I've been using stream_context_create() to send cookies along with a file_get_contents() call when requesting a remote page. This is useful if I need to pass information to the remote page that my server can't pass, like a login form. This works perfectly well when I've got a single cookie, or multiple cookies on the same domain and path, but what if I need to send multiple cookies that work for multiple different domains or paths?
Here's an example code: - <?php
-
$cookies = array("Cookie: testcookie=blah; testcookie2=haha; path=/; domain=infectionist.com;");
-
$opts = array('http' => array('header' => $cookies));
-
$context = stream_context_create($opts);
-
$html = file_get_contents("http://infectionist.com/misc/testing/cookie.php?do=view", false, $context);
-
echo $html;
-
?>
This will utilize a quick script that I wrote that displays the values of 2 cookies named "testcookie" and "testcookie2". Notice in the cookies array, I've got both cookies set, and since both work on the same path and domain, they both appear properly. But I've got a page that I need to retrieve while sending multiple cookies from multiple domains (actually subdomains of the requested domain) and/or paths.
How might I accomplish this? I tried making my cookies array have multiple values, like this: - $cookies = array("Cookie: testcookie=blah; path=/; domain=infectionist.com;", "Cookie: testcookie2=haha; path=/; domain=infectionist.com;");
But that didn't work, only the first cookie was set. I can't seem to figure out how this might be done, but I'm sure someone else has done it before. Any help with this will be greatly appreciated!
5  14741   Atli 5,058
Expert 4TB
Hey.
Unless I am misunderstanding you, I think you may be misunderstanding how the Cookie header should be used. The path and domain meta-values are meant to be used with the Set-Cookie header, but not the Cookie header.
For example, say a page located at example.com/cookie/ sends the following header when you first request it: - Set-Cookie: key=value; path=/cookie; domain=example.com
The path and domain values are used by the browser to determine where the cookie belongs; so the browser knows which URL to send the cookie to. After receiving that header, the browser should be adding the following header to any requests to the example.com/cookie/ URL.
There is no point in passing the path and domain values back to the server. There is no security benefit to it, and even if the cookie was mistakenly sent to the wrong domain/path, the server-side code shouldn't mind an extra cookie being sent.
Your first example used this: - Cookie: testcookie=blah; testcookie2=haha; path=/; domain=infectionist.com;
On the server, the path and domain values, which I assume you mean to be meta-values (to indicate where the cookie belongs), would in fact be considered the third and fourth key-pair cookie data values. Dumping the $_COOKIE array from a PHP request that includes that header would print: - array(4) {
-
["testcookie"]=>
-
string(4) "blah"
-
["testcookie2"]=>
-
string(4) "haha"
-
["path"]=>
-
string(1) "/"
-
["domain"]=>
-
string(16) "infectionist.com"
-
}
-
That header should have just been like this: - Cookie: testcookie=blah; testcookie2=haha;
I don't think you understood the question. I'm using a php function to retrieve a remote webpage from another server. This remote page displays different data based on cookies sent with the request. If the cookies are not set, it tells you to log in, if they are set, it displays the information I need. I need to send those cookies along with the request for the webpage, but there are multiple cookies from different domains that need to be sent for it to work, so I need to know how to send those multiple cookies with different domain values. I'm not trying to set a cookie on a client computer, I'm trying to make my server act as the client computer.
Atli 5,058
Expert 4TB
That's what I though.
A Cookie header, sent by a client, does not include path or domain values. Those values are only used when the server sends a new cookie to the client. They are meant for the client software, so it can determine which requests should include the cookie.
There is no point in sending the path and domain values from the client to the server. A Cookie header should only include data pairs.
As an example, consider this stripped-down version of the HTTP headers in a cookie based shopping cart. Note the Host header of the requests and the domain part of the Set-Cookie headers. - ## Client login request
-
POST /login.php HTTP\1.1
-
Host: example.com
-
-
username=myname&pwd=mypass&
-
-
## Server login response
-
HTTP/1.1 200 OK
-
Set-Cookie: loginid=123; path=/; domain=.example.com
-
Set-Cookie: cartid=456; path=/; domain=shop.example.com
-
-
-
## Client adding a product to cart.
-
GET /addProduct.php?pid=5 HTTP\1.1
-
Host: shop.example.com
-
Cookie: loginid=123; cartid=456;
-
-
-
## Server sets a total price cookie after
-
## adding the new product.
-
HTTP/1.1 200 OK
-
Set-Cookie: carttotal=4.95; path=/; domain=shop.example.com
-
-
## Client adds another product.
-
GET /addProduct.php?pid=10 HTTP\1.1
-
Host: shop.example.com
-
Cookie: loginid=123; cartid=456; carttotal=4.95;
-
-
## Server re-calculates and resets the total
-
## price cookie, after adding the product.
-
HTTP/1.1 200 OK
-
Set-Cookie: carttotal=9.90; path=/; domain=shop.example.com
-
-
## Client logs out.
-
GET /logout.php HTTP\1.1
-
Host: example.com
-
Cookie: loginid=123
-
-
## Server deletes all the cookies.
-
HTTP/1.1 200 OK
-
Set-Cookie: loginid=; expire=1; path=/; domain=.example.com
-
Set-Cookie: cartid=; expire=1; path=/; domain=shop.example.com
-
Set-Cookie: carttotal=; expire=1; path=/; domain=shop.example.com
My point here is that the none of the client requests include the path or domain in the Cookie header, and when the Host of the client request is not "shop.example.com" the request omits the cookies that were specific to that domain.
