All geek questions in one place

Google Cookie - HTTP and HTTPS

I have a website that uses www.example.com for standard pages and secure.example.com for HTTPS. I am trying to set a cookie when a user logs in, which will be valid for both HTTP and HTTPS versions of the site.

I do this by setting the path to "/" and the domain to .example.com. This works great in Firefox and Internet Explorer, but in Chrome the cookie only works with the version of the site on which it was installed ( http://www.example.com or https://secure.example.com )

Is this a mistake or am I doing something wrong? If this is a mistake, is there a workaround?

cookie is set by PHP in the headers.

setcookie("login",base64_encode($email."::".md5($password)),2840184012,"/",".example.com");
+3
source share
1 answer

You cannot set cookies for HTTP and HTTPS at the same time. You need to set two separate cookies: one for HTTP and one for HTTPS:

setcookie("login", base64_encode($email."::".md5($password)), 2840184012, "/", ".example.com");
setcookie("login", base64_encode($email."::".md5($password)), 2840184012, "/", ".example.com", true);

This only works if you set a cookie at https://secure.example.com , since you can set secure cookies via HTTPS.

Oh, and by the way: Do not store authentication information in a cookie! Use a valid validation token instead.

+4
source

Source: https://habr.com/ru/post/1733369/

More articles:


All Articles