• 3
name

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191

Backtrace:

File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

name Punditsdkoslkdosdkoskdo

Cookie across HTTP and HTTPS in PHP

How can I set a cookie in PHP that is readable both in HTTP and HTTPS?

If this isn't possible, what can be done? Set two cookies?

      • 2
    • What browser are you using? I am noticing that in IE9 that I have a cookie in HTTPS and HTTP with the same key but each has a different value. Even when the cookie is not a secure cookie.

By default, a cookie can be read by both http and https at the same URL.

However, a server can optionally specify the 'secure' flag while setting a cookie this tells the browser to only send it over a secure channel, such as an SSL connection.

In this case the cookie will only be sent over https. A cookie not marked as secure will be sent over both http and https.

  • 71
Reply Report
    • @Oversteer yes, it is secure over https. The problem is that if a mixture of http and https is used, the cookie is only secure part of the time.

Assuming your domain name remains the same except for the resource type, cookies in PHP (or any language) can be read from both HTTP and HTTPS.

e.g.:

http://www.example.com
https://www.example.com

In this example, the cookies will be readable from each other.

  • 26
Reply Report
      • 2
    • The example is right there. I'm demonstrating that the same URL with just the resource identifier changed will still use the same cookies. Cookie domains are based on DNS name, and do not have awareness of protocol. To clarify, you do not need to do anything special at all to receive your desired effect. See the Cookie spec for more information: curl.haxx.se/rfc/cookie_spec.html

Warm tip !!!

This article is reproduced from Stack Exchange / Stack Overflow, please click

Trending Tags

Related Questions