472,328 Members | 1,224 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 472,328 software developers and data experts.

sending multiple cookies with file_get_contents()

404 256MB
I've been using stream_context_create() to send cookies along with a file_get_contents() call when requesting a remote page. This is useful if I need to pass information to the remote page that my server can't pass, like a login form. This works perfectly well when I've got a single cookie, or multiple cookies on the same domain and path, but what if I need to send multiple cookies that work for multiple different domains or paths?

Here's an example code:

Expand|Select|Wrap|Line Numbers
  1. <?php
  2. $cookies = array("Cookie: testcookie=blah; testcookie2=haha; path=/; domain=infectionist.com;");
  3. $opts = array('http' => array('header' => $cookies));
  4. $context = stream_context_create($opts);
  5. $html = file_get_contents("http://infectionist.com/misc/testing/cookie.php?do=view", false, $context);
  6. echo $html;
  7. ?>
This will utilize a quick script that I wrote that displays the values of 2 cookies named "testcookie" and "testcookie2". Notice in the cookies array, I've got both cookies set, and since both work on the same path and domain, they both appear properly. But I've got a page that I need to retrieve while sending multiple cookies from multiple domains (actually subdomains of the requested domain) and/or paths.

How might I accomplish this? I tried making my cookies array have multiple values, like this:

Expand|Select|Wrap|Line Numbers
  1. $cookies = array("Cookie: testcookie=blah; path=/; domain=infectionist.com;", "Cookie: testcookie2=haha; path=/; domain=infectionist.com;");
But that didn't work, only the first cookie was set. I can't seem to figure out how this might be done, but I'm sure someone else has done it before. Any help with this will be greatly appreciated!
Apr 19 '10 #1
5 14563
5,058 Expert 4TB

Unless I am misunderstanding you, I think you may be misunderstanding how the Cookie header should be used. The path and domain meta-values are meant to be used with the Set-Cookie header, but not the Cookie header.

For example, say a page located at example.com/cookie/ sends the following header when you first request it:
Expand|Select|Wrap|Line Numbers
  1. Set-Cookie: key=value; path=/cookie; domain=example.com
The path and domain values are used by the browser to determine where the cookie belongs; so the browser knows which URL to send the cookie to. After receiving that header, the browser should be adding the following header to any requests to the example.com/cookie/ URL.
Expand|Select|Wrap|Line Numbers
  1. Cookie: key=value
There is no point in passing the path and domain values back to the server. There is no security benefit to it, and even if the cookie was mistakenly sent to the wrong domain/path, the server-side code shouldn't mind an extra cookie being sent.

Your first example used this:
Expand|Select|Wrap|Line Numbers
  1. Cookie: testcookie=blah; testcookie2=haha; path=/; domain=infectionist.com;
On the server, the path and domain values, which I assume you mean to be meta-values (to indicate where the cookie belongs), would in fact be considered the third and fourth key-pair cookie data values. Dumping the $_COOKIE array from a PHP request that includes that header would print:
Expand|Select|Wrap|Line Numbers
  1. array(4) {
  2.   ["testcookie"]=>
  3.   string(4) "blah"
  4.   ["testcookie2"]=>
  5.   string(4) "haha"
  6.   ["path"]=>
  7.   string(1) "/"
  8.   ["domain"]=>
  9.   string(16) "infectionist.com"
  10. }
That header should have just been like this:
Expand|Select|Wrap|Line Numbers
  1. Cookie: testcookie=blah; testcookie2=haha;
Apr 19 '10 #2
404 256MB
I don't think you understood the question. I'm using a php function to retrieve a remote webpage from another server. This remote page displays different data based on cookies sent with the request. If the cookies are not set, it tells you to log in, if they are set, it displays the information I need. I need to send those cookies along with the request for the webpage, but there are multiple cookies from different domains that need to be sent for it to work, so I need to know how to send those multiple cookies with different domain values. I'm not trying to set a cookie on a client computer, I'm trying to make my server act as the client computer.
Apr 19 '10 #3
5,058 Expert 4TB
That's what I though.

A Cookie header, sent by a client, does not include path or domain values. Those values are only used when the server sends a new cookie to the client. They are meant for the client software, so it can determine which requests should include the cookie.

