473,890 Members | 1,287 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

sending multiple cookies with file_get_conten ts()

404 Contributor
I've been using stream_context_ create() to send cookies along with a file_get_conten ts() call when requesting a remote page. This is useful if I need to pass information to the remote page that my server can't pass, like a login form. This works perfectly well when I've got a single cookie, or multiple cookies on the same domain and path, but what if I need to send multiple cookies that work for multiple different domains or paths?

Here's an example code:

Expand|Select|Wrap|Line Numbers
  1. <?php
  2. $cookies = array("Cookie: testcookie=blah; testcookie2=haha; path=/; domain=infectionist.com;");
  3. $opts = array('http' => array('header' => $cookies));
  4. $context = stream_context_create($opts);
  5. $html = file_get_contents("http://infectionist.com/misc/testing/cookie.php?do=view", false, $context);
  6. echo $html;
  7. ?>
This will utilize a quick script that I wrote that displays the values of 2 cookies named "testcookie " and "testcookie 2". Notice in the cookies array, I've got both cookies set, and since both work on the same path and domain, they both appear properly. But I've got a page that I need to retrieve while sending multiple cookies from multiple domains (actually subdomains of the requested domain) and/or paths.

How might I accomplish this? I tried making my cookies array have multiple values, like this:

Expand|Select|Wrap|Line Numbers
  1. $cookies = array("Cookie: testcookie=blah; path=/; domain=infectionist.com;", "Cookie: testcookie2=haha; path=/; domain=infectionist.com;");
But that didn't work, only the first cookie was set. I can't seem to figure out how this might be done, but I'm sure someone else has done it before. Any help with this will be greatly appreciated!
Apr 19 '10 #1
5 14910
5,058 Recognized Expert Expert

Unless I am misunderstandin g you, I think you may be misunderstandin g how the Cookie header should be used. The path and domain meta-values are meant to be used with the Set-Cookie header, but not the Cookie header.

For example, say a page located at example.com/cookie/ sends the following header when you first request it:
Expand|Select|Wrap|Line Numbers
  1. Set-Cookie: key=value; path=/cookie; domain=example.com
The path and domain values are used by the browser to determine where the cookie belongs; so the browser knows which URL to send the cookie to. After receiving that header, the browser should be adding the following header to any requests to the example.com/cookie/ URL.
Expand|Select|Wrap|Line Numbers
  1. Cookie: key=value
There is no point in passing the path and domain values back to the server. There is no security benefit to it, and even if the cookie was mistakenly sent to the wrong domain/path, the server-side code shouldn't mind an extra cookie being sent.

Your first example used this:
Expand|Select|Wrap|Line Numbers
  1. Cookie: testcookie=blah; testcookie2=haha; path=/; domain=infectionist.com;
On the server, the path and domain values, which I assume you mean to be meta-values (to indicate where the cookie belongs), would in fact be considered the third and fourth key-pair cookie data values. Dumping the $_COOKIE array from a PHP request that includes that header would print:
Expand|Select|Wrap|Line Numbers
  1. array(4) {
  2.   ["testcookie"]=>
  3.   string(4) "blah"
  4.   ["testcookie2"]=>
  5.   string(4) "haha"
  6.   ["path"]=>
  7.   string(1) "/"
  8.   ["domain"]=>
  9.   string(16) "infectionist.com"
  10. }
That header should have just been like this:
Expand|Select|Wrap|Line Numbers
  1. Cookie: testcookie=blah; testcookie2=haha;
Apr 19 '10 #2
404 Contributor
I don't think you understood the question. I'm using a php function to retrieve a remote webpage from another server. This remote page displays different data based on cookies sent with the request. If the cookies are not set, it tells you to log in, if they are set, it displays the information I need. I need to send those cookies along with the request for the webpage, but there are multiple cookies from different domains that need to be sent for it to work, so I need to know how to send those multiple cookies with different domain values. I'm not trying to set a cookie on a client computer, I'm trying to make my server act as the client computer.
Apr 19 '10 #3
5,058 Recognized Expert Expert
That's what I though.

A Cookie header, sent by a client, does not include path or domain values. Those values are only used when the server sends a new cookie to the client. They are meant for the client software, so it can determine which requests should include the cookie.

