Re: [PHP] Setcookie()
On 12 Oct 2008, at 23:51, Micah Gersten wrote: The question is, why aren't you using a session variable instead of cookies? That's one of the greatest features of PHP. If you're able to use cookies instead of sessions, and the size of the data you're storing is fairly small, it's always better to use cookies. Sessions complicate scalability. Ben: The *only* restriction around use of setcookie is that there cannot be any *output* before it. You can have as much code as you want as long as it doesn't output anything. If your script outputs content before your business logic is done then (IMHO) it's wrong and needs to be rewritten anyway, regardless of the need to set a cookie. -Stut -- http://stut.net/ Ben Stones wrote: What I mean is I cannot use setcookie, I need to check if user credentials are correct first (which is BEFORE setcookie) and if so, set a cookie. I can't do that unless setcookie is first, but I need to check if the user credentials is correct. Furthermore I cannot use setcookie in the header as I want to display a message saying that they have successfully logged in in the correct area of my template. 2008/10/11 Per Jessen [EMAIL PROTECTED] Ben Stones wrote: I'm using cookies for my website script and upon users logging in a cookie is set. Problem for me is that the cookie doesn't work due to headers already sent. Is there anyway of fixing this because, there is no possible way of adding setcookie() to the top of the PHP file when the cookie is holding the username from the POSTed form. This must be a self imposed restriction on your side, coz' otherwise I see no problem. /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setcookie()
Hi, My problem was a headers already sent error, which I fixed by redirecting the form POST to a seperate file instead of the same login.php. Thanks for all your help! 2008/10/13 Stut [EMAIL PROTECTED] On 12 Oct 2008, at 23:51, Micah Gersten wrote: The question is, why aren't you using a session variable instead of cookies? That's one of the greatest features of PHP. If you're able to use cookies instead of sessions, and the size of the data you're storing is fairly small, it's always better to use cookies. Sessions complicate scalability. Ben: The *only* restriction around use of setcookie is that there cannot be any *output* before it. You can have as much code as you want as long as it doesn't output anything. If your script outputs content before your business logic is done then (IMHO) it's wrong and needs to be rewritten anyway, regardless of the need to set a cookie. -Stut -- http://stut.net/ Ben Stones wrote: What I mean is I cannot use setcookie, I need to check if user credentials are correct first (which is BEFORE setcookie) and if so, set a cookie. I can't do that unless setcookie is first, but I need to check if the user credentials is correct. Furthermore I cannot use setcookie in the header as I want to display a message saying that they have successfully logged in in the correct area of my template. 2008/10/11 Per Jessen [EMAIL PROTECTED] Ben Stones wrote: I'm using cookies for my website script and upon users logging in a cookie is set. Problem for me is that the cookie doesn't work due to headers already sent. Is there anyway of fixing this because, there is no possible way of adding setcookie() to the top of the PHP file when the cookie is holding the username from the POSTed form. This must be a self imposed restriction on your side, coz' otherwise I see no problem. /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setcookie()
On Sat, Oct 11, 2008 at 12:33 PM, Per Jessen [EMAIL PROTECTED] wrote: Ben Stones wrote: What I mean is I cannot use setcookie, I need to check if user credentials are correct first (which is BEFORE setcookie) and if so, set a cookie. I can't do that unless setcookie is first, but I need to check if the user credentials is correct. Furthermore I cannot use setcookie in the header as I want to display a message saying that they have successfully logged in in the correct area of my template. Well, I'm doing exactly that and it works just fine. This is a rough outline of the flow: GET login page (form with user and password fields) POST login page validate user+password, save in session setcookie(). redirect with 303 to welcome page GET welcome page /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Its likely just a little html or a blank line that is setting the headers before you are attempting to set the cookie -- Bastien Cat, the other other white meat
Re: [PHP] Setcookie()
The question is, why aren't you using a session variable instead of cookies? That's one of the greatest features of PHP. Thank you, Micah Gersten onShore Networks Internal Developer http://www.onshore.com Ben Stones wrote: What I mean is I cannot use setcookie, I need to check if user credentials are correct first (which is BEFORE setcookie) and if so, set a cookie. I can't do that unless setcookie is first, but I need to check if the user credentials is correct. Furthermore I cannot use setcookie in the header as I want to display a message saying that they have successfully logged in in the correct area of my template. 2008/10/11 Per Jessen [EMAIL PROTECTED] Ben Stones wrote: I'm using cookies for my website script and upon users logging in a cookie is set. Problem for me is that the cookie doesn't work due to headers already sent. Is there anyway of fixing this because, there is no possible way of adding setcookie() to the top of the PHP file when the cookie is holding the username from the POSTed form. This must be a self imposed restriction on your side, coz' otherwise I see no problem. /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setcookie()
Ben Stones wrote: I'm using cookies for my website script and upon users logging in a cookie is set. Problem for me is that the cookie doesn't work due to headers already sent. Is there anyway of fixing this because, there is no possible way of adding setcookie() to the top of the PHP file when the cookie is holding the username from the POSTed form. This must be a self imposed restriction on your side, coz' otherwise I see no problem. /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setcookie()
What I mean is I cannot use setcookie, I need to check if user credentials are correct first (which is BEFORE setcookie) and if so, set a cookie. I can't do that unless setcookie is first, but I need to check if the user credentials is correct. Furthermore I cannot use setcookie in the header as I want to display a message saying that they have successfully logged in in the correct area of my template. 2008/10/11 Per Jessen [EMAIL PROTECTED] Ben Stones wrote: I'm using cookies for my website script and upon users logging in a cookie is set. Problem for me is that the cookie doesn't work due to headers already sent. Is there anyway of fixing this because, there is no possible way of adding setcookie() to the top of the PHP file when the cookie is holding the username from the POSTed form. This must be a self imposed restriction on your side, coz' otherwise I see no problem. /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setcookie()
Ben Stones wrote: What I mean is I cannot use setcookie, I need to check if user credentials are correct first (which is BEFORE setcookie) and if so, set a cookie. I can't do that unless setcookie is first, but I need to check if the user credentials is correct. Furthermore I cannot use setcookie in the header as I want to display a message saying that they have successfully logged in in the correct area of my template. Well, I'm doing exactly that and it works just fine. This is a rough outline of the flow: GET login page (form with user and password fields) POST login page validate user+password, save in session setcookie(). redirect with 303 to welcome page GET welcome page /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie
body
?php setcookie('test', 45, time()+(60*60*24*7)); ?
from the doc:
Cookies are part of the HTTP header, so setcookie() must be called before
any output is sent to the browser. This is the same limitation that header()
has.
http://ca.php.net/cookies
- Original Message
From: Tim Daff [EMAIL PROTECTED]
To: php-general@lists.php.net
Sent: Wednesday, March 12, 2008 8:48:59 AM
Subject: [PHP] setcookie
Hi,
I am learning PHP, I am trying to set a simple cookie:
html
head
titleCookies/title
/head
body
?php setcookie('test', 45, time()+(60*60*24*7)); ?
/body
/html
Firefox is returning this error:
Warning: Cannot modify header information - headers already sent by
(output started at /Users/Daff/Sites/php_sandbox/cookies.php:7) in /
Users/Daff/Sites/php_sandbox/cookies.php on line 7
I have googled this and can't find out what I am doing wrong. Any
help you could give me would be much appreciated.
Tim
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now.
http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Re: [PHP] setcookie
On Wed, 12 Mar 2008, Tim Daff wrote:
Hi,
I am learning PHP, I am trying to set a simple cookie:
html
head
titleCookies/title
/head
body
?php setcookie('test', 45,
time()+(60*60*24*7)); ?
/body
/html
Firefox is returning this error:
Warning: Cannot modify header information - headers already sent by (output
started at /Users/Daff/Sites/php_sandbox/cookies.php:7) in
/Users/Daff/Sites/php_sandbox/cookies.php on line 7
I have googled this and can't find out what I am doing wrong. Any help you
could give me would be much appreciated.
Tim
setcookie from php.net states the following:
setcookie() defines a cookie to be sent along with the rest of the HTTP
headers. Like other headers, cookies must be sent before any output from
your script (this is a protocol restriction). This requires that you place
calls to this function prior to any output, including html and head
tags as well as any whitespace
call setcookie before you output ANY THING, even error
hope that helps.
t. hiep
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie
Firefox is returning this error: Warning: Cannot modify header information - headers already sent by (output started at /Users/Daff/Sites/php_sandbox/cookies.php:7) in /Users/Daff/Sites/php_sandbox/cookies.php on line 7 You must use set cookie() before you send any output to the browser, including whitespace. -- Richard Heyes Employ me: http://www.phpguru.org/cv -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie
Tim Daff wrote:
Hi,
I am learning PHP, I am trying to set a simple cookie:
html
head
titleCookies/title
/head
body
?php setcookie('test', 45, time()+(60*60*24*7)); ?
/body
/html
Firefox is returning this error:
Warning: Cannot modify header information - headers already sent by
(output started at /Users/Daff/Sites/php_sandbox/cookies.php:7) in
/Users/Daff/Sites/php_sandbox/cookies.php on line 7
I have googled this and can't find out what I am doing wrong. Any help
you could give me would be much appreciated.
Tim
?php setcookie('test', 45, time()+(60*60*24*7)); ?
html
head
titleCookies/title
/head
body
/body
/html
Cookies HAVE to be at the top of the page... You output ANYTHING else
and you get the error you wound up getting.
Wolf
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie
Even you cant put a space before ?php tag.
the following code will throw the same error.
| ?php
| setcookie();
| ?
Because I prepend a space for each line
But this will be okay
|?php
| setcookie();
| ?
This is a very common mistake and very very hard to find.
On Wed, Mar 12, 2008 at 7:53 AM, Jean-Christophe Roux [EMAIL PROTECTED]
wrote:
body
?php setcookie('test', 45, time()+(60*60*24*7)); ?
from the doc:
Cookies are part of the HTTP header, so setcookie() must be called
before any output is sent to the browser. This is the same limitation
that header() has.
http://ca.php.net/cookies
- Original Message
From: Tim Daff [EMAIL PROTECTED]
To: php-general@lists.php.net
Sent: Wednesday, March 12, 2008 8:48:59 AM
Subject: [PHP] setcookie
Hi,
I am learning PHP, I am trying to set a simple cookie:
html
head
titleCookies/title
/head
body
?php setcookie('test', 45, time()+(60*60*24*7)); ?
/body
/html
Firefox is returning this error:
Warning: Cannot modify header information - headers already sent by
(output started at /Users/Daff/Sites/php_sandbox/cookies.php:7) in /
Users/Daff/Sites/php_sandbox/cookies.php on line 7
I have googled this and can't find out what I am doing wrong. Any
help you could give me would be much appreciated.
Tim
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now.
http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Re: [PHP] setcookie
Wolf wrote:
Tim Daff wrote:
Hi,
I am learning PHP, I am trying to set a simple cookie:
html
head
titleCookies/title
/head
body
?php setcookie('test', 45, time()+(60*60*24*7)); ?
/body
/html
Firefox is returning this error:
Warning: Cannot modify header information - headers already sent by
(output started at /Users/Daff/Sites/php_sandbox/cookies.php:7) in
/Users/Daff/Sites/php_sandbox/cookies.php on line 7
I have googled this and can't find out what I am doing wrong. Any
help you could give me would be much appreciated.
Tim
?php setcookie('test', 45, time()+(60*60*24*7)); ?
html
head
titleCookies/title
/head
body
/body
/html
Cookies HAVE to be at the top of the page... You output ANYTHING else
and you get the error you wound up getting.