There is no point in sending the path and domain values from the client to the server. A Cookie header should only include data pairs.

As an example, consider this stripped-down version of the HTTP headers in a cookie based shopping cart. Note the Host header of the requests and the domain part of the Set-Cookie headers.
Expand|Select|Wrap|Line Numbers
  1. ## Client login request
  2. POST /login.php HTTP\1.1
  3. Host: example.com
  5. username=myname&pwd=mypass&
  7. ## Server login response
  8. HTTP/1.1 200 OK
  9. Set-Cookie: loginid=123; path=/; domain=.example.com                                                                                                                    
  10. Set-Cookie: cartid=456; path=/; domain=shop.example.com
  13. ## Client adding a product to cart.
  14. GET /addProduct.php?pid=5 HTTP\1.1
  15. Host: shop.example.com
  16. Cookie: loginid=123; cartid=456;
  19. ## Server sets a total price cookie after
  20. ## adding the new product.
  21. HTTP/1.1 200 OK                                                                                                            
  22. Set-Cookie: carttotal=4.95; path=/; domain=shop.example.com
  24. ## Client adds another product.
  25. GET /addProduct.php?pid=10 HTTP\1.1
  26. Host: shop.example.com
  27. Cookie: loginid=123; cartid=456; carttotal=4.95;
  29. ## Server re-calculates and resets the total
  30. ## price cookie, after adding the product.
  31. HTTP/1.1 200 OK                                                                                                            
  32. Set-Cookie: carttotal=9.90; path=/; domain=shop.example.com
  34. ## Client logs out.
  35. GET /logout.php HTTP\1.1
  36. Host: example.com
  37. Cookie: loginid=123
  39. ## Server deletes all the cookies.
  40. HTTP/1.1 200 OK
  41. Set-Cookie: loginid=; expire=1; path=/; domain=.example.com                                                                                                                    
  42. Set-Cookie: cartid=; expire=1; path=/; domain=shop.example.com
  43. Set-Cookie: carttotal=; expire=1; path=/; domain=shop.example.com
My point here is that the none of the client requests include the path or domain in the Cookie header, and when the Host of the client request is not "shop.example.com" the request omits the cookies that were specific to that domain.

Your PHP script should emulate that. The server accepts all cookies, regardless of which domain/path they were originally intended for. It is the client's responsibility to keep that restriction, and the server-side code's responsibility to simply ignore cookies it isn't expecting.
Apr 20 '10 #4
404 256MB
Ok, so let's say I need to send these cookies:

a=1; path=/; domain=a.example.com;
b=2; path=/; domain=b.example.com;

The remote page requires that both cookies be sent, meaning 2 different domain values, but with my PHP script I only know how to send multiple cookies with the SAME domain value. So what you're saying is that I don't need to include the domain value at all, meaning my code in the first post could be this:

Expand|Select|Wrap|Line Numbers
  1. <?php 
  2. $cookies = array("Cookie: testcookie=blah; testcookie2=haha;"); 
  3. $opts = array('http' => array('header' => $cookies)); 
  4. $context = stream_context_create($opts); 
  5. $html = file_get_contents("http://infectionist.com/misc/testing/cookie.php?do=view", false, $context); 
  6. echo $html; 
  7. ?> 
And it would still work?

It does appear so, but I've only tested it on single-domain cookies, not those that require multiple domains.

One other question, if I might. How might I go about changing the expiry date of the cookie? I understand that this might be dictated by the server and not by the cookie, but I'd still like to know.

And also, so you can better understand, I'm logging into a page secured behind a .NET Passport login (using my own login information!) so that I can get achievement information for Xbox 360 games. You can only get this info if you're logged in. I got it working a little after I made this post (since it's cookies only need the single domain), but when I came back tonight it wouldn't work, leading me to assume the cookie had timed out (or the session on the server.)
Apr 20 '10 #5
5,058 Expert 4TB
Yes, regardless of which domain the server intended the cookie to belong to, you can send it. The path and domain values should not be a part of the Cookie header. It should only list the "key=value" pairs you want the HTTP server to receive.

