NotionCommotion Posted November 10, 2014 Share Posted November 10, 2014 First of all, does anyone know of some good documentation to better understand cookies? I've gone through the PHP manual, and can find how to use PHP to work with cookies, but not how cookies really work. In particular, it is my understanding that if the domain is .mydomain.com, then mydomain.com, www.mydomain.com, or whatEver.mydomain.com, cookies could be set for each, and available for each, right? If path was /, cookies will be sent for mydomain.com, mydomain.com/bla, and mydomain.com/bla/bla. If path was /bla, cookies will be not be sent for mydomain.com, but will be sent for mydomain.com and mydomain.com/bla/bla. Also, what would be the impact if Apache rewrote bla.mydomain.com to mydomain.com/bla? Please feel free to provide any other insight on this topic. Thank you Quote Link to comment https://forums.phpfreaks.com/topic/292398-help-understanding-cookies-domains-and-paths/ Share on other sites More sharing options...
requinix Posted November 10, 2014 Share Posted November 10, 2014 An article about cookies tl;dr: - Cookie domain matches the tail end of the hostname - Cookie path matches the beginning of the path For rewriting, everything happens according to what the browser sees. It doesn't know (or care) about the fact that the URL is being rewritten somewhere else. Quote Link to comment https://forums.phpfreaks.com/topic/292398-help-understanding-cookies-domains-and-paths/#findComment-1496285 Share on other sites More sharing options...
QuickOldCar Posted November 11, 2014 Share Posted November 11, 2014 Cookies are domain restricted, could be a host or subdomain. http://tools.ietf.org/html/rfc6265 *A Set-Cookie from request-host y.x.foo.com for Domain=.foo.com would be rejected, because H is y.x and contains a dot. * A Set-Cookie from request-host x.foo.com for Domain=.foo.com would be accepted. * A Set-Cookie with Domain=.com or Domain=.com., will always be rejected, because there is no embedded dot. * A Set-Cookie with Domain=ajax.com will be rejected because the value for Domain does not begin with a dot. Is a trick to add a cookie multiple domains. On site1.com add this. <img src="http://site2.com/set-cookie.php" style="display:none;" /> <img src="http://site3.com/set-cookie.php" style="display:none;" /> Is also other methods using js or ajax to send cookie data, but I'd be a little weary any sensitive data. Quote Link to comment https://forums.phpfreaks.com/topic/292398-help-understanding-cookies-domains-and-paths/#findComment-1496286 Share on other sites More sharing options...
NotionCommotion Posted November 11, 2014 Author Share Posted November 11, 2014 An article about cookies tl;dr: - Cookie domain matches the tail end of the hostname - Cookie path matches the beginning of the path For rewriting, everything happens according to what the browser sees. It doesn't know (or care) about the fact that the URL is being rewritten somewhere else. Thanks requinix, I haven't read the article yet, but first glance indicates it is better than others I have read. Thank you In hindsight, totally agree about your remark about what the browser sees, and don't know why I asked the question. Thank you Didn't recall the tl;dr; acronym, so promptly looked it up. tl;dr Literally, "Too long; didn't read" Said whenever a nerd makes a post that is too long to bother reading. "omg you postwench. i can only say one thing in response - tl;dr" "tl;dr...why dont you give up on your unabridged edition of War and Peace or at least stop posting it here?" Okay, I obviously read the wrong definition! Do you mind giving a couple of examples of cookie domains which match the tail end of the hostname, and cookie paths which match the beginning of the path. Thanks! Quote Link to comment https://forums.phpfreaks.com/topic/292398-help-understanding-cookies-domains-and-paths/#findComment-1496287 Share on other sites More sharing options...
QuickOldCar Posted November 11, 2014 Share Posted November 11, 2014 (edited) Took me a bit to find this, I did this for a multi-wordpress site in where i had to set the video sizes the same across all subdomains in a plugin. <script> function setCookie(c_name,value,exdays,domain,path){ var exdate=new Date(); exdate.setDate(exdate.getDate() + exdays); var c_value=escape(value) + ((exdays==null) ? "" : ("; expires="+exdate.toUTCString())); cookie=c_name + "=" + c_value; if (domain){ cookie += "domain=" + domain + ";"; } if (path){ cookie += "path=" + path + ";"; } document.cookie=cookie; } setCookie("screen_width",winW,60,"/",".domain.com"); setCookie("screen_height",winH,60,"/",".domain.com"); </script> Edited November 11, 2014 by QuickOldCar Quote Link to comment https://forums.phpfreaks.com/topic/292398-help-understanding-cookies-domains-and-paths/#findComment-1496288 Share on other sites More sharing options...
NotionCommotion Posted November 11, 2014 Author Share Posted November 11, 2014 Cookies are domain restricted, could be a host or subdomain. http://tools.ietf.org/html/rfc6265 *A Set-Cookie from request-host y.x.foo.com for Domain=.foo.com would be rejected, because H is y.x and contains a dot. * A Set-Cookie from request-host x.foo.com for Domain=.foo.com would be accepted. * A Set-Cookie with Domain=.com or Domain=.com., will always be rejected, because there is no embedded dot. * A Set-Cookie with Domain=ajax.com will be rejected because the value for Domain does not begin with a dot. Is a trick to add a cookie multiple domains. On site1.com add this. <img src="http://site2.com/set-cookie.php" style="display:none;" /> <img src="http://site3.com/set-cookie.php" style="display:none;" /> Is also other methods using js or ajax to send cookie data, but I'd be a little weary any sensitive data. Please elaborate on "Cookies are domain restricted, could be a host or subdomain." Nice article! I was expecting such good reading Good examples. Please elaborate on what "Is a trick to add a cookie multiple domains." is doing. Thanks! Quote Link to comment https://forums.phpfreaks.com/topic/292398-help-understanding-cookies-domains-and-paths/#findComment-1496289 Share on other sites More sharing options...
QuickOldCar Posted November 11, 2014 Share Posted November 11, 2014 Please elaborate on "Cookies are domain restricted, could be a host or subdomain." If you set a cookie for a subdomain.domain.com it only works for that. If you set the cookie as .domain.com will work for all. Please elaborate on what "Is a trick to add a cookie multiple domains." is doing. Cookies can only be set from the same domain. Placing it there as an image with no style could load that script in the background so can add additional domains. Quote Link to comment https://forums.phpfreaks.com/topic/292398-help-understanding-cookies-domains-and-paths/#findComment-1496291 Share on other sites More sharing options...
NotionCommotion Posted November 11, 2014 Author Share Posted November 11, 2014 Cookies can only be set from the same domain. Placing it there as an image with no style could load that script in the background so can add additional domains. Sneaky! What would be the purpose of doing so? Quote Link to comment https://forums.phpfreaks.com/topic/292398-help-understanding-cookies-domains-and-paths/#findComment-1496299 Share on other sites More sharing options...
QuickOldCar Posted November 11, 2014 Share Posted November 11, 2014 One of your companion sites would be a good reason, so don't need additional registration and logins Quote Link to comment https://forums.phpfreaks.com/topic/292398-help-understanding-cookies-domains-and-paths/#findComment-1496302 Share on other sites More sharing options...
NotionCommotion Posted November 11, 2014 Author Share Posted November 11, 2014 Makes sense. Thanks Quote Link to comment https://forums.phpfreaks.com/topic/292398-help-understanding-cookies-domains-and-paths/#findComment-1496308 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.