Set a global session cookie from a subdirectory

squonk23

On a page in a subdirectory of the root of a site, is there a way to specify a cookie to be available to the entire domain that expires with the browser session?

these are mine assumptions:
1. cookies are, by default, available in the directory in which they are set. if i set a cookie from a page /tools/set.php, it won't be available at /index.php.

I can make that cookie available by setting it to the root:
setcookie("mycookie","myvalue", time()+3600,"/");

my problem is that i want the cookie available for the browser session, but in order to set the cookie available at the root, I HAVE to specify an expiry. is there any way around this?

thanks,
squonk.

dalecosp

Have you tried zero as the time parameter?

anortrup

You alsost have it but the thing that you forget is that the experation argument is optional. I belive that you can leave a blank so your code looks like this:

setcookie("name", "value", ,"/");

Another aproach that you might want to consider is using a session to track the data, that way you have data that is available throughout your entire application and you only need to set one cookie (and PHP does that for you). Also as a security point, sesisons are more secure than cookies as it is harder to hijack a session cookie.

-Andy

dalecosp

From [man]setcookie/man:

To set a non-persistent or session-based cookie, use an expire of 0.

Now granted, that is from a user-contrib note ... but why would it still be there if it weren't true?

Andy's thought on sessions is pretty valid. I wonder why we use the term "session cookie", though. It's a bit confusing --- obviously in this context he's talking about the data in the file on the server. We've got to remember that some people aren't very "server minded" and think that cookies are used solely on the client. If we say "session cookie," people may think that we're referring to the actual client-side cookie file that stores the SESSID, or worse yet, to a special type of cookie that exists because of PHP. Now there isn't any such as the latter, but some people don't get that from context, and they don't read the [man]manual[/man] either...