Wolf
If you're not sure if data has already been sent to the client (I ran
into an included file having a space after ?) you can use
http://us3.php.net/manual/en/function.headers-sent.php before you call
setcookie();
If nothing else it'll help with diagnosing this error when you run into
it again.
--
Ray Hauge
www.primateapplications.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie
As a dirty trick you can put following line on the top of your script,
it will work
ob_start();
But you should try to know why it is not working, and what exactly
ob_start will impact your application and What is the thing called
Output Buffering.
Zareef Ahmed
On 3/12/08, Hiep Nguyen [EMAIL PROTECTED] wrote:
On Wed, 12 Mar 2008, Tim Daff wrote:
Hi,
I am learning PHP, I am trying to set a simple cookie:
html
head
titleCookies/title
/head
body
?php setcookie('test', 45,
time()+(60*60*24*7)); ?
/body
/html
Firefox is returning this error:
Warning: Cannot modify header information - headers already sent by
(output
started at /Users/Daff/Sites/php_sandbox/cookies.php:7) in
/Users/Daff/Sites/php_sandbox/cookies.php on line 7
I have googled this and can't find out what I am doing wrong. Any help
you
could give me would be much appreciated.
Tim
setcookie from php.net states the following:
setcookie() defines a cookie to be sent along with the rest of the HTTP
headers. Like other headers, cookies must be sent before any output from
your script (this is a protocol restriction). This requires that you place
calls to this function prior to any output, including html and head
tags as well as any whitespace
call setcookie before you output ANY THING, even error
hope that helps.
t. hiep
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Zareef Ahmed
http://www.zareef.net
A PHP Developer in India
RE: [PHP] SETCOOKIE
On Sun, August 13, 2006 2:20 am, Peter Lauri wrote: [snip] On Sat, August 12, 2006 8:00 am, Peter Lauri wrote: When you just use time() you tell the cookie to just live until now, so it dies directly. You have to add some seconds to determine how long the cookie will live. Unfortunately, no... The above solution relies on the USER computer clock being set correctly. [/snip] This is interesting. Because you set the time as the Server time, it will then just assume that the time is the same. However, is the system not that smart that it do translate the time when being sent (timestamp and expire time sent the same way, or just the number of seconds that the cookie will be alive from. If this is correct, what will happen if the server is in a different time zone? The time is GMT, so if everybody's computer clock is set correctly, and their BIOS setting for UTC versus GMT or whatever is correct, and ... So, pretty much, it's not something you want to rely on for short time periods... Probably better to set a very long expiration (2 years is max guaranteed to work by spec) and then manage all the expiration issues on the server, using the server clock, which should be self-consistent, if not correct. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] SETCOOKIE
[snip] On Sat, August 12, 2006 8:00 am, Peter Lauri wrote: When you just use time() you tell the cookie to just live until now, so it dies directly. You have to add some seconds to determine how long the cookie will live. Unfortunately, no... The above solution relies on the USER computer clock being set correctly. [/snip] This is interesting. Because you set the time as the Server time, it will then just assume that the time is the same. However, is the system not that smart that it do translate the time when being sent (timestamp and expire time sent the same way, or just the number of seconds that the cookie will be alive from. If this is correct, what will happen if the server is in a different time zone? Best regards, Peter -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] SETCOOKIE
When you just use time() you tell the cookie to just live until now, so it dies directly. You have to add some seconds to determine how long the cookie will live. /Peter -Original Message- From: BBC [mailto:[EMAIL PROTECTED] Sent: Saturday, August 12, 2006 7:48 PM To: PHP Subject: [PHP] SETCOOKIE Hi List, I want to set the cookie in which that cookie would be deleted automatically as visitor closes the browser. I have read an article from www.php.net/manual/en/function.setcookie and it is told me that we can set that cookie by unset the value time, but it doesn't work. Example: Setcookie($var, $value, time(), $path, $domain, $secure_binary); time() = without adding. Any one can tell me the other way .. Thank in advance. Best Regards BBC **o0o** -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SETCOOKIE
Peter Lauri wrote: When you just use time() you tell the cookie to just live until now, so it dies directly. You have to add some seconds to determine how long the cookie will live. /Peter -Original Message- From: BBC [mailto:[EMAIL PROTECTED] Sent: Saturday, August 12, 2006 7:48 PM To: PHP Subject: [PHP] SETCOOKIE Hi List, I want to set the cookie in which that cookie would be deleted automatically as visitor closes the browser. I have read an article from www.php.net/manual/en/function.setcookie and it is told me that we can set that cookie by unset the value time, but it doesn't work. Example: Setcookie($var, $value, time(), $path, $domain, $secure_binary); time() = without adding. Any one can tell me the other way .. Thank in advance. Best Regards BBC **o0o** Try replacing time() with simply so it is not set. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] SETCOOKIE
On Sat, August 12, 2006 8:00 am, Peter Lauri wrote: When you just use time() you tell the cookie to just live until now, so it dies directly. You have to add some seconds to determine how long the cookie will live. Unfortunately, no... The above solution relies on the USER computer clock being set correctly. And while it might mostly kinda sorta usually work, that's not really super reliable. Using 0 for the time, however, is HTTP Spec for session cookie which means the cookie will disappear when the browser is quit. Note that stupidity on the part of MS engineers makes the path parameter required when you include the time parameter. I.e., the cookie spec was implemented not as: setcookie(var, value, [time], [path], ...) but was instead implemented as: setcookie(var, value, [time, path], ...) The inclusing of time requires the inclusion of path The path of / should work the same as the intended default behaviour. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie security concerns
If this is the value directly from the cookie, it's an example of a
cross-site scripting (XSS) vulnerability.
header(Location: $HTTP_REFERER);
This is an HTTP response splitting vulnerability, because the Referer
header (like the Cookie header) is provided by the client. Future
versions of PHP will not allow more than one header per header() call,
but this has been possible until now.
3. If so, what do I do to correct this?
Don't trust any input without inspecting it first. In your case, this
is particularly easy, because you can just make sure that the value is
one of the few valid values.
Hope that helps.
Chris
Chris:
Yes, it helps and I thank you for your comments.
Your question: It's not entirely clear from this example, but am I
correct in assuming that $thestyle is the same as $_COOKIE['thestyle']
in this case? In other words, are you relying on register_globals or
assigning the value yourself?
The example is here:
http://www.sperling.com/examples/styleswitch/
The complete php code (i.e., switch.php) is:
?php
setcookie ('thestyle', $set, time()+31536000, '/', '', 0);
header(Location: $HTTP_REFERER);
?
And the value is assigned by the user via a click:
a href=switch.php?set=style2Green/a or a
href=switch.php?set=style1Red/a
And, the style sheet is determined by:
link rel=stylesheet type=text/css media=screen href=?php
echo(!$thestyle)?'style1':$thestyle ?.css
As such, I am expecting the user to provide the value of 'thestyle' via
his choice.
However, let's say a malicious user would try to do something -- what
could he actually do?
The user could insert arbitary HTML where you have the variable. For
example they could insert:
style1.cssscript language=JavaScript
type=text/JavaScript.../scriptmeta name=bye content=
This would allow them to run arbitary javascript on the clients computer.
An interesting question in this case is how to do an injection using
cookies, injection attacks are generally performed using post get data
as they can be inserted to a link on another page. Getting a working
exploit would probably come down to how the browser implemented the
cookie security; who can set cookies where.
Regardless, it's not worth the risk. Checking for valid values or using
htmlentities to make the variable safe is a quick and simple solution.
Getting into the practice of screening all user data either manually or
using the input_filter extension will also save you from these problems
in the future.
David
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie security concerns
An interesting question in this case is how to do an injection using cookies, injection attacks are generally performed using post get data as they can be inserted to a link on another page. Getting a working exploit would probably come down to how the browser implemented the cookie security; who can set cookies where. Regardless, it's not worth the risk. Checking for valid values or using htmlentities to make the variable safe is a quick and simple solution. Getting into the practice of screening all user data either manually or using the input_filter extension will also save you from these problems in the future. David David: I thank you for your explanation. I experienced an injection attack on a php-form I wrote/provided where someone entered an incomplete html tag that created problems for the form. So, I realize the potential, I just don't know the scope of those types of problems and that was one of the reasons why I asked about this specific cookie issue. What could a hacker do by injecting whatever into a cookie that resides client-side on his computer? tedd ps: With the form, I solved it by using htmlentities -- http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie security concerns
Which someone could do this, is another question I have. The user? He's do
something to his own computer, no?
Gerry
On 3/14/06, tedd [EMAIL PROTECTED] wrote:
Hi:
I've been using a php style switcher allowing users to change css.
The code follows:
Within the head tags.
link rel=stylesheet type=text/css media=screen href=?php
echo (!$thestyle)?'style1':$thestyle ?.css
Within the body tags, allowing the user to select which style they want:
a href=switch.php?set=style2Green/a or a
href=switch.php?set=style1Red/a
And, the corresponding (switch.php) php code is:
?php
setcookie ('thestyle', $set, time()+31536000, '/', '', 0);
header(Location: $HTTP_REFERER);
?
It's pretty simple. But recently, I had one person hammer me stating
it was a security problem because I didn't validate the user input.
As such, he says that someone could inject an arbitrary code and
cause problems.
1. Is he right?
2. How does that work?
3. If so, what do I do to correct this?
Many thanks for any replies.
tedd
--
http://sperling.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Gerry
http://portal.danen.org/
Re: [PHP] setcookie security concerns
tedd wrote: link rel=stylesheet type=text/css media=screen href=?php echo (!$thestyle)?'style1':$thestyle ?.css It's not entirely clear from this example, but am I correct in assuming that $thestyle is the same as $_COOKIE['thestyle'] in this case? In other words, are you relying on register_globals or assigning the value yourself? If this is the value directly from the cookie, it's an example of a cross-site scripting (XSS) vulnerability. header(Location: $HTTP_REFERER); This is an HTTP response splitting vulnerability, because the Referer header (like the Cookie header) is provided by the client. Future versions of PHP will not allow more than one header per header() call, but this has been possible until now. 1. Is he right? Yes, it seems so. 2. How does that work? The Cookie header is part of an HTTP request. This is sent by the client, and although the standard mechanism involves the client returning exactly what you requested (e.g., the value matches that of a previous Set-Cookie header), there's no guarantee that a malicious user would be as polite. 3. If so, what do I do to correct this? Don't trust any input without inspecting it first. In your case, this is particularly easy, because you can just make sure that the value is one of the few valid values. Hope that helps. Chris -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie security concerns
tedd wrote:
link rel=stylesheet type=text/css media=screen href=?php
echo (!$thestyle)?'style1':$thestyle ?.css
It's not entirely clear from this example, but am I correct in
assuming that $thestyle is the same as $_COOKIE['thestyle'] in this
case? In other words, are you relying on register_globals or
assigning the value yourself?
If this is the value directly from the cookie, it's an example of a
cross-site scripting (XSS) vulnerability.
header(Location: $HTTP_REFERER);
This is an HTTP response splitting vulnerability, because the
Referer header (like the Cookie header) is provided by the client.
Future versions of PHP will not allow more than one header per
header() call, but this has been possible until now.
1. Is he right?
Yes, it seems so.
2. How does that work?
The Cookie header is part of an HTTP request. This is sent by the
client, and although the standard mechanism involves the client
returning exactly what you requested (e.g., the value matches that
of a previous Set-Cookie header), there's no guarantee that a
malicious user would be as polite.
3. If so, what do I do to correct this?
Don't trust any input without inspecting it first. In your case,
this is particularly easy, because you can just make sure that the
value is one of the few valid values.
Hope that helps.
Chris
Chris:
Yes, it helps and I thank you for your comments.
Your question: It's not entirely clear from this example, but am I
correct in assuming that $thestyle is the same as
$_COOKIE['thestyle'] in this case? In other words, are you relying on
register_globals or assigning the value yourself?
