Tag Archives: Cookie

Delete Cookie JavaScript

To delete a cookie, we can just set an expiration date and time. Specifying the correct path of the cookie that we want to delete is a good practice since some browsers won’t allow the deletion of cookies unless there is a clear path that tells which cookie to delete from the user’s machine.

function delete_cookie(name) {

document.cookie = name + “=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT;”;

}

Read Cookie JavaScript

Reading a cookie using JavaScript is also very simple. We can use the document.cookie string that contains the cookies that we just created using that string.

The document.cookie string keeps a list of name-value pairs separated by semicolons, where ‘name’ is the name of the cookie, and ‘value’ is its value. We can also use the split() method to break the cookie value into keys and values.

Sessions

Way of preserving data across a series of web site accesses by the user . session support is enabled by default . configuration options set in php.ini .SID(STRING) is a pre-defined constant within this extension.

User assigned a unique identifier, the “SESSION ID”. Session id is stored in a cookie on the client or in the url .

Site access by user triggers session id check automatically session.auto_start = 1 or upon request … using session_start().

$_SESSION is available as a global variable.

Enable session.use_only_cookies to enforce cookie usage (and prevent session ids in the url) and enable session.cookie_httponly to prevent javascript cookie access (and help prevent session hijacking via xss) .

Cookie Hijacking

Cookie Hijacking, sometimes also known as session hijacking is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim’s compute

Session Hijacking

Cookie Hijacking, sometimes also known as session hijacking is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim’s compute

The following helps to protect against session hijacking and fixation attacks.

  • Use SSL and set the $secure cookie parameter to true .
  • Set the session.use_only_cookies php.ini parameter to 1 .
  • Protect against XSS vulnerabilities in the application.
  • Rotate the session id on successful login and logout using session_regenerate_id()

cookie

Cookies can be used to store user information for future use . Cookies allow us to store data in users’ machine it self . Cookie is a small file that the server generate in user machine and using that file server can identify the user .When ever the browser send http request to the server , it send the cookies as well . Cookies can be created using PHP functions .

Cookies can be created using the function ‘ setcookie(name,Value ,exp,path,domain)’ and its arguments are given below

Name :Name of the cookie that store the value and it is using to retrieve the stored data

Value : Its the value to be stored in the cookie ()generally we store login details like username , password)

exp : This is the the time that cookie lasts . if its not set ,the cookie will get destroyed when the browser closed .

path : This is path where the cookie to be stored

Domain: Domain where the cookie to be generated

The following can be used to send a cookie from within a PHP application.

  • header()
  • setcookie()
  • setrawcookie()

Example
======

<?php
 setcookie(“user_name”, “phpcodez”, time()+3600);
 ?>

You can retrieve the cookie values as follows

<?php
 echo $_COOKIE["user_name"];
 ?>

You can delete the cookie by setting expiration date in the past

Example:

<?php
 setcookie(“user”, “”, time()-3600);
 ?>
 

Create Cookie

Cookies can be created using the function ‘ setcookie(name,Value ,exp,path,domain)’ and its arguments are given below

Name :Name of the cookie that store the value and it is using to retrieve the stored data

Value : Its the value to be stored in the cookie ()generally we store login details like username , password)

exp : This is the the time that cookie lasts . if its not set ,the cookie will get destroyed when the browser closed .

path : This is path where the cookie to be stored

Domain: Domain where the cookie to be generated

Example
======

<?php
setcookie(“user_name”, “phpcodez”, time()+3600);
?>