Can a parameter of path be added to $_COOKIE[]?
Asked
Active
Viewed 2.2k times
9
-
You might find [`$cookie->setPath($path)`](https://github.com/delight-im/PHP-Cookie/blob/004cde69ec840e65c15275e09b92ecb1da06f357/src/Cookie.php#L104) helpful, as found in [this standalone library](https://github.com/delight-im/PHP-Cookie). – caw Sep 21 '16 at 03:09
5 Answers
11
In case you are trying to access cookies set for a different path on the same domain than the current, that can't be done. The browser itself restricts this, and only sends the cookies appropriate for the current path.
Jani Hartikainen
- 42,745
- 10
- 68
- 86
-
what about facebook?, facebook writes cookies for the domain "facebook.com", but it uses this cookies from "www.facebook.com" – user962284 Jun 07 '12 at 23:42
-
@user962284 are you sure? I'm pretty sure FB sets all cookies on www.facebook.com, as it's not even possible to access facebook.com (they redirect you to www.) – Jani Hartikainen Jun 08 '12 at 16:18
-
1This is incorrect. A browser following the recommendations of the RFC *does* send both values back in the case of more than one cookie with the same name but different paths. It is in fact PHP that gets in the way; please see my posted answer. – Jun 15 '14 at 02:44
5
While the HTTP client (ie: browser) does not send back the path that the cookie was set to, PHP actually makes assumptions about cookies with regards to its $_COOKIE array.
If you set two cookies with the same name, one with the value "first-value" with path / and the second with the value "second-value" with path /test, a browser following the recommended - but not required - behaviour from the RFC will send back both values to you. When you access a URL under the /test path, the browser sends this:
Cookie: name=second-value, name=first-value
The "problem" is that PHP only reads the first value - $_COOKIE['name'] will only contain the value "second-value" with no hint that "first-value" exists. If you need access to both values, you need to parse the value of $_SERVER['HTTP_COOKIE'] yourself - this will contain "name=second-value, name=first-value" for the above example. Note that "second-value" is first in line because it was set with a longer path. Please note that the RFC does not guarantee this behaviour, it only says that HTTP clients SHOULD do this.
-
Interesting, is this specific to subdirectories? As in, a request to a subdirectory will receive the root's cookies, but a request to the root will not receive cookies for subdirectories? Also I'm curious to whether browsers actually implement this or not :) – Jani Hartikainen Jun 15 '14 at 09:08
-
Correct, a subdirectory or longer path will always receive a cookie with a shorter path that matches. All browsers are implemented this way. The only thing that is not guaranteed behaviour is if you have multiple cookies with the same name but different paths - you *should* receive both cookies back in a fixed order, but the RFC does not make any promises. – Jun 26 '14 at 18:05
-
This is actually the correct answer since it gives a full explanation as to why this happens. I should note, and this is missing, though you cannot tell `$_COOKIE[]` a path, you can tell `setcookie` a path. We are facing this with an API. So you can actually tell `setcookie` to set the root path then access it anywhere, like so: `setcookie('name', 'data', expire, '/')`. That last parameter is the path and setting it to `/` makes it root path. This would solve the OP's problem. – jfreak53 Oct 24 '14 at 15:48
-
Building on what Nate had mentioned about the cookies being available via $_SERVER['HTTP_COOKIE']... use this to place the individual cookies into an array: `$cookies = parse_ini_string( str_replace( ";" , "\n" , $_SERVER['HTTP_COOKIE'] ) ) ;` – user1822391 Dec 24 '14 at 08:59
2
yes, it's the 4th argument, but you will only be able to access the cookie if it was set using a path that the current directory resides in.
that's confusing... here it is from php:
The path on the server in which the cookie will be available on. If set to '/', the cookie will be available within the entire domain . If set to '/foo/', the cookie will only be available within the /foo/ directory and all sub-directories such as /foo/bar/ of domain . The default value is the current directory that the cookie is being set in.
http://php.net/manual/en/function.setcookie.php
You access it like any other cookie. It will become available in $_COOKIE if the script has access to it.
Galen
- 29,976
- 9
- 71
- 89
-
I mean how to read it, how to access cookie values in different paths but on the same domain name? – Steven Dec 28 '09 at 05:32
-
2
No, such parameters are impossible because the browser does not send the path to the server. It does only send the name and the value of each cookie (so you can't see the path, if it's a session cookie, when it will expires and so on).
Emil Vikström
- 90,431
- 16
- 141
- 175
2
I don't think it will be possible to get the cookie from a different path, since it could possibly cause a security issue.
Krishna Shasankar
- 144
- 6