1

There is a cookie sent in the request header on all of my CakePHP pages. Seen here: A cookie

My problem is how do I get that value from Javascript? document.cookie returns ''

Sample request header (this is the first one, send to get the page):

GET /pages/view_media HTTP/1.1
Host: 192.168.1.11
Connection: keep-alive
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8,fr-CA;q=0.6,fr;q=0.4
Cookie: CAKEPHP=n0r405fi68i395qhaa4luse8v6

EDIT: CakePHP version is 2.4.1

Alternately, if there is a way to get the CAKEPHP=n0r405fi68i395qhaa4luse8v6 value from the header that would work too. I just need the value.

dudeofea
  • 330
  • 4
  • 21

3 Answers3

3

The cookie is being sent with the HTTP-Only flag, making it inaccessible for JavaScript.

Making cookies available to JavaScript

Looks like what you are showing there is the session cookie, so you'd have to change the session configuration appropriately, specifically the session.cookie_httponly option:

Configure::write('Session', array(
    'defaults' => 'php',
    'ini' => array(
        // ...
        'session.cookie_httponly' => false
    )
));

For regular cookies you would utilize the cookie components httpOnly option:

public $components = array(
    // ...
    'Cookie' => array(
        // ...
        'httpOnly' => false
    )
);

or property:

public function beforeFilter() {
    parent::beforeFilter();
    // ...
    $this->Cookie->httpOnly = false;
}

Security implications

Disabling the HTTP-Only flag should make it working, but make sure that you are aware about the security implications! Non-HTTP-Only cookies can easily be stolen via XSS, so it might be better to read the cookies in your controller and pass only those values to your view that you really need.

See also

ndm
  • 59,784
  • 9
  • 71
  • 110
  • 1
    Good answer. I would really question why one would want to access the session id value on client side. Chances are if you are looking to do this, there is a better way to do what you want to do. – Mike Brant Nov 22 '13 at 20:56
  • Very informative. I am actually trying to get video streaming working using the html5 ` – dudeofea Nov 22 '13 at 21:05
  • @dudeofea The cookie should have nothing to do with your problem as long as the video isn't served by a session bound PHP script (which I kinda doubt, though I could be wrong, just guessing here). If the problem only occurs on seeking, then your server/app probably doesn't handle range requests correctly (but again I'm just guessing). – ndm Nov 22 '13 at 21:29
  • @ndm actually it is served by a session bound PHP script. The videos are supposed to be only viewable by the users who uploaded them so it had to be under a session. I tried checking if it could handle Range requests but it won't even respond, it just cancels. – dudeofea Nov 22 '13 at 21:44
  • @dudeofea I see, so it doesn't have anything do with JavaScript, it's rather just that the cookie is not being sent on the following range requests? – ndm Nov 22 '13 at 21:55
  • @ndm yes exactly. This was really a smaller problem in trying to fix that. I was thinking if I could get the session id I could add it to a request header when a Range request was called but that doesn't seem to be the case. – dudeofea Nov 22 '13 at 22:09
  • you've answered this question so I'll give you the karma. I've posted my follow-up question here: http://stackoverflow.com/questions/20155602/html5-video-seeking-in-cakephp – dudeofea Nov 22 '13 at 22:22
0
readCookie('CAKEPHP');

function readCookie(name) {
    var nameEQ = name + "=";
    var ca = document.cookie.split(';');
    for(var i=0;i < ca.length;i++) {
        var c = ca[i];
        while (c.charAt(0)==' ') c = c.substring(1,c.length);
        if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length);
    }
    return null;
}
웃웃웃웃웃
  • 11,829
  • 15
  • 59
  • 91
  • Just ran this, returns null. I can still see the info about the CAKEPHP cookie in my Chrome Inspector. – dudeofea Nov 22 '13 at 20:09
0

Another solution that doesn't involve extra security concerns is this:

Read the cookie in your controller using your Cookie Component, assign the result to a variable and set it so you will have access to that from within the view.

$myVar = $this->Cookie->read('User.name');
$this->set(compact('myVar'));

then, in your view you will have access to $myVar.

You can even use JsHelper::set to Pass variables into JavaScript.

Guillermo Mansilla
  • 3,779
  • 2
  • 29
  • 34