There is no point in sending the path and domain values from the client to the server. A Cookie header should only include data pairs.

As an example, consider this stripped-down version of the HTTP headers in a cookie based shopping cart. Note the Host header of the requests and the domain part of the Set-Cookie headers.
Expand|Select|Wrap|Line Numbers
  1. ## Client login request
  2. POST /login.php HTTP\1.1
  3. Host: example.com
  5. username=myname&pwd=mypass&
  7. ## Server login response
  8. HTTP/1.1 200 OK
  9. Set-Cookie: loginid=123; path=/; domain=.example.com                                                                                                                    
  10. Set-Cookie: cartid=456; path=/; domain=shop.example.com
  13. ## Client adding a product to cart.
  14. GET /addProduct.php?pid=5 HTTP\1.1
  15. Host: shop.example.com
  16. Cookie: loginid=123; cartid=456;
  19. ## Server sets a total price cookie after
  20. ## adding the new product.
  21. HTTP/1.1 200 OK                                                                                                            
  22. Set-Cookie: carttotal=4.95; path=/; domain=shop.example.com
  24. ## Client adds another product.
  25. GET /addProduct.php?pid=10 HTTP\1.1
  26. Host: shop.example.com
  27. Cookie: loginid=123; cartid=456; carttotal=4.95;
  29. ## Server re-calculates and resets the total
  30. ## price cookie, after adding the product.
  31. HTTP/1.1 200 OK                                                                                                            
  32. Set-Cookie: carttotal=9.90; path=/; domain=shop.example.com
  34. ## Client logs out.
  35. GET /logout.php HTTP\1.1
  36. Host: example.com
  37. Cookie: loginid=123
  39. ## Server deletes all the cookies.
  40. HTTP/1.1 200 OK
  41. Set-Cookie: loginid=; expire=1; path=/; domain=.example.com                                                                                                                    
  42. Set-Cookie: cartid=; expire=1; path=/; domain=shop.example.com
  43. Set-Cookie: carttotal=; expire=1; path=/; domain=shop.example.com
My point here is that the none of the client requests include the path or domain in the Cookie header, and when the Host of the client request is not "shop.example.c om" the request omits the cookies that were specific to that domain.

Your PHP script should emulate that. The server accepts all cookies, regardless of which domain/path they were originally intended for. It is the client's responsibility to keep that restriction, and the server-side code's responsibility to simply ignore cookies it isn't expecting.
Apr 20 '10 #4
404 Contributor
Ok, so let's say I need to send these cookies:

a=1; path=/; domain=a.exampl e.com;
b=2; path=/; domain=b.exampl e.com;

The remote page requires that both cookies be sent, meaning 2 different domain values, but with my PHP script I only know how to send multiple cookies with the SAME domain value. So what you're saying is that I don't need to include the domain value at all, meaning my code in the first post could be this:

Expand|Select|Wrap|Line Numbers
  1. <?php 
  2. $cookies = array("Cookie: testcookie=blah; testcookie2=haha;"); 
  3. $opts = array('http' => array('header' => $cookies)); 
  4. $context = stream_context_create($opts); 
  5. $html = file_get_contents("http://infectionist.com/misc/testing/cookie.php?do=view", false, $context); 
  6. echo $html; 
  7. ?> 
And it would still work?

It does appear so, but I've only tested it on single-domain cookies, not those that require multiple domains.

One other question, if I might. How might I go about changing the expiry date of the cookie? I understand that this might be dictated by the server and not by the cookie, but I'd still like to know.

And also, so you can better understand, I'm logging into a page secured behind a .NET Passport login (using my own login information!) so that I can get achievement information for Xbox 360 games. You can only get this info if you're logged in. I got it working a little after I made this post (since it's cookies only need the single domain), but when I came back tonight it wouldn't work, leading me to assume the cookie had timed out (or the session on the server.)
Apr 20 '10 #5
5,058 Recognized Expert Expert
Yes, regardless of which domain the server intended the cookie to belong to, you can send it. The path and domain values should not be a part of the Cookie header. It should only list the "key=value" pairs you want the HTTP server to receive.

