Jump to content
Larry Ullman's Book Forums

Search the Community

Showing results for tags 'cookie'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Single Editions
    • Modern Javascript: Develop and Design
    • The Yii Book
    • Effortless Flex 4 Development
    • Building a Web Site with Ajax: Visual QuickProject
    • Ruby: Visual QuickStart Guide
    • C++ Programming: Visual QuickStart Guide
    • C Programming: Visual QuickStart Guide
    • Adobe AIR: Visual QuickPro Guide
  • PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide
    • PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide (5th Edition)
    • PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide (4th Edition)
    • PHP 6 and MySQL 5 for Dynamic Web Sites: Visual QuickPro Guide (3rd Edition)
    • PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide (2nd Edition)
    • PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide (1st Edition)
  • PHP for the Web: Visual QuickStart Guide
    • PHP for the Web: Visual QuickStart Guide (5th Edition)
    • PHP for the Web: Visual QuickStart Guide (4th Edition)
    • PHP for the Web: Visual QuickStart Guide (3rd Edition)
    • PHP for the World Wide Web: Visual QuickStart Guide (2nd Edition)
    • PHP for the World Wide Web: Visual QuickStart Guide (1st Edition)
  • Effortless E-commerce with PHP and MySQL
    • Effortless E-Commerce with PHP and MySQL (2nd Edition)
    • Effortless E-Commerce with PHP and MySQL
  • PHP Advanced: Visual QuickPro Guide
    • PHP Advanced and Object-Oriented Programming: Visual QuickPro Guide (3rd Edition)
    • PHP 5 Advanced: Visual QuickPro Guide (2nd Edition)
    • PHP Advanced: Visual QuickPro Guide
  • MySQL: Visual QuickStart Guide
    • MySQL: Visual QuickStart Guide (2nd Edition)
    • MySQL: Visual QuickStart Guide (1st Edition)
  • Other
    • Announcements
    • Newsletter, Blog, and Other Topics
    • Forum Issues
    • Social

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Found 6 results

  1. Hi Larry, I have encountered a really weird problem (well weird to me) re the server not being able to write a session cookie reliably but it always gets set first go in localhost. I had to include a do-while loop in the production version until the session data were available but I don't know how many times the loop gets executed before the session cookie gets set. Can you offer any guidance on how to debug this? Am using IE11 and Firefox 62.0 Thanks as always, Necuima
  2. Hi Larry, I'm having an issue that I don't understand to do with setting cookies in JS. I have re-read the section on cookies in the book (pp 358...). If I have the JS code within the module that uses it (a PHP module it so happens) it works just fine. But if I include that same code via <script type="text/javascript" src = its source></script> it does not set the cookie. I have checked and the script does get loaded and executes when called - it just does not set the cookie. No errors are indicated in either the FF or IE. I have Googled but can't find anything exactly related to this. I have tried with Firefox V56 and IE11 and both exhibit the same behavior. (Running with XAMPP/Windows 7). Do you have any insights into this behavior? Thanks as always, Necuima.
  3. Hello, I have been working on script 12.5. which allows to set cookie's parameters. As the example in the book shows, I wanted to set cookie that expires within 1h from creation. setcookie('user_id', $data['user_id'], time() + 3600, '/', '', 0, 0); When checking the cookie after successful signing-in, Expires: always says Session. Why is that? Thank
  4. Hi, Here are two quotes from Creating Cookie Library example: Would not it be better if instead of "cookie values" we use just "cookies" (... some browsers add a space in between the cookies in document.cookie. ) and "Decode the cookie" instead of "Decode the value"? Is it correct to say that "some browsers add a space in between the cookies in document.cookie" INSTEAD OF "some browsers add a space in between the cookie values in document.cookie" ??? Thank you in advance!
  5. I am a little confused about session/cookies automatic interaction/behavior. You explained that it is preferable to store the email (users.email) in session and not the userID (users.userID) because the email is harder to forge than userID which is a number, hence leaving the site exposed to XSS attacks. However, for whatever operations the user may be allowed to do, like CRUD operations, you will need the id of the table for that specific action (let's say "posts" table, for example, we will need something like posts.postID) and the userID. To get users.userID from users.email we will have to make a SELECT query every time, as opposed of having the userID stored in the session, hence a query less every time. It seems to me that will be a lot more convenient to store the userID in the session. You said that it will not be a problem to have the userID stored in session as far as we do not have it stored in cookie. Here I am a little confused, because I do not understand how setting the userID in session become a cookie problem (as the argument against using the userID in session is predicted on leaking the value in the cookie and I do not understand why). I do not stored anything explicit in a cookie, will a cookie be always created when starting a session? What it will contain if no explicit value/parameters were given? If I stored the userID in the session, should I be preoccupied that it may leak in the cookie without knowing it? Is it a common behavior for the cookies to replicate sessions? Should I explicitly set a cookie every time to overwrite odd behavior or is it possible to let the cookie work automatically and do the job only from session? Shouldn't cookies and sessions be isolated and work separately? I am guessing all problems start with directives like the one you suggested on page 357. What is the effect of "ini_set ('session_use_only_cookies', 1)" when you store the userID in the session and no cookie was set explicitly? Why don't we simply use a salt and hash the value? Isn't more beneficial this approach considering that it should be safer and we end up having the userID stored, which is much more practical to use than users.email? You presented cookies as being safer from one point of view. However, sessions are stored on server, shouldn't be safer to use sessions? I see a reason why using cookies to store user settings (as selected language for the forum, for example), but I do not see any good reason to use cookies to store sensitive information as the userID. If the argument, as I understand it, is that whatever a cookie holds it can be forged easily because it is easy to guess numbers, I do not see why it is not a big problem this behavior in the first place or why does it feel safer as chances are the attacker can very easily know the email of the victim, hence being in the same situation as when using numbers. It looks more secure, but in my opinion it is a false sense of security. Emails can be as easily be guessed (or known in advance) as numbers, it is not such an important defensive mechanism. I guess my point is: never use cookies when safety is paramount... maybe I am wrong.
  6. I need to create a modal dialog plugin that enables visitors to opt in to allow cookies. If the user opts out then he can't access the part of the site that uses cookies. If the user opts in, on subsequent visits the opt in box is not displayed. If cookies are not used then the opt in box is not displayed. I think(?) I can do most of this but do not know how to detect if a site uses cookies. I was thinking that I may have to create a front end to allow the website owner to define what cookies the site uses. but is it possible to dynamically detect if a site uses cookies and how would you do so? Also if you have any suggestions re creating this plugin, please post them. Thanks.
×
×
  • Create New...