The example is here:
http://www.sperling.com/examples/styleswitch/
The complete php code (i.e., switch.php) is:
?php
setcookie ('thestyle', $set, time()+31536000, '/', '', 0);
header(Location: $HTTP_REFERER);
?
And the value is assigned by the user via a click:
a href=switch.php?set=style2Green/a or a
href=switch.php?set=style1Red/a
And, the style sheet is determined by:
link rel=stylesheet type=text/css media=screen href=?php
echo(!$thestyle)?'style1':$thestyle ?.css
As such, I am expecting the user to provide the value of 'thestyle'
via his choice.
However, let's say a malicious user would try to do something -- what
could he actually do?
Please explain
Thanks again.
tedd
--
http://sperling.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie doesn't save session properly
I'm using setcookie($sessionName, $sessionid, time()+60*60*24*1, $sessionCookie['path'], $sessionCookie['domain'], $sessionCookie['secure']); to, obviously, store a session. Also, I only use session_start() so perhaps I'm supposed to call session_id()? I'm not sure why the cookie is being mis-saved, but sessions ARE supposed to save the cookies automatically. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie() is not my friend
I'm trying to setcookie('username',$username,15552000) but on
subsequent pages $_COOKIE('username') is always null.
I verified that I'm setting it before any other output is sent to
the browser. I verified that $username does have some valid
contents. I also verified that the browsers I'm testing are set to
allow all cookies. I do have a $username and a $_SESSION
['username'] that contain the same data.
Well, the stupid/obvious question is: are you checking $_COOKIE
('username') like you posted or $_COOKIE['username'], which is
syntactically correct?
Secondarily, have you set your browser to prompt you when a cookie is
sent and, if so, what happens?
Larry
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie() is not my friend
Brian Dunning wrote:
I'm trying to setcookie('username',$username,15552000) but on
subsequent pages $_COOKIE('username') is always null.
snip
Is that just a typo? It should be $_COOKIE['username']
--
John C. Nichel
ÜberGeek
KegWorks.com
716.856.9675
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie() is not my friend
On Oct 6, 2005, at 7:28 AM, John Nichel wrote: Is that just a typo? It should be $_COOKIE['username'] Oops, yes, that was my typo in the email - it is correctly $_COOKIE ['username'] in the code. Thanks. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie() is not my friend
Unless I'm mistaken, you appear to be setting the Expiration date of the
cookie to Mon, 29 Jun 1970 17:00:00 -0700.
Which would cause the cookie to be unset, if it were already set, and do
nothing otherwise.
Chris
Brian Dunning wrote:
I'm trying to setcookie('username',$username,15552000) but on
subsequent pages $_COOKIE('username') is always null.
I verified that I'm setting it before any other output is sent to the
browser. I verified that $username does have some valid contents. I
also verified that the browsers I'm testing are set to allow all
cookies. I do have a $username and a $_SESSION['username'] that
contain the same data.
I'm all out of ideas for where to look further to debug this - any
suggestions?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie() is not my friend
Good catch, Chris. I was wondering about that myself but hadn't taken the time
to see if setcookie() used regular serial time or if cookies had another time
standard.
echo date(m/d/Y h:i:s, 15552000);
06/29/1970 08:00:00
That's what I get.
-TG
= = = Original message = = =
Unless I'm mistaken, you appear to be setting the Expiration date of the
cookie to Mon, 29 Jun 1970 17:00:00 -0700.
Which would cause the cookie to be unset, if it were already set, and do
nothing otherwise.
Chris
Brian Dunning wrote:
I'm trying to setcookie('username',$username,15552000) but on
subsequent pages $_COOKIE('username') is always null.
I verified that I'm setting it before any other output is sent to the
browser. I verified that $username does have some valid contents. I
also verified that the browsers I'm testing are set to allow all
cookies. I do have a $username and a $_SESSION['username'] that
contain the same data.
I'm all out of ideas for where to look further to debug this - any
suggestions?
___
Sent by ePrompter, the premier email notification software.
Free download at http://www.ePrompter.com.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie() is not my friend
D'Oh! You guys are absolutely right. I was trying to go for 6 months, which works now if I say time()+15552000 instead of 15552000. And the documentation shows that exactly - apparently I read right over it, even though I studied it minutely before posting. Oh well...my wife would have the same complaint about me when I can't find the can opener when it's sitting in plain view. :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie() is not my friend
On Thu, October 6, 2005 9:11 am, Brian Dunning wrote:
I'm trying to setcookie('username',$username,15552000) but on
subsequent pages $_COOKIE('username') is always null.
I verified that I'm setting it before any other output is sent to the
browser. I verified that $username does have some valid contents. I
also verified that the browsers I'm testing are set to allow all
cookies. I do have a $username and a $_SESSION['username'] that
contain the same data.
I'm all out of ideas for where to look further to debug this - any
suggestions?
Some Ideas:
Internet Explorer, and those that mimic its broken behaviour, require
BOTH a time AND a directory (use '/') if you are going to provide a
time.
Is 15552000 sufficiently in the future to be valid? Use time() +
(60*60*24) to be SURE.
Or avoid both these issues, and leave out the time argument for now,
making it a session cookie, only valid as long as the browser stays
open.
DEFINITELY configure your browser to let you confirm cookies before
accepting them, so you'll know what the cookie is getting sent.
Windows XP with Service Pack 2 has made a nightmare out of cookies, by
default no longer accepting them -- And I THINK this changes based on
your adding that new goofy compact privacy policy header Microsoft
made up.
It's gotten to the point where I just don't care if IE works or not
for the parts of some of my sites that require member login from
people who need access, and I don't really care if I lose visitors or
not in that particular area. I just tell the users to switch
browsers, or live without the access they want. Works so far -- they
just switch to a better browser.
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie issue
John Hinton wrote: The thing is, on the next action switch print_r($_COOKIE); returns empty until I refresh the browser. So, thusly, the second page load brings in the cookies. $_COOKIES is a convenient array that contains the contents of the Cookie header, nicely parsed. Whenever you set a cookie, you're really adding a Set-Cookie header to the response. Thus, the browser has no way of knowing your intent until it receives the response. This data won't be in $_COOKIES until a subsequent request is made in which that cookie is included in the Cookie request header. This chapter of HTTP Developer's Handbook explains cookies: http://shiflett.org/books/http-developers-handbook/chapters/11 See Figure 11.3 for an illustration of the exchange I just described. Hope that helps. Chris -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie issue
John Hinton wrote: Seems my old setcookie scripts are busted in php with globals off. Use $_COOKIES['name']. Chris -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie issue
Chris Shiflett wrote: John Hinton wrote: Seems my old setcookie scripts are busted in php with globals off. Use $_COOKIES['name']. Chris The thing is, on the next action switch print_r($_COOKIE); returns empty until I refresh the browser. So, thusly, the second page load brings in the cookies. And sorry about that $_GET I left in the earlier post. I was trying about anything to see if I was missing something totally. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie
Randy Johnson wrote: setcookie( sess_key,$key,0,/,. . str_replace( www,,$_SERVER[SERVER_NAME] ),0 ); Does that look right? No. if $_SERVER[SERVER_NAME] == 'www.domain.com' . . str_replace(www,,$_SERVER[SERVER_NAME] ) will give you ..domain.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie
ok I see how that could be an issue. Here is my big problem that I have not been able to figure out. I have a client website that I am trying to fix 1. it has sessions in database, and uses set cookie 2. I can login with firefox/netscape/mozilla just fine 3. I cannot login with any version of IE 4. this is also by going to domain.com or www.domain.com, neither work any ideas? Randy Marek Kilimajer wrote: Randy Johnson wrote: setcookie( sess_key,$key,0,/,. . str_replace( www,,$_SERVER[SERVER_NAME] ),0 ); Does that look right? No. if $_SERVER[SERVER_NAME] == 'www.domain.com' . . str_replace(www,,$_SERVER[SERVER_NAME] ) will give you ..domain.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie
The period was the issue all together, i took the extra out and it worked. Thanks for your help Randy Randy Johnson wrote: ok I see how that could be an issue. Here is my big problem that I have not been able to figure out. I have a client website that I am trying to fix 1. it has sessions in database, and uses set cookie 2. I can login with firefox/netscape/mozilla just fine 3. I cannot login with any version of IE 4. this is also by going to domain.com or www.domain.com, neither work any ideas? Randy Marek Kilimajer wrote: Randy Johnson wrote: setcookie( sess_key,$key,0,/,. . str_replace( www,,$_SERVER[SERVER_NAME] ),0 ); Does that look right? No. if $_SERVER[SERVER_NAME] == 'www.domain.com' . . str_replace(www,,$_SERVER[SERVER_NAME] ) will give you ..domain.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie command
On Mon, 24 Jan 2005 07:24:19 -0800 (PST), Reza Milan [EMAIL PROTECTED] wrote: Dear sir, When I use setcookie command I recieve the following message error: Warning: Cannot modify header information - headers already sent by (output started at C:\Inetpub\wwwroot\test.php:9) in C:\Inetpub\wwwroot\test.php on line 15 Do not set cookies after you have ouput anything, set them before. Or use the output buffering functions. -- Greg Donald Zend Certified Engineer http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie command
Reza Milan wrote: Dear sir, When I use setcookie command I recieve the following message error: Warning: Cannot modify header information - headers already sent by (output started at C:\Inetpub\wwwroot\test.php:9) in C:\Inetpub\wwwroot\test.php on line 15 WinXp - IE 6 On Localhost and Server When a web page is sent from the web server to the browser, there are *TWO* distinct sections sent out. First, is the 'headers', which are called 'headers' because they come at the head (beginning) of the data. Then comes a blank line, to signify the END of headers. Finally, the 'body' comes out, which is what you see when you do View Source -- It's the actual HTML. Headers include meta-information such as the type of Content (text/html or image/jpeg or image/gif or ...) In your case, test.php has something on line 9 that is sending out some HTML (or blank lines or ...) Once that happens, PHP has to dump out all the headers collected so far, and then a blank line, and then start your content. If you try to set a cookie *AFTER* that, when the headers are already gone, and the blank line has gone out to signify the end of headers, IT'S TOO LATE. You have to re-arrange your code to get the Cookies and any other headers to happen *FIRST* and then your HTML after that. You can cheat and turn on output buffering, but that comes with its own performance penalties and issues. You'll probably have a cleaner, more clear, more easily maintained body of PHP code if you arrange your headers to come out first anyway. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setcookie doenn't work
$ok = setcookie(client_id, argh, 259300); //* expire in a month ish Nope, it expired a long time ago... :-) Read the manual for setcookie: http://php.libero.it/manual/en/function.setcookie.php (mainly the part about the expire parameter) HTH, cheers Silvio -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setcookie doenn't work
doh!! ta ;-) S ilvio Porcellana wrote: $ok = setcookie(client_id, argh, 259300); //* expire in a month ish Nope, it expired a long time ago... :-) Read the manual for setcookie: http://php.libero.it/manual/en/function.setcookie.php (mainly the part about the expire parameter) HTH, cheers Silvio -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Setcookie variable use issue after moving php app to di fferent server
Local/master both still show off. I tried using the .htaccess trick, and that did not work either. I have tried now to use the extract($_COOKIE) and extract($_POST) option in the scripts to get around this for now, which seems to be working, but I need to consequently do a lot of testing now to verify everything works. I just don't get what the problem is with this not working. David -Original Message- From: John Holmes [mailto:[EMAIL PROTECTED] Sent: Thursday, August 26, 2004 12:08 PM To: Shapiro, David; [EMAIL PROTECTED] Cc: Perry, Joe (ITCD) Subject: Re: [PHP] Setcookie variable use issue after moving php app to different server From: Shapiro, David [EMAIL PROTECTED] You certainly know your stuff. Unfortunatley, it says that is uses /etc/php.ini, which I did modify, but it also reports register_globals as still off too. It does show a scan dir for additional .ini files (/etc/php.d and additional ini files parsed as ldap.ini, mysql.ini, and odbc.ini too, but I don't think they would have anything to do with it. I'm stumped. Other than adding the entry and stop/starting apache, is there anything else I need to go? That should be all you have to do. Does it say that the local and master values are both OFF, still? ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Setcookie variable use issue after moving php app to di fferent server
Thanks for the info. I checked the file and it does not have much in it. I am working if I am not enabling this in php.ini correctly. I see [Security, Performance] list after the example. To enable, I just copied the example line, removed the [Security, Performance] stuff from the line, and set the value to equal On. Is this [Security, Performance] stuff actuall the name of the section that this option needs to be in--in that, do I need to do the following: [Security] register_globals = On And/or [Performance] register_globals = On -Original Message- From: Curt Zirzow [mailto:[EMAIL PROTECTED] Sent: Thursday, August 26, 2004 7:20 PM To: '[EMAIL PROTECTED]' Subject: Re: [PHP] Setcookie variable use issue after moving php app to di fferent server * Thus wrote Shapiro, David: You certainly know your stuff. Unfortunatley, it says that is uses /etc/php.ini, which I did modify, but it also reports register_globals as still off too. It does show a scan dir for additional .ini files (/etc/php.d and additional ini files parsed as ldap.ini, mysql.ini, and odbc.ini too, but I don't think they would have anything to do with it. I'm stumped. Other than adding the entry and stop/starting apache, is there anything else I need to go? this looks like a RH setup.. take a look in: /etc/httpd/conf.d/php.conf For any directives being set in there. The ini files in php.d/ usually simply have: extension=file.so Curt -- First, let me assure you that this is not one of those shady pyramid schemes you've been hearing about. No, sir. Our model is the trapezoid! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setcookie variable use issue after moving php app to different server
From: Shapiro, David We are trying to move our php app to a different server. For some reason, when we type in the login/password/ account number info and click submit, it does not seem to set the variables. The magic 8-ball says register_globals is OFF on the new server... ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setcookie variable use issue after moving php app to different se rver
your message is multipart/alternative - please do not send them to
mailing lists.
your signatue should have '--' on a line before it's start.
you might want to read the newby guide and try again.
Shapiro, David wrote:
Hello,
We are trying to move our php app to a different server. For some
reason, when we type in the login/password/account number info and
click submit, it does not seem to set the variables.
The webpage portion that collects the login/password/account looks
like the following:
tr
tdbusername:/b/td
tdinput type=text
name=UserName
value=?php echo
$UserName ? maxlength=8 class=form_style
/td
/tr
tr
tdbpassword:/b/td
tdinput type=password
name=Password class=form_style/td
/tr
tr
td colspan=2
align=center
font color='gray'
size=1Username and Password are case sensitive./font
/td
/tr
tr
td colspan=2
align=centerfont color='red'?php echo $status; ?/font/td
/tr
tr
td colspan=2 align=right
input type=submit
name=Submit value= Login style=font-weight:bold;
/td
/tr
It looks like the value= line for user name puts the text the user
types into in the $UserName variable (or is this setting a default
value if $UserName exists?).
The password line does not have this. Either way, this setup works
fine on the original server.
At the top of the index.php page, it then has php code like the following:
?php
setcookie (ccp_logged_in);
setcookie (ccp_username);
setcookie (ccp_uid);
setcookie (ccp_fname);
setcookie (ccp_lname);
setcookie (ccp_access);
setcookie (ccp_company);
setcookie (ccp_account);
setcookie (ccp_maccount);
setcookie (ccp_master);
//Get Global Variable Settings
require(internet/include/global.php);
/
Open a Database connection to the MySQL
Database
/
if ($UserName != ){
$link = mysql_connect($SERVERNAME, $DB_USER,
$DB_PWD)
or die (Could not Connect);
mysql_select_db ($DB)
(code continues on to validate user and then if approved, goes to
another page called page2.php)
Note: The submit action is to go back to itself (index.php).
It never gets in here as if $UserName is not set (at least that is
what I think is going on because if I put $UserName =
someuser/$Password=password/$AccountNo=someacctno just before the
if...then statement, it validates and moves on to page2.php). If I
hardcode set these (which is not an option for use..just for
troubleshooting), it goes to page2.php, with the cookies, which I
checked with print_r option. However, it has a if ($ccs_logged_in =
1) check that fails, even though the print_r shows it is set to 1 as
if it is not using the cookie. I am fairly new to php, so I do not
know if I am supposed to capture the ccs_logged_in cookie value and
assign it to $ccs_logged_in variable. I am not doing this because,
well, it is working as such on the other server.
Can anybody please help me understand what is going on with these php
pages?
This electronic message transmission contains information from the
office of David Shapiro, ITC^DeltaCom, Inc., which may be confidential
or privileged. The information is intended to be for the use of the
individual or entity named above. If you are not the intended
recipient, be aware that any disclosure, copying, distribution or use
of the contents of this information is prohibited. If you have
received this electronic transmission in error, please notify us by
telephone 1-919-865-6955 or by electronic mail
[EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
immediately.
--
Raditha Dissanayake.
http://www.radinks.com/sftp/ | http://www.raditha.com/megaupload
Lean and mean Secure FTP applet with | Mega Upload - PHP file uploader
Graphical User Inteface. Just 128 KB | with progress bar.
--
PHP General Mailing List (http://www.php.net/)
To
RE: [PHP] Setcookie variable use issue after moving php app to di fferent server
Thanks for pointing in the hopefully the right direction. I see in /etc/php.ini the following: ; - register_globals = Off [Security, Performance] I put below this line: register_globals = On And I restarted apache. However, it did not seem to resolve the issue, although I still think this sounds right. Do I implement the turning on of the register_globals correctly, or do I need to do something different? David -Original Message- From: John Holmes [mailto:[EMAIL PROTECTED] Sent: Thursday, August 26, 2004 9:53 AM To: Shapiro, David; [EMAIL PROTECTED] Cc: Perry, Joe (ITCD) Subject: Re: [PHP] Setcookie variable use issue after moving php app to different server From: Shapiro, David We are trying to move our php app to a different server. For some reason, when we type in the login/password/ account number info and click submit, it does not seem to set the variables. The magic 8-ball says register_globals is OFF on the new server... ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setcookie variable use issue after moving php app to different server
From: Shapiro, David [EMAIL PROTECTED] Thanks for pointing in the hopefully the right direction. I see in /etc/php.ini the following: ; - register_globals = Off [Security, Performance] I put below this line: register_globals = On And I restarted apache. However, it did not seem to resolve the issue, although I still think this sounds right. Do I implement the turning on of the register_globals correctly, or do I need to do something different? That's the right method, but you may not have edited the correct php.ini. Create a PHP page that only has ?php phpinfo(); ? as the source. Load that page and it'll show you all of the setting PHP is currently using along with the location of the php.ini file it's getting the configuration from. The php.ini file will be listed in the first table that's shown. If there is a full path including php.ini at the end, then that's the right file. If it's just a path, then that's where PHP is expecting to find php.ini, but did not. Hope that helps. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Setcookie variable use issue after moving php app to di fferent server
You certainly know your stuff. Unfortunatley, it says that is uses /etc/php.ini, which I did modify, but it also reports register_globals as still off too. It does show a scan dir for additional .ini files (/etc/php.d and additional ini files parsed as ldap.ini, mysql.ini, and odbc.ini too, but I don't think they would have anything to do with it. I'm stumped. Other than adding the entry and stop/starting apache, is there anything else I need to go? David -Original Message- From: John Holmes [mailto:[EMAIL PROTECTED] Sent: Thursday, August 26, 2004 10:49 AM To: Shapiro, David; [EMAIL PROTECTED] Cc: Perry, Joe (ITCD) Subject: Re: [PHP] Setcookie variable use issue after moving php app to different server From: Shapiro, David [EMAIL PROTECTED] Thanks for pointing in the hopefully the right direction. I see in /etc/php.ini the following: ; - register_globals = Off [Security, Performance] I put below this line: register_globals = On And I restarted apache. However, it did not seem to resolve the issue, although I still think this sounds right. Do I implement the turning on of the register_globals correctly, or do I need to do something different? That's the right method, but you may not have edited the correct php.ini. Create a PHP page that only has ?php phpinfo(); ? as the source. Load that page and it'll show you all of the setting PHP is currently using along with the location of the php.ini file it's getting the configuration from. The php.ini file will be listed in the first table that's shown. If there is a full path including php.ini at the end, then that's the right file. If it's just a path, then that's where PHP is expecting to find php.ini, but did not. Hope that helps. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setcookie variable use issue after moving php app to different server
From: Shapiro, David [EMAIL PROTECTED] You certainly know your stuff. Unfortunatley, it says that is uses /etc/php.ini, which I did modify, but it also reports register_globals as still off too. It does show a scan dir for additional .ini files (/etc/php.d and additional ini files parsed as ldap.ini, mysql.ini, and odbc.ini too, but I don't think they would have anything to do with it. I'm stumped. Other than adding the entry and stop/starting apache, is there anything else I need to go? That should be all you have to do. Does it say that the local and master values are both OFF, still? ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Setcookie variable use issue after moving php app to di fferent server
Yes, I am afraid so. Both are marked as off. -Original Message- From: John Holmes [mailto:[EMAIL PROTECTED] Sent: Thursday, August 26, 2004 12:08 PM To: Shapiro, David; [EMAIL PROTECTED] Cc: Perry, Joe (ITCD) Subject: Re: [PHP] Setcookie variable use issue after moving php app to different server From: Shapiro, David [EMAIL PROTECTED] You certainly know your stuff. Unfortunatley, it says that is uses /etc/php.ini, which I did modify, but it also reports register_globals as still off too. It does show a scan dir for additional .ini files (/etc/php.d and additional ini files parsed as ldap.ini, mysql.ini, and odbc.ini too, but I don't think they would have anything to do with it. I'm stumped. Other than adding the entry and stop/starting apache, is there anything else I need to go? That should be all you have to do. Does it say that the local and master values are both OFF, still? ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setcookie variable use issue after moving php app to di fferent server
* Thus wrote Shapiro, David: You certainly know your stuff. Unfortunatley, it says that is uses /etc/php.ini, which I did modify, but it also reports register_globals as still off too. It does show a scan dir for additional .ini files (/etc/php.d and additional ini files parsed as ldap.ini, mysql.ini, and odbc.ini too, but I don't think they would have anything to do with it. I'm stumped. Other than adding the entry and stop/starting apache, is there anything else I need to go? this looks like a RH setup.. take a look in: /etc/httpd/conf.d/php.conf For any directives being set in there. The ini files in php.d/ usually simply have: extension=file.so Curt -- First, let me assure you that this is not one of those shady pyramid schemes you've been hearing about. No, sir. Our model is the trapezoid! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie statements are giving me error
* Thus wrote Ryan Schefke ([EMAIL PROTECTED]):
cannot modify header errors, which tells me there's nothing wrong with my
main script. Am I doing something wrong with cookies here?
Warning: Cannot modify header information - headers already sent by.
You're missing the most important part of the message, like at
exactly what line the output started.
setcookie (acctActive_ck, $daysRemaining); //set cookie for active
account, will terminate when browser window closes
if (setcookie(acctActive_ck)) { echo active cookie set; } else { echo
active cookie not set;}
No other cookie can be set after this line. Headers are sent once
you echo something.
Curt
--
I used to think I was indecisive, but now I'm not so sure.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] setcookie statements are giving me error
Curt,
Thanks. That was the issue. Am I allowed to redirect directly below the
setcookie functions using header ('Location
Thanks,
Ryan
==
-Original Message-
From: Curt Zirzow [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 14, 2004 3:29 PM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] setcookie statements are giving me error
* Thus wrote Ryan Schefke ([EMAIL PROTECTED]):
cannot modify header errors, which tells me there's nothing wrong with my
main script. Am I doing something wrong with cookies here?
Warning: Cannot modify header information - headers already sent by.
You're missing the most important part of the message, like at
exactly what line the output started.
setcookie (acctActive_ck, $daysRemaining); //set cookie for active
account, will terminate when browser window closes
if (setcookie(acctActive_ck)) { echo active cookie set; } else { echo
active cookie not set;}
No other cookie can be set after this line. Headers are sent once
you echo something.
Curt
--
I used to think I was indecisive, but now I'm not so sure.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] setcookie on PHP??
Send some pieces of code. Daniel E Massón. Ingeniero de desarrollo [EMAIL PROTECTED] Imagine S.A. Su Aliado Efectivo en Internet www.imagine.com.co (57 1)2182064 - (57 1)6163218 Bogotá - Colombia - Soluciones web para Internet e Intranet - Soluciones para redes - Licenciamiento de Software - Asesoría y Soporte Técnico -Mensaje original- De: Balaravi, Bala (Ravi), ALABS [mailto:[EMAIL PROTECTED]] Enviado el: miércoles, 12 de febrero de 2003 12:41 Para: [EMAIL PROTECTED] Asunto: [PHP] setcookie on PHP?? I need to set a cookie within a document in PHP? setcookie didn't work. I guess it works only in PHP3 PHP4 Any good ideas?? Thanks Rave -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] setcookie() in various browsers.. 3rd followup.. anyone?
This is with PHP 4.2 and register_globals off. I am setting cookies and starting a session in the following fashion: setcookie(EMAILADDR, $row[EMAIL], time()+2592000, '/', .$dn); where $dn = mydomain.com I want the cookies accessible sitewide .. at www.mydomain.com, mydomain.com, forums.mydomain.com, etc. in IE 5.5, IE 6.0, and NS 7.0, it seems this is being accomplished correctly. In NS 4.8 (and 4.7 I assume), the cookies are never even getting set. Can anyone tell me as to why? I've been prodding around cookie docs and trying to find something that works in all browsers, and a lot of people seem to have the same question.. Thanks! Chad -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie() in various browsers.. 3rd followup.. anyone?
On Wednesday 12 February 2003 05:44, Chad Day wrote: This is with PHP 4.2 and register_globals off. I am setting cookies and starting a session in the following fashion: setcookie(EMAILADDR, $row[EMAIL], time()+2592000, '/', .$dn); where $dn = mydomain.com I want the cookies accessible sitewide .. at www.mydomain.com, mydomain.com, forums.mydomain.com, etc. in IE 5.5, IE 6.0, and NS 7.0, it seems this is being accomplished correctly. In NS 4.8 (and 4.7 I assume), the cookies are never even getting set. Can anyone tell me as to why? I've been prodding around cookie docs and trying to find something that works in all browsers, and a lot of people seem to have the same question.. archives cookie handling I'm sure there's some interesting reading to be found. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* Emerson's Law of Contrariness: Our chief want in life is somebody who shall make us do what we can. Having found them, we shall then hate them for it. */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie() in various browsers.. 3rd followup.. anyone?
If you read the original cookie spec, written by Netscape, the cookie is set based on the preceding . (dot). So, if you set a cookie at www.domain.com (using the 5th parameter of setcookie), you can read it ONLY from www.domain.com. If you set it at .domain.com, as long as dot domain dot com is in the domain being used, it will work. The issue that is getting you is that if you set it for .domain (According to the original Netscape Spec), then domain.com DOES NOT MATCH, as domain.com does not have the initial dot. So, my guess is you are trying to write your cookie from domain.com with code that says write this for dot domain dot com (.domain.com), as in your example code. Since Netscape 4 and before follow the spec, they will not write the cookie, as you are trying to write it to a different domain than is setting it. (Those versions will also not read it.) The solution?? Leave your code the way is it, making sure that $dn never contains anything but the domain dot com (Only one dot). That will mean the cookie can be written and read from any domain containing .domain.com (dot domain dot com), such as you.domain.com, www.domain.com, anyCname_you_want.domain.com, etc. Then, make sure your site NEVER loads without the www. (or something dot domain). Kind of a pain, but since newer browsers aren't sticking to that original spec (not sure I.E. ever did), the issue is going away with time. HTH, Peter Janett New Media One Web Services New Upgrades Are Now Live!!! Windows 2000 accounts - Cold Fusion 5.0 and Imail 7.1 Sun Solaris (UNIX) accounts - PHP 4.1.2, mod_perl/1.25, Stronghold/3.0 (Apache/1.3.22), MySQL 3.23.43 PostgreSQL coming soon! http://www.newmediaone.net webmaster at newmediaone.net (303)828-9882 - Original Message - From: Jason Wong [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, February 11, 2003 10:14 PM Subject: Re: [PHP] setcookie() in various browsers.. 3rd followup.. anyone? On Wednesday 12 February 2003 05:44, Chad Day wrote: This is with PHP 4.2 and register_globals off. I am setting cookies and starting a session in the following fashion: setcookie(EMAILADDR, $row[EMAIL], time()+2592000, '/', .$dn); where $dn = mydomain.com I want the cookies accessible sitewide .. at www.mydomain.com, mydomain.com, forums.mydomain.com, etc. in IE 5.5, IE 6.0, and NS 7.0, it seems this is being accomplished correctly. In NS 4.8 (and 4.7 I assume), the cookies are never even getting set. Can anyone tell me as to why? I've been prodding around cookie docs and trying to find something that works in all browsers, and a lot of people seem to have the same question.. archives cookie handling I'm sure there's some interesting reading to be found. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* Emerson's Law of Contrariness: Our chief want in life is somebody who shall make us do what we can. Having found them, we shall then hate them for it. */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] setcookie() in various browsers..
Following up from Friday.. no replies over the weekend.. can anyone help? Thanks, Chad -Original Message- From: Chad Day [mailto:[EMAIL PROTECTED]] Sent: Friday, February 07, 2003 3:02 PM To: php general Subject: [PHP] setcookie() in various browsers.. This is with PHP 4.2 and register_globals off. I am setting cookies and starting a session in the following fashion: setcookie(EMAILADDR, $row[EMAIL], time()+2592000, '/', .$dn); where $dn = mydomain.com I want the cookies accessible sitewide .. at www.mydomain.com, mydomain.com, forums.mydomain.com, etc. in IE 6.0, and NS 7.0, it seems this is being accomplished correctly. In NS 4.8, the cookies are never even getting set. Can anyone tell me as to why? I've been prodding around cookie docs and trying to find something that works in all browsers, and a lot of people seem to have the same question.. Thanks! Chad -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setcookie() and header()
Unless I am mistaken, the typical behavior for most browsers is exactly as you described. Which is due to the browser receiving a Location header and acting on it, disregarding any other headers. (ex: cache/no-cache, cookies, etc) Anybody care to prove me wrong? While not the best route, you could alternatively use a meta-refresh for the redirect. This would give you the chance for the headers to be read and the cookie created. Hope that helps, Jason k Larson J. Alden Gillespy wrote: After I set a cookie and then send a redirect header, the cookie doesn't show up, but the browser successfully redirects. setcookie(test, blahblah, time() + 1440); header(Location: http://www.mywebsite.com/login.php;); However, if I take out the header() statement, then the cookie is successfully set. Anyone else having this problem? J. Alden Gillespy (aka Dogga) Microsoft Beta Tester: - Office 11 - Content Management Server (CMS) 2002 - Systems Management Server (SMS) 2003 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setcookie() and header()
On Tue, 14 Jan 2003 22:34:49 -0700, you wrote: Unless I am mistaken, the typical behavior for most browsers is exactly as you described. Which is due to the browser receiving a Location header and acting on it, disregarding any other headers. (ex: cache/no-cache, cookies, etc) Anybody care to prove me wrong? Actually most browsers can handle receiving a cookie and being redirected in the same response. I have several applications that do this and I have no problems in later versions of IE, Mozilla, Netscape, or Opera (all that I can test with). I would wager that the original poster is using IIS, and I would also wager that they are running PHP in CGI mode, not ISAPI mode. IIS has a bug that occurs when a CGI program tries to set a cookie and redirect in the same response (detailed in Microsoft Knowledge Base article Q176113), but there is a workaround. I sent a post to this list back in August of last year which details the workaround: http://marc.theaimsgroup.com/?l=php-generalm=102929828515647w=2 If the original post isn't using IIS, then I'm not sure what's happening. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Setcookie() and header()
Accidentally replied to sender instead of list -- Wow. You hit the nail on the head. :) I installed PHP on IIS via the executable, so I gather I have one of two choices: -- Research your article and see how to work around the problem OR -- Use ISAPI. (how do I go about doing this? :) Thanks again for your help so far. J. Alden Gillespy (aka Dogga) Microsoft Beta Tester: - Office 11 - Content Management Server (CMS) 2002 - Systems Management Server (SMS) 2003 -Original Message- From: Michael Sims [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 15, 2003 1:08 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] On Tue, 14 Jan 2003 22:34:49 -0700, you wrote: Unless I am mistaken, the typical behavior for most browsers is exactly as you described. Which is due to the browser receiving a Location header and acting on it, disregarding any other headers. (ex: cache/no-cache, cookies, etc) Anybody care to prove me wrong? Actually most browsers can handle receiving a cookie and being redirected in the same response. I have several applications that do this and I have no problems in later versions of IE, Mozilla, Netscape, or Opera (all that I can test with). I would wager that the original poster is using IIS, and I would also wager that they are running PHP in CGI mode, not ISAPI mode. IIS has a bug that occurs when a CGI program tries to set a cookie and redirect in the same response (detailed in Microsoft Knowledge Base article Q176113), but there is a workaround. I sent a post to this list back in August of last year which details the workaround: http://marc.theaimsgroup.com/?l=php-generalm=102929828515647w=2 If the original post isn't using IIS, then I'm not sure what's happening. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setcookie() and header()
On Wed, 15 Jan 2003 01:36:26 -0500, you wrote: Wow. You hit the nail on the head. :) Well, I spent a good day or two hunting the problem down the first time I ran across it. Spending that much time on something tends to make it stick in your head. :) I installed PHP on IIS via the executable, so I gather I have one of two choices: -- Research your article and see how to work around the problem OR -- Use ISAPI. (how do I go about doing this? :) It's been several months since I've tried to use PHP with IIS, but when I did it was the general consensus that the ISAPI module wasn't stable enough for production sites. If that's still the case I'd probably stick with the CGI version. Of course things may have improved, I haven't been keeping up with the Windows side of things. Perhaps someone on the php-windows list would have some ISAPI experiences to share. If you decide to try and implement the workaround and run into problems, drop me a line. I have working code examples which deal with this problem that I'd be happy to share. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie IE6 problem
MS has introduced p3p policy in IE6 which has impacted on cookies etc. If
the site or host does not have a machine generated xml privacy statement,
then stability with regards
to cookies is not guaranteed. Do a search and read up about it. Check out
w3c's site.