However, those two cookies you mentioned should never be sent together. They belong to separate domains, which a client should restrict them to. Having said that, there is nothing that actually stops you from sending them despite that.

One other question, if I might. How might I go about changing the expiry date of the cookie? I understand that this might be dictated by the server and not by the cookie, but I'd still like to know.
The expiration date of the cookie, much like the domain and path, are only meant for the client. The server does not keep track of these values, so your client can ignore them all if you want. - You don't have to change the expiration date. Your client has full control over whether or not it actually uses it.

However, if the cookie is storing some sort of session ID or some for of login information, the server may well keep track of the session on the server-side, and make the session time-out and become invalid. - For example, PHP sessions are automatically invalidated after a certain period of inactivity, after which the session ID that the cookie stores becomes useless.

Most login mechanisms use some form of session time-out functionality. It's a basic security feature, meant to make it harder to steal session cookies. - If you are indeed trying to pass session ID cookies, you would have to log in first to make sure the session is actually active.

I don't know details about .Net session capabilities, but even thought it is a M$ technology, I think it is safe to assume they have gotten this stuff right by now.
Apr 20 '10 #6

Sign in to post your reply or Sign up for a free account.

Similar topics

by: Anonymous | last post by:
Hi! I've got an unusual problem here. I'm trying to write a PHP script that behaves like a web client. Why? I want to automatically check specific URLs for changes. I'm using file_get_contents(URL) to read the pages and this seems to work just fine as long as there are no logins, sessions or cookies. But I'm getting a new PHPSESSID from the site whenever I get a new page
by: Ohaya | last post by:
Hi, I'm trying to understand a situation where ASP seems to be "blocking" of "queuing" requests. This is on a Win2K Advanced Server, with IIS5. I've seen some posts (e.g., http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=Tidy7IDbDHA.2108%40cpmsftngxa06.phx.gbl) that indicate that ASP will queue up requests when they come in with the same "session".
by: Michael Evanchik | last post by:
Hello all, since i wanted to use ssl and its seems easy to do so with this object. Im trying to login to a webserver (aol) for this example. But for some reason, im packet sniffing with ethreal and cookies are not being sent along with the header and post data. here is the code im using. Can anyone please tell me why this is happening? I do not want to go back to using VB6 and the inet control!!! If you notice in my class below, i...
by: Beryl Small | last post by:
Hi, I have a third party software that needs to send information to an .aspx page for processing to communicate with an SQL database. The software sends the information something like this: Mypage.aspx?Password=Mypassword When this request hits the page, I need to pull that variable Mypassword to use in my VB function to query the database. I'm confused on how to get it. I tried using
by: Damiro | last post by:
In building an application, I am trying to capture the content of a page to see if the user has permission to view it. If they have permission, show the link. The user logs into the system and it sets a cookie. I'm trying to look for the cookie, but it doesn't show any. When I view the page directly, I do see the cookie. I'm using file_get_contents currently. Is there another way to do this so that cookies work?
by: howa | last post by:
are there any advantage in replacing all fread() operations with file_get_contents() ? i.e. file_get_contents("/usr/local/something.txt") VS $filename = "/usr/local/something.txt";
by: barrybevel | last post by:
Hi, I have a very small simple program below which does the following: 1) post a username & password to a website - THIS WORKS 2) follow a link - THIS WORKS 3) update values of 2 fields and post the form - ERROR! This works fine using firefox even with javascript turned off. But when using Perl (v5.8.8 on FC5) I get a page back stating an error has occured: "We're sorry, an error has occurred. Please review the error below There has...
by: Sonnich | last post by:
Can anyone give me a quick hint for this? Say, I have: <SELECT NAME="opt3" SIZE="15" multiple> Then I'd like to list the items selected... echo $_POST; but this gives only the first one how do I get the rest?
by: ofiras | last post by:
Hello everyone, How can I sand a post to a web page? I want that when the page is trying to fetch a post variable, it will be something the program defined first. Please help, Ofir.
by: pac1250 | last post by:
Hi, I am searching how to solve a problem and I dont find it :( I want to access a page from a script behind a proxy : (my script) <-(a proxy with authentification) <-(https serveur with authentification) -----------------------------------------------------------------
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.