I have set my cookie in PHP using the following:
setcookie("id", 100, time()+100000, "/AP", "www.mydomain.com", 0, true);
When I look at the cookies stored in the browser it looks like this:
Name开发者_运维技巧: id
Content: 100
Domain: .www.mydomain.com
Path: /AP
Notice the . in the Domain
When I set a cookie in javascript I get the same results except:
Name: id
Content: 100
Domain: www.mydomain.com
Path: /AP
The domain is different. Why does my PHP cookie put a '.' in front of www.mydomain.com and javascript does not.
The following is the javascript code that I'm using to create a cookie:
function SetCookie(cookieName,cookieValue,nDays) {
var today = new Date();
var expire = new Date();
if (nDays==null || nDays==0) nDays=1;
expire.setTime(today.getTime() + 3600000*24*nDays);
document.cookie = cookieName+"="+escape(cookieValue)
+ ";expires="+expire.toGMTString();
}
Any ideas?
Update:
When I try to read this using the following function in javascript:
function ReadCookie(cookieName) {
var theCookie=""+document.cookie;
var ind=theCookie.indexOf(cookieName);
if (ind==-1 || cookieName=="") return "";
var ind1=theCookie.indexOf(';',ind);
if (ind1==-1) ind1=theCookie.length;
return unescape(theCookie.substring(ind+cookieName.length+1,ind1));
}
I can't get the value using the ReadCookie function (above) from the cookie that contains:
Domain: .www.mydomain.com
However the cookie that contains:
Domain: www.mydomain.com
works just fine.
So someone with the same problem can easily find the answer in the future. Here's my comment in answer form:
You're settings the cookie to httponly, meaning javascript cannot interact with it. Remove the last parameter of setcookie
or set it to false
and you should be able to access it using javascript.
setcookie("id", 100, time()+100000, "/AP", "www.mydomain.com", false, false);
Glad I could help!
A cookie with domain .www.mydomain.com
is sent not only to www.mydomain.com
, but also to subdomain.www.domain.com
, sub.subdomain.www.domain.com
and so on.
However, I can't reproduce the behavior you mention:
a.php
<?php
setcookie("id", 100, time()+100000, "/AP", "www.mydomain.com", 0, true);
HTTP request:
GET /a HTTP/1.1 Host: localhost:81 HTTP/1.1 200 OK Date: Tue, 03 Aug 2010 03:49:59 GMT Server: Apache/2.2.13 (Win32) PHP/5.3.0 X-Powered-By: PHP/5.3.0 Set-Cookie: id=100; expires=Wed, 04-Aug-2010 07:36:41 GMT; path=/AP; domain=www.mydomain.com; httponly Content-Length: 0 Content-Type: text/html
Why does my PHP cookie put a '.' in front of www.mydomain.com and javascript does not.
PHP's probably doing it for compatibility reasons. This may vary between PHP versions.
The dot at the front means that the cookie should not just be assigned to the specified hostname, but also to any sub-domains below that hostname.
So a cookie set for .www.example.com
should work on both www.example.com
and site1.www.example.com
.
I'm going to answer this question just so I can mark an answer, however the credit goes to: munch. If he puts an answer to this question I will delete this and use his answer. Please do not "up" vote my answer. Please "up" vote his comment under my original question.
The answer that munch gave:
@Jeff V: You're settings the cookie to http only, meaning javascript cannot interact with it. Remove the last parameter of setcookie or set it to false and you should be able to access it using javascript.
I immediately tried that and low and behold it worked! After wards I wanted to find out what they heck he was talking about. So I went to: http://php.net/manual/en/function.setcookie.php to find out what this HTTP parameter was all about.
httponly
When TRUE the cookie will be made accessible only through the HTTP protocol. This means that the cookie won't be accessible by scripting languages, such as JavaScript. This setting can effectively help to reduce identity theft through XSS attacks (although it is not supported by all browsers). Added in PHP 5.2.0. TRUE or FALSE
munch was absolutely right. Please up his comment when reading this.
精彩评论