However, those two cookies you mentioned should never be sent together. They belong to separate domains, which a client should restrict them to. Having said that, there is nothing that actually stops you from sending them despite that.

One other question, if I might. How might I go about changing the expiry date of the cookie? I understand that this might be dictated by the server and not by the cookie, but I'd still like to know.
The expiration date of the cookie, much like the domain and path, are only meant for the client. The server does not keep track of these values, so your client can ignore them all if you want. - You don't have to change the expiration date. Your client has full control over whether or not it actually uses it.

However, if the cookie is storing some sort of session ID or some for of login information, the server may well keep track of the session on the server-side, and make the session time-out and become invalid. - For example, PHP sessions are automatically invalidated after a certain period of inactivity, after which the session ID that the cookie stores becomes useless.

Most login mechanisms use some form of session time-out functionality. It's a basic security feature, meant to make it harder to steal session cookies. - If you are indeed trying to pass session ID cookies, you would have to log in first to make sure the session is actually active.

I don't know details about .Net session capabilities, but even thought it is a M$ technology, I think it is safe to assume they have gotten this stuff right by now.
Apr 20 '10 #6

Sign in to post your reply or Sign up for a free account.

Similar topics

by: Anonymous | last post by:
Hi! I've got an unusual problem here. I'm trying to write a PHP script that behaves like a web client. Why? I want to automatically check...
by: Ohaya | last post by:
Hi, I'm trying to understand a situation where ASP seems to be "blocking" of "queuing" requests. This is on a Win2K Advanced Server, with IIS5....
by: Michael Evanchik | last post by:
Hello all, since i wanted to use ssl and its seems easy to do so with this object. Im trying to login to a webserver (aol) for this example. But...
by: Beryl Small | last post by:
Hi, I have a third party software that needs to send information to an .aspx page for processing to communicate with an SQL database. The software...
by: Damiro | last post by:
In building an application, I am trying to capture the content of a page to see if the user has permission to view it. If they have permission, ...
by: howa | last post by:
are there any advantage in replacing all fread() operations with file_get_contents() ? i.e. file_get_contents("/usr/local/something.txt") ...
by: barrybevel | last post by:
Hi, I have a very small simple program below which does the following: 1) post a username & password to a website - THIS WORKS 2) follow a link...
by: Sonnich | last post by:
Can anyone give me a quick hint for this? Say, I have: <SELECT NAME="opt3" SIZE="15" multiple> Then I'd like to list the items selected......
by: ofiras | last post by:
Hello everyone, How can I sand a post to a web page? I want that when the page is trying to fetch a post variable, it will be something the...
by: pac1250 | last post by:
Hi, I am searching how to solve a problem and I dont find it :( I want to access a page from a script behind a proxy : (my script) <-(a proxy...
by: tammygombez | last post by:
Hey fellow JavaFX developers, I'm currently working on a project that involves using a ComboBox in JavaFX, and I've run into a bit of an issue....
by: tammygombez | last post by:
Hey everyone! I've been researching gaming laptops lately, and I must say, they can get pretty expensive. However, I've come across some great...
by: concettolabs | last post by:
In today's business world, businesses are increasingly turning to PowerApps to develop custom business applications. PowerApps is a powerful tool...
by: Kemmylinns12 | last post by:
Blockchain technology has emerged as a transformative force in the business world, offering unprecedented opportunities for innovation and...
by: CD Tom | last post by:
This happens in runtime 2013 and 2016. When a report is run and then closed a toolbar shows up and the only way to get it to go away is to right...
by: jalbright99669 | last post by:
Am having a bit of a time with URL Rewrite. I need to incorporate http to https redirect with a reverse proxy. I have the URL Rewrite rules made...
by: antdb | last post by:
Ⅰ. Advantage of AntDB: hyper-convergence + streaming processing engine In the overall architecture, a new "hyper-convergence" concept was...
by: Matthew3360 | last post by:
Hi there. I have been struggling to find out how to use a variable as my location in my header redirect function. Here is my code. ...
by: AndyPSV | last post by:
HOW CAN I CREATE AN AI with an .executable file that would suck all files in the folder and on my computerHOW CAN I CREATE AN AI with an .executable...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.