Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is it possible to get a stored cookie's path?

Tags:

http

php

cookies

Quick question: One can set the path where a cookie is valid, but is it also possible to get (read) this path from the cookie (in PHP)?

Or else: is it possible to extend a cookie's time, without knowing what path it's on (but keeping the path the same)?

like image 727
RemiX Avatar asked May 10 '10 13:05

RemiX


People also ask

How do I find my cookie path?

TL:DR; You cannot read through cookies based on path using javascript. In JavaScript, you can only set or get cookies by using the internal object document. cookie . And the content of this object will be a string of key value pairs of non-httpOnly cookie names and values separated by a ; .

Where are PHP cookies stored?

Cookies are always stored in the client. The path only sets restrictions to what remote pages can access said cookies. For example, if you set a cookie with the path "/foo/" then only pages in the directory "/foo/" and subdirectories of "/foo/" can read the cookie.

Where can I find Chrome cookies?

To view all cookies stored in Chrome: Click on the three dots at the top right corner and click Settings. Select Privacy and security and click Cookies and other site data. Click See all cookies and site data.

What is path in set cookie?

Set a cookie path The path parameter specifies a document location for the cookie, so it's assigned to a specific path, and sent to the server only if the path matches the current document location, or a parent: document.


2 Answers

There is no way for PHP to read path of the cookie because browser sends to the server only values of the cookies that should be sent, nothing more.

You might try to re-set cookie without giving path but I highly doubt it will work. There might be many different relevant cookies with same name and less and more precise paths. If you tried to set up cookie with same name but without path browser would not know which of the cookies it should update (maybe the one wit most precise path? but that could lead to (security?) errors when precise cookie you expect to be set is not set).

like image 144
Kamil Szot Avatar answered Nov 02 '22 23:11

Kamil Szot


Since most browsers still use Netscape’s specification (see cached version of http://wp.netscape.com/newsref/std/cookie_spec.html) and not the one specified in RFC 2109 or RFC 2965, the list elements in the Cookie request header field will only consist of the name and value pair:

When requesting a URL from an HTTP server, the browser will match the URL against all cookies and if any of them match, a line containing the name/value pairs of all matching cookies will be included in the HTTP request. Here is the format of that line:

Cookie: NAME1=OPAQUE_STRING1; NAME2=OPAQUE_STRING2 ...

Only the newer specifications (RFC 2109 and RFC 2965) allow the client to send the path within the request (excerpt from RFC 2109):

The syntax for the header is:

cookie          =       "Cookie:" cookie-version
                        1*((";" | ",") cookie-value)
cookie-value    =       NAME "=" VALUE [";" path] [";" domain]
cookie-version  =       "$Version" "=" value
NAME            =       attr
VALUE           =       value
path            =       "$Path" "=" value
domain          =       "$Domain" "=" value

[…] The value for the path attribute must be the value from the Path attribute, if any, of the corresponding Set-Cookie response header. Otherwise the attribute should be omitted from the Cookie request header. […]

like image 34
Gumbo Avatar answered Nov 03 '22 01:11

Gumbo