer form:

You're settings the cookie to httponly, meaning javascript cannot interact with it. Remove the last parameter of setcookie or set it to false and you should be able to access it using javascript. 

setcookie("id", 100, time()+100000, "/AP", "www.mydomain.com", false, false);

Glad I could help!

munch  2010-08-03 17:55:13

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases