Weird domain seting in setcookie()
Weird domain seting in setcookie()
am 14.07.2009 17:31:56 von Michelle Konzack
--=_vserver1-10693-1247585791-0001-2
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hello,
on two websites I have encountered that cookies are not working properly
and are accesibel from other subdomains which I do not want. The line
is:
setcookie('AdminOnCrack', $drug, $timeout, '/', $_SERVER['HTTP_HOST']);
but the "domain" is always prefixed with a ".".
OK, now I have tested it using:
setcookie('AdminOnCrack', $drug, $timeout, '/', 'myspace.tdwave.net');
but with the same problem. I do not want that the cookies are available
in <*.myspace.tdwave.net>.
Any suggestions?
Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator
--=20
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack c/o Shared Office KabelBW ICQ #328449886
+49/177/9351947 Blumenstasse 2 MSN LinuxMichi
+33/6/61925193 77694 Kehl/Germany IRC #Debian (irc.icq.com)
--=_vserver1-10693-1247585791-0001-2
Content-Type: application/pgp-signature; name="signature.pgp"
Content-Transfer-Encoding: 7bit
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFKXKTqC0FPBMSS+BIRAv5QAJ4kl/B90qNgf1WJnH/nLclF8Bn3GgCe PXU0
qeE2wOsXjf8rWvukast1GFQ=
=KEJW
-----END PGP SIGNATURE-----
--=_vserver1-10693-1247585791-0001-2--
RE: Weird domain seting in setcookie()
am 14.07.2009 17:46:16 von Bob McConnell
From: Michelle Konzack
>=20
> on two websites I have encountered that cookies are not working
properly
> and are accesibel from other subdomains which I do not want. The
line
> is:
>=20
> setcookie('AdminOnCrack', $drug, $timeout, '/',
$_SERVER['HTTP_HOST']);
>=20
> but the "domain" is always prefixed with a ".".
>=20
> OK, now I have tested it using:
>=20
> setcookie('AdminOnCrack', $drug, $timeout, '/', 'myspace.tdwave.net');
>=20
> but with the same problem. I do not want that the cookies are
available
> in <*.myspace.tdwave.net>.
>=20
> Any suggestions?
In Firefox 3.0 under Tools->Options->Privacy, uncheck "Accept
third-party cookies".
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: Weird domain seting in setcookie()
am 14.07.2009 18:42:21 von Michelle Konzack
--=_vserver1-24675-1247590044-0001-2
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hi Bob,
Am 2009-07-14 11:46:16, schrieb Bob McConnell:
> In Firefox 3.0 under Tools->Options->Privacy, uncheck "Accept
> third-party cookies".
What has this to do with the Webbrowser?
In the PHP manual it is written:
----[ url 'http://de.php.net/manual/en/function.setcookie.php' ]--------
domain
The domain that the cookie is available. To make the cookie available on
all subdomains of example.com then you'd set it to '.example.com'. The .
is not required but makes it compatible with more browsers. Setting it
to www.example.com will make the cookie only available in the www
subdomain. Refer to tail matching in the =BB spec for details.
------------------------------------------------------------ ------------
This mean, if I wan to have the COOKIE available in the subdomains
foo.myspace.tdwave.net
bar.myspace.tdwave.net
baz.myspace.tdwave.net
I have to use the domain ".myspace.tdwave.net" with a preceding DOT. But
this is not what I want because I want to have the COOKIE only available
in
myspace.tdwave.net
so, I have set the the domain explicit to "myspace.tdwave.net" which
should register the cookie as it is according to the PHP manual or not?
Thanks, Greetings and nice Day/Evening
Michelle Konzack
--=20
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack c/o Shared Office KabelBW ICQ #328449886
+49/177/9351947 Blumenstasse 2 MSN LinuxMichi
+33/6/61925193 77694 Kehl/Germany IRC #Debian (irc.icq.com)
--=_vserver1-24675-1247590044-0001-2
Content-Type: application/pgp-signature; name="signature.pgp"
Content-Transfer-Encoding: 7bit
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFKXLVtC0FPBMSS+BIRAg8bAKDRfh/Hx75CGqvN01QeJreCDz/DsACf RIRP
qqGlW3tpG2VbRrVgwFWE40o=
=JZ3T
-----END PGP SIGNATURE-----
--=_vserver1-24675-1247590044-0001-2--
Re: Weird domain seting in setcookie()
am 14.07.2009 19:06:04 von dbrooke
Michelle Konzack wrote:
[snip]
> so, I have set the the domain explicit to "myspace.tdwave.net" which
> should register the cookie as it is according to the PHP manual or not?
>
> Thanks, Greetings and nice Day/Evening
> Michelle Konzack
the above will still make the cookie available to:
> foo.myspace.tdwave.net
> bar.myspace.tdwave.net
> baz.myspace.tdwave.net
Donovan
--
=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o
D. BROOKE EUCA Design Center
WebDNA Software Corp.
WEB:> http://www.euca.us | http://www.webdna.us
=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o
WebDNA: [** Square Bracket Utopia **]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php