- Original Message -
From: Javier Montserat [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, August 29, 2002 1:39 PM
Subject: [PHP] setcookie IE6 problem
I'm setting a session cookie with the following code -
function setSessionCookie(){
$expires = time()+$this-session_expires;
$issetCookie = setcookie($this-cookiename,
$this-sess_id,
$expires,
/,
);
}
Occasionally setcookie seems to fail in IE6, or perhaps when I
subsequently
retrieve the cookie as a part of the authentication code on each page IE6
fails to pick up the cookie - either way I get logged out.
Other browsers (NS4, IE5, IE5.5) seem okay.
Any Ideas?
Javier
_
Send and receive Hotmail on your mobile device: http://mobile.msn.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie IE6 problem
Thanks for the reply, a little more info below...
Speaking of cookies, any general thoughts on the relative merits of using
php's setcookie function vs. setting a cookie with a header() call? Are
both methods equal?
Will do more research later and post anything interesting on the IE6
issue...
. . . . .
php manual - setcookie notes
[EMAIL PROTECTED] wrote -
MSIE 6 has a inaccurate definition of third party cookies. If your domain is
hosted on one server and your PHP stuff is on another, the IE6 p3p
implementation considers any cookies sent from the second machine third
party.
Third party cookies will be blocked automatically in most privacy settings
if not accompanied by what MS considers an appropriate Compact Policy. In
order to make this new piece of tweakable garbage happy I'd suggest you'd
par exemple send
header('P3P: CP=NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM');
before sending your cookie from your second machine.
This header enables your cookie to survive any privacysetting.
MS has introduced p3p policy in IE6 which has impacted on cookies etc. If
the site or host does not have a machine generated xml privacy statement,
then stability with regards
to cookies is not guaranteed. Do a search and read up about it. Check out
w3c's site.
- Original Message -
From: Javier Montserat [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, August 29, 2002 1:39 PM
Subject: [PHP] setcookie IE6 problem
I'm setting a session cookie with the following code -
function setSessionCookie(){
$expires = time()+$this-session_expires;
$issetCookie = setcookie($this-cookiename,
$this-sess_id,
$expires,
/,
);
}
Occasionally setcookie seems to fail in IE6, or perhaps when I
subsequently
retrieve the cookie as a part of the authentication code on each page
IE6
fails to pick up the cookie - either way I get logged out.
Other browsers (NS4, IE5, IE5.5) seem okay.
Any Ideas?
Javier
_
Send and receive Hotmail on your mobile device: http://mobile.msn.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
_
Join the worlds largest e-mail service with MSN Hotmail.
http://www.hotmail.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie then redirect + Answer
Read your data from $_COOKIE not $_COOKIES.
David Busby wrote:
List,
I'm trying to set a cookie like this:
?php
function redirect() {
if ($_SERVER['HTTP_HOST'] == $_SERVER['SERVER_NAME']) {
$to = func_get_arg(0);
header(HTTP/1.1 301\n);
header(Location:http://.$_SERVER['SERVER_NAME'].$to.\n);
header(Set-Cookie: sid=$sid;\n\n);
exit();
}
}
function login() {
[... validation code here ...]
// set my cookie
setcookie(sid, $sid);
return true;
}
if (login($token) == true) {
redirect(/somepage.php);
}
?
but this thing isn't working...seems like it's not writing the SID value
in the cookie. In other code (on /somepage.php for example) when I read
the cookie value ($_COOKIES['sid']) it can't find it. Ideas?
So how do I set cookies then redirect?
I'm using Apache 1.3.x, PHP 4.1.2, RH7.3
TIA
/B
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie then redirect
David Busby wrote:
List,
I'm trying to set a cookie like this:
?php
function redirect() {
if ($_SERVER['HTTP_HOST'] == $_SERVER['SERVER_NAME']) {
$to = func_get_arg(0);
header(HTTP/1.1 301\n);
header(Location:http://.$_SERVER['SERVER_NAME'].$to.\n);
header(Set-Cookie: sid=$sid;\n\n);
exit();
}
}
You can't do this. Your Set-Cookie header is not going to be included
in the HTTP response, so the browser never receives it. This is because
you are using a Location header on the same page, which is going to
take precedence. If you search the archives, you'll see more details
about this behavior and some other peoples' opinions.
You have two ways around this:
1. Use a meta refresh instead of a protocol-level redirect.
2. Redesign the flow of your application to better handle this behavior.
Happy hacking.
Chris
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie()
Hello jtjohnston, Saturday, May 11, 2002, 11:42:52 PM, you wrote: j This is a bug Feature/Change Request I made to: j http://bugs.php.net/bug.php?id=17158 j setcookie() states cookies must be sent before any other headers j are sent (this is a restriction of cookies, not PHP). j I argue this is a restriction of PHP, not cookies. j Here is my proof: j http://www.collegeSherbrooke.qc.ca/languesmodernes/cookie.htm j I can do this any time in body : j script jsetCookie(TestCookie,first time,expdate); jvar DisplayData = getCookie(TestCookie); jdocument.write(DisplayData); jsetCookie(TestCookie,second time,expdate); jvar DisplayData = getCookie(TestCookie); jdocument.write(DisplayData); j /script j I want to be able to setcookie() anytime I want, before and after I j declare any HTML. j This will never get changed, unless we ask for it. j I would appreciate your vote of support at: j http://bugs.php.net/bug.php?id=17158 j before the bug people close this thread. Are you kidding? -- Best regards, Olexandrmailto:[EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] setcookie() in 4.2.0
Yes. Output buffering is good. Some people will say that you shouldn't use it, but should make sure to write all your code so that there can't be any output before any headers need to be sent. I disagree with this. While a good idea in principle, in practice it is all but impossible to keep going. (Or maybe I'm just too lazy to take the tremendous amount of time it would take to rewrite our code to not send output before headers...) Matthew Walker Senior Software Engineer ePliant Marketing -Original Message- From: Olexandr Vynnychenko [mailto:[EMAIL PROTECTED]] Sent: Saturday, May 11, 2002 6:35 AM To: [EMAIL PROTECTED] Subject: [PHP] setcookie() in 4.2.0 The following code doesn't work properly on PHP 4.1: ?php echo pBlah, blah/p; setcookie(kuku, abc); setcookie(lala, def); setcookie(zuzu, ghi); ? Because I wrote echo statement before setcookie. But it works on PHP 4.2. Is it due to output_buffering=4096 directive in php.ini? -- Best regards, Olexandr mailto:[EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.351 / Virus Database: 197 - Release Date: 4/19/2002 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie()
PHP is a server-side language and as such it deals with server-side issues. If you want to write javascript that sets a client-side Javascript cookie, go ahead. It has nothing to do with PHP and PHP will certainly not get in your way. -Rasmus On Sat, 11 May 2002, jtjohnston wrote: This is a bug Feature/Change Request I made to: http://bugs.php.net/bug.php?id=17158 setcookie() states cookies must be sent before any other headers are sent (this is a restriction of cookies, not PHP). I argue this is a restriction of PHP, not cookies. Here is my proof: http://www.collegeSherbrooke.qc.ca/languesmodernes/cookie.htm I can do this any time in body : script setCookie(TestCookie,first time,expdate); var DisplayData = getCookie(TestCookie); document.write(DisplayData); setCookie(TestCookie,second time,expdate); var DisplayData = getCookie(TestCookie); document.write(DisplayData); /script I want to be able to setcookie() anytime I want, before and after I declare any HTML. This will never get changed, unless we ask for it. I would appreciate your vote of support at: http://bugs.php.net/bug.php?id=17158 before the bug people close this thread. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie()
Rasmus server-side / client-side, that's not the point. My point is PHP can, could and should be able to set a cookie after HTML is set. But of course, Jan has already closed the issue, as usual. http://bugs.php.net/bug.php?id=17158 PHP is a server-side language and as such it deals with server-side issues. If you want to write javascript that sets a client-side Javascript cookie, go ahead. It has nothing to do with PHP and PHP will certainly not get in your way. -Rasmus On Sat, 11 May 2002, jtjohnston wrote: This is a bug Feature/Change Request I made to: http://bugs.php.net/bug.php?id=17158 setcookie() states cookies must be sent before any other headers are sent (this is a restriction of cookies, not PHP). I argue this is a restriction of PHP, not cookies. Here is my proof: http://www.collegeSherbrooke.qc.ca/languesmodernes/cookie.htm I can do this any time in body : script setCookie(TestCookie,first time,expdate); var DisplayData = getCookie(TestCookie); document.write(DisplayData); setCookie(TestCookie,second time,expdate); var DisplayData = getCookie(TestCookie); document.write(DisplayData); /script I want to be able to setcookie() anytime I want, before and after I declare any HTML. This will never get changed, unless we ask for it. I would appreciate your vote of support at: http://bugs.php.net/bug.php?id=17158 before the bug people close this thread. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- John Taylor-Johnston - ' ' ' Collège de Sherbrooke: ô¿ô http://www.collegesherbrooke.qc.ca/languesmodernes/ - Université de Sherbrooke: http://compcanlit.ca/ 819-569-2064 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie()
If the issue has pissed you off in tha past, complain. Vote: http://bugs.php.net/bug.php?id=17158 Rasmus server-side / client-side, that's not the point. My point is PHP can, could and should be able to set a cookie after HTML is set. But of course, Jan has already closed the issue, as usual. http://bugs.php.net/bug.php?id=17158 PHP is a server-side language and as such it deals with server-side issues. If you want to write javascript that sets a client-side Javascript cookie, go ahead. It has nothing to do with PHP and PHP will certainly not get in your way. -Rasmus On Sat, 11 May 2002, jtjohnston wrote: This is a bug Feature/Change Request I made to: http://bugs.php.net/bug.php?id=17158 setcookie() states cookies must be sent before any other headers are sent (this is a restriction of cookies, not PHP). I argue this is a restriction of PHP, not cookies. Here is my proof: http://www.collegeSherbrooke.qc.ca/languesmodernes/cookie.htm I can do this any time in body : script setCookie(TestCookie,first time,expdate); var DisplayData = getCookie(TestCookie); document.write(DisplayData); setCookie(TestCookie,second time,expdate); var DisplayData = getCookie(TestCookie); document.write(DisplayData); /script I want to be able to setcookie() anytime I want, before and after I declare any HTML. This will never get changed, unless we ask for it. I would appreciate your vote of support at: http://bugs.php.net/bug.php?id=17158 before the bug people close this thread. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- John Taylor-Johnston - ' ' ' Collège de Sherbrooke: ô¿ô http://www.collegesherbrooke.qc.ca/languesmodernes/ - Université de Sherbrooke: http://compcanlit.ca/ 819-569-2064 -- John Taylor-Johnston - ' ' ' Collège de Sherbrooke: ô¿ô http://www.collegesherbrooke.qc.ca/languesmodernes/ - Université de Sherbrooke: http://compcanlit.ca/ 819-569-2064 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie()
And you can do so if you turn on output buffering. Having PHP send off JavaScript to do this is a massive hack that has no place in PHP. Write your own setcookie wrapper function if that is what you want. -Rasmus On Sat, 11 May 2002, jtjohnston wrote: Rasmus server-side / client-side, that's not the point. My point is PHP can, could and should be able to set a cookie after HTML is set. But of course, Jan has already closed the issue, as usual. http://bugs.php.net/bug.php?id=17158 PHP is a server-side language and as such it deals with server-side issues. If you want to write javascript that sets a client-side Javascript cookie, go ahead. It has nothing to do with PHP and PHP will certainly not get in your way. -Rasmus On Sat, 11 May 2002, jtjohnston wrote: This is a bug Feature/Change Request I made to: http://bugs.php.net/bug.php?id=17158 setcookie() states cookies must be sent before any other headers are sent (this is a restriction of cookies, not PHP). I argue this is a restriction of PHP, not cookies. Here is my proof: http://www.collegeSherbrooke.qc.ca/languesmodernes/cookie.htm I can do this any time in body : script setCookie(TestCookie,first time,expdate); var DisplayData = getCookie(TestCookie); document.write(DisplayData); setCookie(TestCookie,second time,expdate); var DisplayData = getCookie(TestCookie); document.write(DisplayData); /script I want to be able to setcookie() anytime I want, before and after I declare any HTML. This will never get changed, unless we ask for it. I would appreciate your vote of support at: http://bugs.php.net/bug.php?id=17158 before the bug people close this thread. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- John Taylor-Johnston - ' ' ' Collège de Sherbrooke: ô¿ô http://www.collegesherbrooke.qc.ca/languesmodernes/ - Université de Sherbrooke: http://compcanlit.ca/ 819-569-2064 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] setcookie()
You've just pointed out that you're a clueless newbie, that's' all, and can't read a spec worth a whit. -Original Message- From: jtjohnston [mailto:[EMAIL PROTECTED]] Sent: Saturday, May 11, 2002 4:50 PM To: [EMAIL PROTECTED] Subject: Re: [PHP] setcookie() Rasmus server-side / client-side, that's not the point. My point is PHP can, could and should be able to set a cookie after HTML is set. But of course, Jan has already closed the issue, as usual. http://bugs.php.net/bug.php?id=17158 PHP is a server-side language and as such it deals with server-side issues. If you want to write javascript that sets a client-side Javascript cookie, go ahead. It has nothing to do with PHP and PHP will certainly not get in your way. -Rasmus On Sat, 11 May 2002, jtjohnston wrote: This is a bug Feature/Change Request I made to: http://bugs.php.net/bug.php?id=17158 setcookie() states cookies must be sent before any other headers are sent (this is a restriction of cookies, not PHP). I argue this is a restriction of PHP, not cookies. Here is my proof: http://www.collegeSherbrooke.qc.ca/languesmodernes/cookie.htm I can do this any time in body : script setCookie(TestCookie,first time,expdate); var DisplayData = getCookie(TestCookie); document.write(DisplayData); setCookie(TestCookie,second time,expdate); var DisplayData = getCookie(TestCookie); document.write(DisplayData); /script I want to be able to setcookie() anytime I want, before and after I declare any HTML. This will never get changed, unless we ask for it. I would appreciate your vote of support at: http://bugs.php.net/bug.php?id=17158 before the bug people close this thread. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- John Taylor-Johnston - ' ' ' Collège de Sherbrooke: ô¿ô http://www.collegesherbrooke.qc.ca/languesmodernes/ - Université de Sherbrooke: http://compcanlit.ca/ 819-569-2064 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie()
On Sat, 11 May 2002, jtjohnston wrote: This is a bug Feature/Change Request I made to: http://bugs.php.net/bug.php?id=17158 setcookie() states cookies must be sent before any other headers are sent (this is a restriction of cookies, not PHP). I argue this is a restriction of PHP, not cookies. It's a benefit of PHP. Unlike certain other languages, PHP gives you finer control over how things are sent. The side-effect of this is that you are able to attempt things that don't make sense and can't work. If you want to use setcookie() anywhere within your PHP program, then just call ob_start() at the top of your code and go to town. miguel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setcookie problems...
