how to read php cookies with javascript correctly

0
votes

consider this php and javascript code :

<?php $_COOKIE['test']='123'; ?>
<script>console.log(document.cookie);</script>

then what i see in console is : __utma=111872281.291759993.1444771465.1445374822.1445436904.4; __utmz=111872281.1444771465.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=8572f606897b1732c31a25dee29ca077

i want to use the value of $_COOKIE['test'] in javascript ... but this strange string is not useful for me . how can i do that ?

1
javascriptphpcookies
Check out the PHP manual on setting a cookie value: php.net/manual/en/function.setcookie.php The global cookie collection gives you access to current cookies, it does not allow you to drop a new cookie on the client. - Kris Oye
then how someone hijacks cookies? @krisOye - NO-ONE_LEAVES_HERE
Also, to get a specific cookie value, try using the getCookie() method in the browser. - Kris Oye
Not sure what you mean by hijacking a cookie. Cookies are domain-specific so your website cannot gain access to a cookie dropped by mybank.com. If someone is observing your network activity they could steal your cookies and replay them back to the server but hopefully the server is smart enough to realize they've been issued to a different client. - Kris Oye
@krisOye i mean if i change my cookies to that strange string, can i log in as administrator ( for example ) ? - NO-ONE_LEAVES_HERE

1 Answers

0
votes
<?php
$cookie_name = "test";
$cookie_value = "123";
setcookie($cookie_name, $cookie_value, time() + (86400 * 30), "/"); // 86400 = 1 day
?>

You need to write your php code like this

You can use this script If u can want particular cookie

<script>
function getCookie(cname) {
    var name = cname + "=";
    var ca = document.cookie.split(';');
    for(var i=0; i<ca.length; i++) {
        var c = ca[i];
        while (c.charAt(0)==' ') c = c.substring(1);
        if (c.indexOf(name) == 0) return c.substring(name.length,c.length);
    }
    return "";
}

console.log(getCookie('test'));
<script>