Menu
Quick question: One can set the path where a cookie is valid, but is it also possible to get (read) this path from the cookie (in PHP)?
Or else: is it possible to extend a cookie's time, without knowing what path it's on (but keeping the path the same)?
727
TL:DR; You cannot read through cookies based on path using javascript. In JavaScript, you can only set or get cookies by using the internal object document. cookie . And the content of this object will be a string of key value pairs of non-httpOnly cookie names and values separated by a ; .
Cookies are always stored in the client. The path only sets restrictions to what remote pages can access said cookies. For example, if you set a cookie with the path "/foo/" then only pages in the directory "/foo/" and subdirectories of "/foo/" can read the cookie.
To view all cookies stored in Chrome: Click on the three dots at the top right corner and click Settings. Select Privacy and security and click Cookies and other site data. Click See all cookies and site data.
Set a cookie path The path parameter specifies a document location for the cookie, so it's assigned to a specific path, and sent to the server only if the path matches the current document location, or a parent: document.
There is no way for PHP to read path of the cookie because browser sends to the server only values of the cookies that should be sent, nothing more.
You might try to re-set cookie without giving path but I highly doubt it will work. There might be many different relevant cookies with same name and less and more precise paths. If you tried to set up cookie with same name but without path browser would not know which of the cookies it should update (maybe the one wit most precise path? but that could lead to (security?) errors when precise cookie you expect to be set is not set).
144
Since most browsers still use Netscape’s specification (see cached version of http://wp.netscape.com/newsref/std/cookie_spec.html) and not the one specified in RFC 2109 or RFC 2965, the list elements in the Cookie request header field will only consist of the name and value pair:
When requesting a URL from an HTTP server, the browser will match the URL against all cookies and if any of them match, a line containing the name/value pairs of all matching cookies will be included in the HTTP request. Here is the format of that line:
Cookie: NAME1=OPAQUE_STRING1; NAME2=OPAQUE_STRING2 ...
Only the newer specifications (RFC 2109 and RFC 2965) allow the client to send the path within the request (excerpt from RFC 2109):
The syntax for the header is:
cookie = "Cookie:" cookie-version 1*((";" | ",") cookie-value) cookie-value = NAME "=" VALUE [";" path] [";" domain] cookie-version = "$Version" "=" value NAME = attr VALUE = value path = "$Path" "=" value domain = "$Domain" "=" value
[…] The value for the path attribute must be the value from the Path attribute, if any, of the corresponding Set-Cookie response header. Otherwise the attribute should be omitted from the Cookie request header. […]
34
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