On Wednesday, April 24, 2002, at 03:27 PM, Pusta wrote: When we are setting a cookie in a PHP page, that cookie cannot be accessed by any page in a different folder. When we move the pages into the same folder, the cookies worked fine. Can anyone shed some light on this?? Is the different directory pointed to by a different virtual host? I could be completely mistaken, but don't cookies only work on a per-domain name basis? If that's not it, I don't know what else it could be. Erik Erik Price Web Developer Temp Media Lab, H.H. Brown [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Setcookie problems...
From the manual (and with honor): int setcookie ( string name [, string value [, int expire [, string path [, string domain [, int secure]) so ? setcookie (TestCookie, $value,time()+3600, /~rasmus/, .utoronto.ca, 1); ? limits the cookie to work on only one specified folder see for more: www.php.net/setcookie Sincerely, Maxim Maletsky Founder, Chief Developer www.PHPBeginner.com // where PHP Begins -Original Message- From: Erik Price [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 24, 2002 9:32 PM To: Pusta Cc: [EMAIL PROTECTED] Subject: Re: [PHP] Setcookie problems... On Wednesday, April 24, 2002, at 03:27 PM, Pusta wrote: When we are setting a cookie in a PHP page, that cookie cannot be accessed by any page in a different folder. When we move the pages into the same folder, the cookies worked fine. Can anyone shed some light on this?? Is the different directory pointed to by a different virtual host? I could be completely mistaken, but don't cookies only work on a per-domain name basis? If that's not it, I don't know what else it could be. Erik Erik Price Web Developer Temp Media Lab, H.H. Brown [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie with array (was serialize)
On Thursday 28 March 2002 23:25, Rodrigo Peres wrote:
Hi list,
Regarding my last post about serialize, I've tried many things but couldn't
make it function.
I'm trying to store the data from a form in order to allow my user to stop
the process of filling the form and retrieve later what was inserted
before.
Among many other thing I tried this little script only to test but didn't
work. why??
if(isset($submit)) {
$x = addslashes($HTTP_POST_VARS);
addslashes works on string, $HTTP_POST_VARS is an array?
--
Jason Wong - Gremlins Associates - www.gremlins.com.hk
/*
Take care of the luxuries and the necessities will take care of themselves.
-- Lazarus Long
*/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie with array (was serialize)
On Thu, 28 Mar 2002, Rodrigo Peres wrote:
if(isset($submit)) {
$x = addslashes($HTTP_POST_VARS);
$y = serialize($x);
setcookie(posted,$y)
}
1) You probably should call serialize on the array to turn it into a
string before trying any string transformations like addslashes. If you
don't understand what is going on, help yourself out by printing out the
values every step of the way.
2) You don't need to use addslashes anyway because it has nothing to do
with cookies; they are not quoted.
miguel
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie()
Here's a compilation of some recent conclusions I've gotten from the same
discussion:
This is how I chose to set the variables:
// $username and $password are passed from a previous page's form.
$time = mktime()+1800;
$date = gmdate(D, d-M-Y H:i:s, ($time));
$password = md5 ($password);
header ('Set-Cookie: username='.$username.'; expires='.$date.' GMT; path=/;
domain='.$SERVER_ADDR);
header ('Set-Cookie: password='.$password.'; expires='.$date.' GMT; path=/;
domain='.$SERVER_ADDR);
Produces:
Set-Cookie: username=Rasmus; expires=Wed, 12-Dec-2001 21:58:55 GMT; path=/;
domain=www.php.net
Set-Cookie: password=d41d8cd98f00b204e9800998ecf8427e;
expires=Wed, 12-Dec-2001 21:58:55 GMT; path=/; domain=www.php.net
Whereas these two calls (per Rasmus Lerdorf):
SetCookie('username',$username,time()+1800,'/',$SERVER_ADDR);
SetCookie('password',$password,time()+1800,'/',$SERVER_ADDR);
Produce:
Set-Cookie: username=Rasmus; expires=Wed, 12-Dec-01 21:58:55 GMT; path=/;
domain=www.php.net
Set-Cookie: password=d41d8cd98f00b204e9800998ecf8427e;
expires=Wed, 12-Dec-01 21:58:55 GMT; path=/; domain=www.php.net
Putting them side by side to make it easier to compare:
Set-Cookie: username=Rasmus; expires=Wed, 12-Dec-2001 21:58:55 GMT; path=/;
domain=www.php.net
Set-Cookie: username=Rasmus; expires=Wed, 12-Dec-01 21:58:55 GMT; path=/;
domain=www.php.net
Ramsus wrote:
They are identical except for the PHP SetCookie() version using a 2-digit
year (which can be changed in your php.ini file with the y2k directive).
--
Casey Allen Shobe
[EMAIL PROTECTED]
'Why do people with closed minds always open their mouths?'
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] setcookie BUG w/ IE 5.5, 6.0 Netscape!
Oh yeah, about the lifetime of the cookie - with no valid expiry time it is created as a session cookie - which is supposed to only live as long as the browser does. [opening a new independent browser window does not share the session, but window.open() calls do, as do other 'browser created from browser with session' methods, if that makes any sense, grin] -- Shane On Saturday 29 Dec 2001 6:35 pm, Kris Wilkinson wrote: Just recently I've noticed an issue with setcookie. My scripts which normall ran : setcookie (myCookie,Blah,time()+7201); Are killing the cookie immediately after you close the browser window, or access another https:// site. It appears as though the life of the cookie is actually not being set, and is based entirely around the life of the browser window which it was originally called. if you leave the window open, and attempt at access the cookie from another window, the cookie does not exist. IDEAS? PHP GODS? :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] setcookie BUG w/ IE 5.5, 6.0 Netscape!
On 29 December 2001 13:35, Kris Wilkinson spaketh unto ye recipient:
setcookie (myCookie,Blah,time()+7201);
For some reason, you must specify the domain, and make sure you use *exact*
formatting on the time, including the GMT suffix.
I gave up on setcookie and started using this:
$date = gmdate(D, d-M-Y H:i:s, ($time));
header ('Set-Cookie: username='.$username.'; expires='.$date.' GMT; path=/;
domain='.$SERVER_ADDR);
Problem is, I just upgraded a machine to Netscape 6.2 from 6.1, and now it
won't set the cookie :(
--
Casey Allen Shobe
[EMAIL PROTECTED]
GCS/CM d+ s+:-+: a-- C++() ULU$ P- L+++ E- W++ N++ !o K- w-- !O
M V- PS++ PE Y+ PGP++ t+ 5+ X R+ tv-- b++ DI+ D G++ e h-(*) r--- z--
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] SetCookie return
SetCookie() cannot know whether the client accepts the cookie or not. It can only send it. You will need to check in a subsequent request if the client decided to accept it or not. -Rasmus On Sat, 10 Nov 2001, Christian Dechery wrote: what does SetCookie() returns??? I did a var_dump() on it and it gave me 'bool(true)' when in fact the cookie was not set... _ . Christian Dechery . . Gaita-L Owner / Web Developer . . http://www.webstyle.com.br . . http://www.tanamesa.com.br -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Setcookie
?php
$alertthem = Testing your browser for cookies.;
if(empty($check)){
$page = $PHP_SELF?check=1;
header(Location: $page);
setcookie(testcookie,1);
}
else{
if(empty($testcookie)){
$alertthem = H3Please enable cookies.brYou need cookies to shop
this
site/h3;
}
else{
header(Location: somepage.php3);
}
}
?
