Welcome! Log In Create A New Profile

Advanced

[PHP] cookie management

Posted by Jeffry Killen 
Jeffry Killen
[PHP] cookie management
February 16, 2018 10:10PM
Hello;

I am working on a project that has to manage
cookies both by php and by javascript.

A cookie is set for a user.

Now if the same user opens a new window in the browser and navigates to the same page
that set the cookie in the first window, how will the server be able to differentiate, assuming
the cookie has the same name, set in the same client in both opened windows? The second
would overwrite the first if the values are different, right?

I am thinking of cookie arrays but I am not sure that would be the solution.

Thanks for time, attention and wisdom with this issue.
JK
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Christoph M. Becker
[PHP] Re: cookie management
February 19, 2018 03:30PM
On 16.02.2018 at 22:04, Jeffry Killen wrote:

> I am working on a project that has to manage
> cookies both by php and by javascript.
>
> A cookie is set for a user.
>
> Now if the same user opens a new window in the browser and navigates to the same page
> that set the cookie in the first window, how will the server be able to differentiate, assuming
> the cookie has the same name, set in the same client in both opened windows? The second
> would overwrite the first if the values are different, right?

Yes.

> I am thinking of cookie arrays but I am not sure that would be the solution.

You can store an *arbitrary* string in a cookie (note that there are
usually rather tight limits regarding the size of all cookies of a
domain, though). You could store a JSON string inside the cookie, or
use multiple cookies. However, that wouldn't appear to solve your issue.

It seems to me that the problem is: "how will the server be able to
differentiate". Why should the server differentiate which tab made the
request, at all?

--
Christoph M. Becker

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Jeffry Killen
Re: [PHP] Re: cookie management
February 19, 2018 07:50PM
> On Feb 19, 2018, at 6:24 AM, Christoph M. Becker <[email protected]> wrote:
>
> On 16.02.2018 at 22:04, Jeffry Killen wrote:
>
>> I am working on a project that has to manage
>> cookies both by php and by javascript.
>>
>> A cookie is set for a user.
>>
>> Now if the same user opens a new window in the browser and navigates to the same page
>> that set the cookie in the first window, how will the server be able to differentiate, assuming
>> the cookie has the same name, set in the same client in both opened windows? The second
>> would overwrite the first if the values are different, right?
>
> Yes.
>
>> I am thinking of cookie arrays but I am not sure that would be the solution.
>
> You can store an *arbitrary* string in a cookie (note that there are
> usually rather tight limits regarding the size of all cookies of a
> domain, though). You could store a JSON string inside the cookie, or
> use multiple cookies. However, that wouldn't appear to solve your issue.
>
> It seems to me that the problem is: "how will the server be able to
> differentiate". Why should the server differentiate which tab made the
> request, at all?
>
> --

Thank you for the reply:


> Why should the server differentiate which tab made the
> request, at all?

I just want to know if it was possible for a user to have two
sessions opened to the same domain at the same time
from the same client.

I am working on a modular registration and log in - log out
system. So I play the role of both the user who would
be using my work, and the developer. I am anticipating
potential difficulties owing to this sort of situation.

JK
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Ashley Sheridan
Re: [PHP] Re: cookie management
February 20, 2018 08:50AM
On February 19, 2018 6:44:55 PM UTC, Jeffry Killen <[email protected]> wrote:
>
>> On Feb 19, 2018, at 6:24 AM, Christoph M. Becker <[email protected]>
>wrote:
>>
>> On 16.02.2018 at 22:04, Jeffry Killen wrote:
>>
>>> I am working on a project that has to manage
>>> cookies both by php and by javascript.
>>>
>>> A cookie is set for a user.
>>>
>>> Now if the same user opens a new window in the browser and navigates
>to the same page
>>> that set the cookie in the first window, how will the server be able
>to differentiate, assuming
>>> the cookie has the same name, set in the same client in both opened
>windows? The second
>>> would overwrite the first if the values are different, right?
>>
>> Yes.
>>
>>> I am thinking of cookie arrays but I am not sure that would be the
>solution.
>>
>> You can store an *arbitrary* string in a cookie (note that there are
>> usually rather tight limits regarding the size of all cookies of a
>> domain, though). You could store a JSON string inside the cookie, or
>> use multiple cookies. However, that wouldn't appear to solve your
>issue.
>>
>> It seems to me that the problem is: "how will the server be able to
>> differentiate". Why should the server differentiate which tab made
>the
>> request, at all?
>>
>> --
>
>Thank you for the reply:
>
>
>> Why should the server differentiate which tab made the
>> request, at all?
>
>I just want to know if it was possible for a user to have two
>sessions opened to the same domain at the same time
>from the same client.
>
>I am working on a modular registration and log in - log out
>system. So I play the role of both the user who would
>be using my work, and the developer. I am anticipating
>potential difficulties owing to this sort of situation.
>
>JK
>--
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, visit: http://www.php.net/unsub.php

You're trying to use cookies and sessions for something they were never really intended to do. Given why you're trying to do this, I see two choices: 1. Use different browsers (or a browser in incognito mode), or 2. Pass the session token through as part of the request URL.

Thanks,
Ash

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Christoph M. Becker
Re: [PHP] Re: cookie management
February 20, 2018 12:20PM
On 19.02.2018 at 19:44, Jeffry Killen wrote:

> On Feb 19, 2018, at 6:24 AM, Christoph M. Becker <[email protected]> wrote:
>
>> Why should the server differentiate which tab made the
>> request, at all?
>
> I just want to know if it was possible for a user to have two
> sessions opened to the same domain at the same time
> from the same client.

That is generally possible …

> I am working on a modular registration and log in - log out
> system. So I play the role of both the user who would
> be using my work, and the developer. I am anticipating
> potential difficulties owing to this sort of situation.

but at least in this case you'll want to prevent it. If an already
authenticated user requests the login form again, for instance, don't
show them the form, but rather the info that they're already logged in
(or redirect them to the user control panel, or whatever), etc.

--
Christoph M. Becker

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Sorry, only registered users may post in this forum.

Click here to login