Your PHP script should emulate that. The server accepts all cookies, regardless of which domain/path they were originally intended for. It is the client's responsibility to keep that restriction, and the server-side code's responsibility to simply ignore cookies it isn't expecting.
Ok, so let's say I need to send these cookies:
a=1; path=/; domain=a.example.com;
b=2; path=/; domain=b.example.com;
The remote page requires that both cookies be sent, meaning 2 different domain values, but with my PHP script I only know how to send multiple cookies with the SAME domain value. So what you're saying is that I don't need to include the domain value at all, meaning my code in the first post could be this: - <?php
-
$cookies = array("Cookie: testcookie=blah; testcookie2=haha;");
-
$opts = array('http' => array('header' => $cookies));
-
$context = stream_context_create($opts);
-
$html = file_get_contents("http://infectionist.com/misc/testing/cookie.php?do=view", false, $context);
-
echo $html;
-
?>
And it would still work?
It does appear so, but I've only tested it on single-domain cookies, not those that require multiple domains.
One other question, if I might. How might I go about changing the expiry date of the cookie? I understand that this might be dictated by the server and not by the cookie, but I'd still like to know.
And also, so you can better understand, I'm logging into a page secured behind a .NET Passport login (using my own login information!) so that I can get achievement information for Xbox 360 games. You can only get this info if you're logged in. I got it working a little after I made this post (since it's cookies only need the single domain), but when I came back tonight it wouldn't work, leading me to assume the cookie had timed out (or the session on the server.)
Atli 5,058
Expert 4TB
Yes, regardless of which domain the server intended the cookie to belong to, you can send it. The path and domain values should not be a part of the Cookie header. It should only list the "key=value" pairs you want the HTTP server to receive.
However, those two cookies you mentioned should never be sent together. They belong to separate domains, which a client should restrict them to. Having said that, there is nothing that actually stops you from sending them despite that.
One other question, if I might. How might I go about changing the expiry date of the cookie? I understand that this might be dictated by the server and not by the cookie, but I'd still like to know.
The expiration date of the cookie, much like the domain and path, are only meant for the client. The server does not keep track of these values, so your client can ignore them all if you want. - You don't have to change the expiration date. Your client has full control over whether or not it actually uses it.
However, if the cookie is storing some sort of session ID or some for of login information, the server may well keep track of the session on the server-side, and make the session time-out and become invalid. - For example, PHP sessions are automatically invalidated after a certain period of inactivity, after which the session ID that the cookie stores becomes useless.
Most login mechanisms use some form of session time-out functionality. It's a basic security feature, meant to make it harder to steal session cookies. - If you are indeed trying to pass session ID cookies, you would have to log in first to make sure the session is actually active.
I don't know details about .Net session capabilities, but even thought it is a M$ technology, I think it is safe to assume they have gotten this stuff right by now.
Sign in to post your reply or Sign up for a free account.
Similar topics
by: Anonymous |
last post by:
Hi!
I've got an unusual problem here. I'm trying to write a PHP script that
behaves like a web client. Why? I want to automatically check specific
URLs for changes.
I'm using...
|
by: Ohaya |
last post by:
Hi,
I'm trying to understand a situation where ASP seems to be "blocking" of
"queuing" requests. This is on a Win2K Advanced Server, with IIS5.
I've seen some posts (e.g.,...
|
by: Michael Evanchik |
last post by:
Hello all, since i wanted to use ssl and its seems easy to do so with this
object. Im trying to login to a webserver (aol) for this example. But for
some reason, im packet sniffing with ethreal...
|
by: Beryl Small |
last post by:
Hi, I have a third party software that needs to send
information to an .aspx page for processing to communicate
with an SQL database. The software sends the information
something like this:
...
|
by: Damiro |
last post by:
In building an application, I am trying to capture the content of a
page to see if the user has permission to view it. If they have
permission, show the link.
The user logs into the system and...
|
by: howa |
last post by:
are there any advantage in replacing all fread() operations with
file_get_contents() ?
i.e.
file_get_contents("/usr/local/something.txt")
VS
$filename = "/usr/local/something.txt";
|
by: barrybevel |
last post by:
Hi,
I have a very small simple program below which does the following:
1) post a username & password to a website - THIS WORKS
2) follow a link - THIS WORKS
3) update values of 2 fields and...
|
by: Sonnich |
last post by:
Can anyone give me a quick hint for this?
Say, I have: <SELECT NAME="opt3" SIZE="15" multiple>
Then I'd like to list the items selected...
echo $_POST;
but this gives only the first one
...
|
by: ofiras |
last post by:
Hello everyone,
How can I sand a post to a web page?
I want that when the page is trying to fetch a post variable, it will
be something the program defined first.
Please help,
Ofir.
|
by: pac1250 |
last post by:
Hi,
I am searching how to solve a problem and I dont find it :(
I want to access a page from a script behind a proxy :
(my script) <-(a proxy with authentification) <-(https serveur
with...
|
by: CloudSolutions |
last post by:
Introduction:
For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
|
by: ryjfgjl |
last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
| |