-Original Message-
From: Galvin, Max [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 31, 2001 9:45 AM
To: '[EMAIL PROTECTED]'
Subject: [PHP] Setcookie
Is there any way to see whether or not the cookie setting has actually
worked without going to another page? I suspect there isn't but I'd like
confirmation ;)
Cheers
Max
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] setcookie problem
On Monday 02 July 2001 21:32, scott [gts] wrote: probably becuase time() is seconds since 1970, and as far as i understand, once it gets over 999,999,999 it will not work correctly becuase it will roll over (similar to the Y2k bug) and become 000,000,000 Typically the limit is 2^31 seconds (a 32Bit signed number) on 32Bit machines (which I assume is used here). So the Y2k equivalent for Unix time() is around mid-2038. -- Christian Reiniger LGDC Webmaster (http://lgdc.sunsite.dk/) ...1000100011010101101010110100111010113... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] setcookie problem
this is my guess at what's happening... i dont know 100% if that's why cookies aren't setting properly, but here's an educated guess on my part: probably becuase time() is seconds since 1970, and as far as i understand, once it gets over 999,999,999 it will not work correctly becuase it will roll over (similar to the Y2k bug) and become 000,000,000 for example: 00,900,000,000 - current time (for example) 36,000,000,000 - what you're trying to add -- 36,900,000,000 - result but the buffer is only big enough for 999,999,999 and so the computer truncates the leading 36 and leaves you with 900,000,000 (which was the exact time that you set the cookie, making it expire as soon as you set it) instead of adding such wildly huge numbers, try adding 1-2 years... besides, it's kind of scary to think that your cookies might outlive you, if that timestamp was really acceptable :) -Original Message- From: Mark Lo [mailto:[EMAIL PROTECTED]] Sent: Monday, July 02, 2001 12:33 PM To: php general Subject: [PHP] setcookie problem Hi, How to set a forever cookie into client machine. I use the following syntax to set the cookie, but when I close the brower's window, then the cookie is deleted when the browser closed. setcookie(buyerid,$email,time()+360,,$domain); setcookie(buyeridpasswd,$passwd,time()+360,,$domain); Thank you for your attentions, Mark Lo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] setcookie() woes
In my experience the understanding of SetCookie header differs form browser to browser so much that it's horrible. As far as I remember IE5.5 handled it correctly. IE5.0 didn't. Netscape I think did (not completely sure). In any case .. session-based cookies seem to work in all of them. just call setcookie($name, $value) and nothing more. If you can't live without permament cookies you have to somehow (via $USER_AGENT for example) differ the browsers and upon that use setcookie the way that specific browser expects (you still have to find out how each of them works and there are many more than just IE or Netscape and their fifferent versions). I remember for example that one browser needed domain name to work and other didn't want it all to work. Or something like that. Hope this helps. lenar. ps. I think setcookie() itself doesn't woe, just our great programmers at netsacpe and microsoft can't correctly read and understand that short and simple specification of cookies. Chris [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all, I have a login script that works on one of my machines but not another, and I've determined the problem has to do with setcookie(). One machine is using IE 5.50 and another is using 5.00, and I assume therein lies the problem. I've tried to plow through the dozens (hundreds?) of followups on the manual page for setcookie(). Most of the interesting ones seem to involve using header(SetCookie . . .) instead of the setcookie() function. I tried a few, including the pass-every-parameter-to-setcookie-even-if-you're-not-really-using-them workaround, to no avail. Is this a well known problem, with a well known solution? Thanks, Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] setcookie() woes
I won't quote, because this is not directly related to either mail.
I had a completely bizarre issue with MSIE not accepting cookies that
had highbit ascii values in them as their first character. Simply
fixed (in the end): add text to the front and strip it out in the
sitewide pre-execution script.
As for cookie problems I really don't have them. For consistency we
send all our cookies through one function, called sendCookie:
?
Function sendCookie($cookiename, $cookievalue)
{
// Sends the user a cookie. Use this function to send cookies
// so we can make sure they're all sent with the same parameters.
setcookie($cookiename, $cookievalue, 0, /);
}
?
This creates a no-timeout cookie that gets sent to all pages of the
site. Never had an issue with it. If I have, noone's complained about
it anyway. :)
Jason
--
Jason Murray
[EMAIL PROTECTED]
Web Developer, Melbourne IT
What'll Scorpy use wormhole technology for?
'Faster pizza delivery.'
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] setcookie() woes
This is a problem with IE5.0. However, not all versions of 5.0 have the problem. I had to upgrade all of my users to IE5.5 to fix the problem. What is really strange is that the problem manifests itself as a PHP problemBut it's not. Actually, I don't think the problem is the setcookie function, it's headers in general. Anyway, I assume you are having the problem in 5.0 and 5.5 works OK. -Original Message- From: Chris [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 20, 2001 6:26 PM To: [EMAIL PROTECTED] Subject: [PHP] setcookie() woes Hi all, I have a login script that works on one of my machines but not another, and I've determined the problem has to do with setcookie(). One machine is using IE 5.50 and another is using 5.00, and I assume therein lies the problem. I've tried to plow through the dozens (hundreds?) of followups on the manual page for setcookie(). Most of the interesting ones seem to involve using header(SetCookie . . .) instead of the setcookie() function. I tried a few, including the pass-every-parameter-to-setcookie-even-if-you're-not-really-using-them workaround, to no avail. Is this a well known problem, with a well known solution? Thanks, Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] SetCookie weirdness
This is actually a security feature of cookies, so that domains that dont match your cookie cannot read personal details set by another site. Don't worry, its all in order ;) Ray Hilton - [EMAIL PROTECTED] http://rayh.co.uk -Original Message- From: Tomaz Kovacic [mailto:[EMAIL PROTECTED]] Sent: 19 June 2001 12:36 To: [EMAIL PROTECTED] Subject: [PHP] SetCookie weirdness Hi! Last night I've found some interesting cookie behavior. I was testing some script on my local server, so I used short version of domain ( http://www ) to reach local webserver. My script stopped working, so I started to investigate a little bit what's goin on.. I've managed to get my script working only when i user SetCookie command with only 3 parameters: SetCookie (mycookie, $cookie, time()+1200); My usual form of setting cookie is with all 6 arguments like: SetCookie(mycookie, $cookie, time()+1200, /, .domain.com, 0); But if I use longer form if domain: www.local (same as www.somedomaing.com) my longer form of setting cookie started to work again. Weird. Anyone experianced similar problems? Tomaz
RE: [PHP] SetCookie weirdness
along with domains, cookies respect directories. for example: i'd have a script in '/somewhere' and another script in '/another' and when they'd try to use the same cookies, it wouldnt work... i had to actually specify a path of '/' for both of them to be able to use the same cookies. -Original Message- From: Ray Hilton [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 20, 2001 3:26 AM To: 'Tomaz Kovacic'; [EMAIL PROTECTED] Subject: RE: [PHP] SetCookie weirdness This is actually a security feature of cookies, so that domains that dont match your cookie cannot read personal details set by another site. Don't worry, its all in order ;) Ray Hilton - [EMAIL PROTECTED] http://rayh.co.uk -Original Message- From: Tomaz Kovacic [mailto:[EMAIL PROTECTED]] Sent: 19 June 2001 12:36 To: [EMAIL PROTECTED] Subject: [PHP] SetCookie weirdness Hi! Last night I've found some interesting cookie behavior. I was testing some script on my local server, so I used short version of domain ( http://www ) to reach local webserver. My script stopped working, so I started to investigate a little bit what's goin on.. I've managed to get my script working only when i user SetCookie command with only 3 parameters: SetCookie (mycookie, $cookie, time()+1200); My usual form of setting cookie is with all 6 arguments like: SetCookie(mycookie, $cookie, time()+1200, /, .domain.com, 0); But if I use longer form if domain: www.local (same as www.somedomaing.com) my longer form of setting cookie started to work again. Weird. Anyone experianced similar problems? Tomaz -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] setcookie()
BTW here's my php.ini file. many thanks! - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, May 07, 2001 10:48 AM Subject: [PHP] setcookie() Hi all, I have just migrated my scripts from redhat linux 6.2 and apache to win nt4 and IIS 4. I've been having problems with setting cookies though. Same piece of code from the linux version won't work at the Win NT/IIS site. Example of my code: $username = test; $password = testpass; $kookieko = kookienimona; setcookie(username, $username, 0); setcookie(password2, $password, 1); setcookie(kookieko2, $kookieko, 2); BTW I've installed php4.05 using the self-extracting installer I've downloaded from php.net. Please check my php.ini file if it is correct. Please help. I'm already at my wits end. Thanks so much! Patrick -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] setcookie().. how to retrieve data afterward?
If you just echo $userid you will get the results.
do this
setcookie ("cookie_variable", "chocalate chip", 1, "", "", 1);
echo $cookie_variable
You can name the cookie_variable whatever you want and that will be referenced
as the variable to store "chocalate chip".
Now if you want to see the value from within a function you will need to also do
this:
global $HTTP_COOKIE_VARS;
this will enable you to see the values stored in the cookies.
Andrew Rose wrote:
Ive been playing with setcookie() and am stuck with trying to re-pull the
infomation I set, I use:
setcookie ("user_id", $userid, 1, "", "", 1);
to set the cookie and:
if(isset( $user_id )){
echo " cookie 'user_id': $user_id\n";
} else
echo" no cookie set ...\n";
}
to see if its there.. now this is the closest Ive seen anyone else do it and
to me it dosnt make much sense at all the code for retrieving.. also it
dosnt work.. suprise suprise.. so anyone know how to do this?
thanks in advance
-Andrew Rose
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
___
Jack Sasportas
Innovative Internet Solutions
Phone 305.665.2500
Fax 305.665.2551
www.innovativeinternet.com
www.web56.net
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] setcookie().. how to retrieve data afterward?
cheers Jack but Ive tried this and get the error msg:
Warning: Undefined variable: user_id in
C:/XITAMI/webpages/netrux/intothemain.php on line 14
so its not setting the varible by the looks of it any ideas? cheers
Jack Sasportas wrote in message
[EMAIL PROTECTED]...
If you just echo $userid you will get the results.
do this
setcookie ("cookie_variable", "chocalate chip", 1, "", "", 1);
echo $cookie_variable
You can name the cookie_variable whatever you want and that will be
referenced
as the variable to store "chocalate chip".
Now if you want to see the value from within a function you will need to
also do
this:
global $HTTP_COOKIE_VARS;
this will enable you to see the values stored in the cookies.
Andrew Rose wrote:
Ive been playing with setcookie() and am stuck with trying to re-pull the
infomation I set, I use:
setcookie ("user_id", $userid, 1, "", "", 1);
to set the cookie and:
if(isset( $user_id )){
echo " cookie 'user_id': $user_id\n";
} else
echo" no cookie set ...\n";
}
to see if its there.. now this is the closest Ive seen anyone else do it
and
to me it dosnt make much sense at all the code for retrieving.. also it
dosnt work.. suprise suprise.. so anyone know how to do this?
thanks in advance
-Andrew Rose
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
___
Jack Sasportas
Innovative Internet Solutions
Phone 305.665.2500
Fax 305.665.2551
www.innovativeinternet.com
www.web56.net
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Setcookie not working
Someone on this list mentioned, Internet Explorer does not accept cookie that
has timeout less than 7200 sec from current time. (PC's clock) How about try
longer timeout?
PS: Is this information is correct? Anyone? Correct me if it is wrong info.
--
Yasuo Ohgaki
""Sean Weissensee"" [EMAIL PROTECTED] wrote in message
011e01c0b845$ad8fa3a0$0200a8c0@Win98">news:011e01c0b845$ad8fa3a0$0200a8c0@Win98...
When I use set cookie with an expire value it does not retain the value ?
setcookie ("TestCookie2", "test", $value,time()+3600);
I am using echo $TestCookie2; or
echo $HTTP_COOKIE_VARS["TestCookie2"];
in another page to view the value
Sean Weissensee
Ion Solutions
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] setcookie don't work well...
you have to set to path and the domain name too...
setcookie('vote', '1', $time, '/', '.someite.com');
--
Chris Lee
Mediawaveonline.com
ph. 250.377.1095
ph. 250.376.2690
fx. 250.554.1120
[EMAIL PROTECTED]
""Nuno Costa"" [EMAIL PROTECTED] wrote in message
000e01c09ff0$feee9570$1e01a8c0@ncosta">news:000e01c09ff0$feee9570$1e01a8c0@ncosta...
I try to use this function to prevent that the same visitor vote for more
than one time in a hour but it don't work, the code is this:
if($vote!=1)
{
$time=time();
$time=$time + 36000;
setcookie("vote","1",$time);
}
If the visitor vote, the vote counts, than if he try to vote again the vote
don't count, but if he try again it counts, the cookie is delete and i don't
know why, i use IE 5.5.
Can some one help me.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
