I got it to work, but the solution is a bit complex, so bear with me. What’s happening As it is, Internet Explorer gives lower level of trust to IFRAME pages (IE calls this “third-party” content). If the page inside the IFRAME doesn’t have a Privacy Policy, its cookies are blocked (which is indicated by … Read more
Yes, it is absolutely possible to get the cookie from domain1.com by domain2.com. I had the same problem for a social plugin of my social network, and after a day of research I found the solution. First, on the server side you need to have the following headers: header(“Access-Control-Allow-Origin: http://origin.domain:port”); header(“Access-Control-Allow-Credentials: true”); header(“Access-Control-Allow-Methods: GET, POST”); … Read more
Improved Persistent Login Cookie Best Practice You could use this strategy described here as best practice (2006) or an updated strategy described here (2015): When the user successfully logs in with Remember Me checked, a login cookie is issued in addition to the standard session management cookie. The login cookie contains a series identifier and … Read more
Cookies and local storage serve different purposes. Cookies are primarily for reading server-side, local storage can only be read by the client-side. So the question is, in your app, who needs this data — the client or the server? If it’s your client (your JavaScript), then by all means switch. You’re wasting bandwidth by sending … Read more
If you set a cookie like this: Set-Cookie: name=value then the cookie will only apply to the request domain, and will only be sent for requests to the exact same domain, not any other subdomains. (See What is a host only cookie?) Two different domains (e.g. mydomain.com and subdomain.mydomain.com, or sub1.mydomain.com and sub2.mydomain.com) can only … Read more
I find the following code to be much simpler than anything else: function setCookie(name,value,days) { var expires = “”; if (days) { var date = new Date(); date.setTime(date.getTime() + (days*24*60*60*1000)); expires = “; expires=” + date.toUTCString(); } document.cookie = name + “=” + (value || “”) + expires + “; path=/”; } function getCookie(name) { … Read more
Here are functions you can use for creating and retrieving cookies. function createCookie(name, value, days) { var expires; if (days) { var date = new Date(); date.setTime(date.getTime() + (days * 24 * 60 * 60 * 1000)); expires = “; expires=” + date.toGMTString(); } else { expires = “”; } document.cookie = name + “=” … Read more
Update April 2019 jQuery isn’t needed for cookie reading/manipulation, so don’t use the original answer below. Go to https://github.com/js-cookie/js-cookie instead, and use the library there that doesn’t depend on jQuery. Basic examples: // Set a cookie Cookies.set(‘name’, ‘value’); // Read the cookie Cookies.get(‘name’) => // => ‘value’ See the docs on github for details. Before … Read more
You should implement a session timeout of your own. Both options mentioned by others (session.gc_maxlifetime and session.cookie_lifetime) are not reliable. I’ll explain the reasons for that. First: session.gc_maxlifetime session.gc_maxlifetime specifies the number of seconds after which data will be seen as ‘garbage’ and cleaned up. Garbage collection occurs during session start. But the garbage collector … Read more
Here’s a non-exhaustive list of problems/solutions: Your code is difficult to read because it is not properly indented. You should use prepared statemens to guard against SQL-injection. You give hints to hackers by having different error messages. When the username is correct and the password wrong you say: “Login/Password Incorrect :(“, but if the username … Read more