I'd like to set an HTTP cookie for my users, in order to not bother them with having to log in every time.
What I want to know is this: if I set the cookie at a page other than the homepage for my website, then will that cookie be available when the user comes to my homepage the next time?
More generally, is it the case that I can set the cookie at any page of my website, and the cookie will be available to me whenever I want?
Thanks!
Cookies can be configured to be available on specific subdomains, specific paths and specific protocols (HTTPS only, for instance). Without you telling which language you're using, it's hard to tell the default behavior of your local Set-Cookie function, but I believe that most often, the default behavior is to make the cookie available to all subdomains and all paths.
So yes, if you set a cookie on a random page, it should be available to the home page, too.
Yes - once you set a cookie it will be accessible from the server as long as it is stored in the user's browser (hasn't expired or been deleted).
I found that if the cookie is being set via Javascript, then this can be determined via a simple parameter.
The example JS code (from here) sets a cookie, that is available across the site
$.cookie('the_cookie', 'the_value', {path: '/'});
Related
I'm trying to make integration of etherpad-lite in the CMS Plone, following Example 1 of the official documentation http://etherpad.org/doc/v1.2.7/
Portal places the cookie "sessionID" with the given value on the client and creates an iframe including the pad.
Everythings goes well except for the cookie. Reading documentation the best pratice seems to make etherpad-lite in the same domain under a specific path. This is what I have done using /pad/ path.
Plone side if no session has been created, I created on, I add a cookie and then I'm doing a redirect to the same page to be sure the cookie is in the browser.
As a results my cookie is added to the request of the main page but not ob the iframe request.
Here is the google chrome console network tab for the main page and the iframe:
http://toutpt.makina-corpus.org/en/images/cookie-in-iframe/
The code corresponding to the setCookie is at https://github.com/toutpt/collective.etherpad/blob/master/collective/etherpad/archetypes.py#L100
For posterity, here's the answer from #AskoSoukka identified and "accepted" in the comments above:
How does the actual cookie stored in you browser look like? Probably, you need to explicitly specify path="/" in setCookie kwargs to make it work for the whole domain.
We are developing a Kohana Framework-based website with multiple subdomains, using the subdomain prefix value as the key for content and configuration filters...
This works great until a user with an active session to one of the subdomains visits a parent domain... Then they get a combination of BOTH cookies from each domain, which can lead to undesireable effects (parent domain settings inherited by subdomains).
For instance, I go to https://test.ourdomain.com and get a cookie with a session ID in it. All further requests to this URL or folders/files under this host have that cookie sent with the request in the headers. When I then go to https://sub.test.ourdomain.com, BOTH the cookie generated for that URL, PLUS the cookie generated for the parent url (test.ourdomain.com) is propogated. These cookies contain identically keyed information with varying values, and sometimes the values for the parent override the one for the child, producing undesireable effects on the child.
Preferably using Kohana's cookie settings, what can I do to limit the cookie propogation from parent domains to children?
You can set cookie settings in your bootstrap.php file.
By the looks of the documentation, you should be able to append Cookie::$domain = "test.ourdomain.com"; or Cookie::$domain = "sub.test.ourdomain.com"; to the end of your bootstrap.php file.
This should apply globally where ever cookies are used (including native and cookie-based sessions). You might have to clear your current cookies when making this change before noticing its effects.
Edit: Just realized how old the question is, hopefully this can solve any future questions.
Has anyone had a problem in running domain level cookies with Akamai implementation?
The site issues a domain level cookie which contains 2 values which are used by other apps.
With Akamai in the mix, the cookie never gets generated. When I take Akamai out of the mix, everything works fine. Not sure if anyone else has seen this behavior. I am not clear on how Akamai handles cookies.
Akamai, by default, strips cookies from cached resources.
The logic (quit sensibly) is that cookies are designed to be specific to each browser/user, so caching them makes no sense.
My advice:
1. Check if the resource in question is being cached. You can use the Akamai browser plugins for this
2. Think carefully why you would want cookies in a cached resource
3. If you are sure you do want these cookies, contact Akamai. They can change this behaviour for you
As an alternative, you can still cache those pages: you'd need to define the cookies in an uncached URL, which should be called inside the cached pages, for example, as a tag.
That way you can do redirects, AJAX calls, or DOM manipulation from JS depending on cookies from within cached pages.
I have created a basic but extensive javascript-html page that depends on cookies to keep user information. It runs perfectly on my computer (MAC - Firefox) but when loaded into my hosted web site (the page is in my domain) the cookies are not being written when the page is opened.
I was hoping that by keeping all the programming in javascript I could get some basic interactivity. Is this assumption wrong? Must the cookies be written using PHP?
My cookie writes are very vanilla.
document.cookie = cookieArray[ja]+expires+"; path=/"; // writes cookie data into browser.
update
well cookies are now being written since I added "path=/; domain=.my.org". But now there is one other problem.
It seems that safari and Firefox write the cookies in reverse order to each other. I create the cookies by altering an array then simply stepping thru the array to write the cookies. I was hoping that I could simply read the cookies one by one and keep the order. Ah well.
Did you added the ";" between cookieArray[ja] and expires?
document.cookie = 'cookie-name=cookie-value; expires=Thu, 01-Jan-70 00:00:01 GMT;';
Also the cookieArray[ja] have to contain the cookie-name.
Do you really need the path? This parameter is also optional.
Cookies are, by default, available to all other files in the same directory the cookie was created in.
http://www.comptechdoc.org/independent/web/cgi/javamanual/javacookie.html
I have two pages on two different domains example1.blogspot.com (a Blogspot blog) and example2.com (my own domain, static page). Both pages contain an iframe which loads the same document from a third domain, example.org. The iframe's document contains a small JS web app which calls example.org via AJAX, one of the calls is a POST request and the server sets a cookie with the response.
Upon reloading the pages, the cookie on example1.com seems gone, i.e. jQuery's $.cookie() returns null. On example2.com, everything is fine. This happens only in IE7 - IE6, Safari and Firefox all behave as expected. What's wrong with IE7?
Thanks, Simon
edit:
Oh well, stupid me ;-) It looks like I have a race condition between some event handlers and a window.setTimeout call when deciding whether to check for cookies...sorry!
So if $.cookie() returns null, What does document.cookie show? Also have you taken a look in IE7's list of cookies to see if the cookie is actually there? Also check that PATH and DOMAIN settings on the cookie are correct.