I want to reset all previous cookie for particular domain.
Is there any way so I can get all the cookie for particular domain? Right now cookie I have cookies for google and my site. I want cookies only for my site.
Expiring ( removing ) a cookie uses the same command as creating a cookie. The cookie value is left blank and the expiration time needs to be in the past.
To expire the cookie ‘mycookie’ use:
setcookie('mycookie','',1);
To retrieve cookie information, use:
// Print a cookie
echo $_COOKIE["mycookie"];
// View all cookies
print_r($_COOKIE);
You cannot get any more information than the information you store in the cookie. The cookie is not stored on the server, but on the client computer, that is the immediate reason why you can't get more information about the cookie.
I hope this is sufficient information to be an answer to you.
Related
Ive made some configurations to (finally) have my cookies set on HTTP only.
"Seem" to work.
Ive tried them with postman and I have the following:
When I hit the login page:
On the cookies section, my cookie with name JSESSIONID appears to be HTTP only (it has the check)
When I enter to the logged area , the same result...
The headers dont give me more details.
Then,
I check it with google chrome. I open the developers toolbar.
I load the login page.
At the headers on the response headers I get
Set-Cookie: JSESSIONID=434434..... HttpOnly
So, its fine (I guess).
Then I reload the page (or sign in).
Then the problem:
No response headers received.
The Request Headers brings my cookie (with the same ID at then the previous one) without the httponly, host info or any other cookie value I set before.
At the cookies tab I get Request Cookies only and no Response cookie.
And the request cookie is non http-only
At my resources tab, the Cookie is there, as HTTP only and with the previous values I set.
My question now is... Is it a really http-only cookie? Or my configuration is not properly set?
Should I always get the response cookie or the request cookie should be always http-only (In case I am trying to set it as http-only) or is this behavior normal (or at least accepted) ?
When I try to print my cookie with Javascript at both scenarios I get a null as response (what makes me think then it is correct).
Ideas?
Client doesn't send cookie attributes other than name and value back to server.
See also RFC6265 section 4.2.2 (emphasis mine).
4.2.2. Semantics
Each cookie-pair represents a cookie stored by the user agent. The
cookie-pair contains the cookie-name and cookie-value the user agent
received in the Set-Cookie header.
Notice that the cookie attributes are not returned. In particular,
the server cannot determine from the Cookie header alone when a
cookie will expire, for which hosts the cookie is valid, for which
paths the cookie is valid, or whether the cookie was set with the
Secure or HttpOnly attributes.
Everything's behaving as specified.
In my application I have filter that sets cookie:
HttpContext.Response.Cookies.Append("myCookie", "value")
When I print cookie value in my view:
HttpContext.Request.Cookies["myCookie"];
it is not there. If I refresh page cookie is set. This happens because using Response.Cookies.Append does not update Request.Cookies collection. Is there way to view current cookies with changes made during request?
In my web application I have IAsyncActionFilter, that updates cookie, however corrected value is visible only after page is refreshed, and I would like to finish current request with new value. I know that it will be set by browser when response finishes, but I already know that I have new value for that cookie, and I would like to propagate this value to views reading cookies.
No. This is how cookies work. They are sourced from the client. In other words, the cookie is set by the client after it receives the response from the server with the Set-Cookie header. It's then only after the client makes another request, sending the cookie back, that it exists server-side. It's not clear what you're trying to achieve ultimately here, but you need to force a new request after setting a cookie, to access that cookie, even if that's simply returning a redirect to the same page.
When I'm logged in to a google account, site responses contain this cookie:
set-cookie:SIDCC=xxx; expires=Mon, 27-Nov-2017 06:12:16 GMT; path=/; domain=.google.com; priority=high
However when I restart Chrome and visit same site, no cookie is sent. Why is that? I thought that expires makes it persistent.
There and multiple cookies are generated by the server and cookies are stored on the browser.
There are few cookies are having the short expiry and some have the long expiry. If cookie gets expired (deleted from the browser) then the browser will not append that cookie in the request. So sever again set the cookie on the browser.
Since cookie are generated by the server and cookies are used by the server so whenever the server wants to set cookie it can change. Usually, some cookies are persistent and some are not persistent always.
So there will be a case some cookie is stored for a long time duration but server used to the keep on changing. So, In that case, it will set the cookie again.
As per your example, this SIDCC cookie is used by the google apps. So this cookie is kept on changing the other cookie like SID and HSID are not changing on browser reopen. There few cookies like NID, SAPISID, and Compass is also changing. The SAPISID is changing after the few transaction or after a particular transaction.
Wicket saves jsessionid (actually tomcat does that) , now can I make those jsessionid cookies as persistent cookies and can I use them to make the user login next time he/she visits my page .
The idea behind 'JSESSIONID' cookie is to track a live user session.
Once this session is expired at the server side, i.e. inside Tomcat, the cookie becomes useless. The browser will send it to the web server and there it will be ignored.
What you ask for is "RememberMe" cookie. This cookie usually brings encrypted information about the user. If the user session is expired then the application will forward you to the login page. During this process the application may check for such RememberMe cookie and use it to auto-login this user without asking for her credentials.
Apache Wicket provides DefaultAuthenticationStrategy with support for RememberMe cookie. See wicket-auth-roles SingInPanel.java and the source code for http://examples6x.wicket.apache.org/authentication3 to see how it works. You could also use Spring Security, Apache Shiro, Stormpath, etc. for the same functionality if you decide so!
I found out that for some users of my website the _ga (client id) cookie is empty while I really need it in my script for 100% of users.
I found this out by logging what's happening in my PHP script. This is strange to me, because for me the _ga cookie is always present, no matter which browser I use.
1) Why can the _ga cookie be empty?
2) Is there any way to force creating it? Or maybe there is another way to find out the client id of the user on the server-side?
If javascript or cookies are disabled on client browser cookies always will be empty. You can implement additional logic on server to form an id from IP and/or User-Agent header of request if cookies are empty.