Cookie problem (third party)

Jannes · December 1, 2021, 3:01pm

Hi,

I’m running a php script on a third party website, i also own the third party website.
When i run the script, then certain browsers don’t allow it to place cookies.
This is the part where it sets the cookie (which it doesnt do)

setcookie(“floodprotect”, time(), time()+100);
setcookie(“remembername”, $tagname, time()+10000000);
setcookie(“rememberurl”, $tagurl, time()+10000000);
$postit = array();
$postit[] = 0;
$postit[] = $tagname;
$postit[] = $tagurl;
$postit[] = $samesite=‘none’;
$postit[] = $_SERVER[‘REMOTE_ADDR’];
$postit[] = $tagmsg;
$postit[] = time();
$tagdb = fopen("./db.txt", “a+”);
if (!fwrite($tagdb, array_to_string($postit)."\n"))

I think it is something with “samesite=none” and Secure, but i cant get it right, when i change something to the code, it bricks.
Can someone help?

ErnieAlex · December 2, 2021, 5:49pm

Well, first, the first three lines are the cookie code, the rest is writing a file and has nothing to do with cookies.

Does the first three lines fail? Or is this really a text file problem? If your website allows cookies, then ALL browsers should allow them to be written.

Do you really mean you are having trouble writing a file out? Is the folder it is written to set to allow file access? Is is set to allow writing to that folder? Unclear on your issues…

Jannes · December 3, 2021, 2:51pm

the problem is, that no cookie is set.
I think the problem is related to the fact that the cookie is set on a “third party” site
Even when i change the code to…

setcookie("floodprotect", time(), time()+100);
setcookie("remembername", $tagname,[
'expires' => time() +10000000,
'path' => '/',
'domain' => 'domain.com',
'secure' => true,
'httponly' => true,
'samesite' => 'None',	]

Still no cookie is set.

ErnieAlex · December 3, 2021, 4:41pm

Okay, maybe you do not understand cookies!
They are NEVER stored on the server. A cookie is ALWAYS stored on the browser’s computer.
There is no THIRD-PARTY involved in a cookie. Now, with that said, you store a cookie on the user’s computer using the PHP SETCOOKIE() functions. Then, you save, ON THE SERVER a text file.
( Why, we have no idea! ) So, the cookie can only be viewed on the user’s computer and the text file only on the server. It really makes no sense to save a text file on the server for cookie info. That should be done in the database using the user’s info. You only want to track live members, not visitors.

When you store a cookie in a computer, you can view them using the browser. Try viewing your own cookies. It is different in each browser. In Firefox for example, you select the three small lines in the upper-right of the browser, select SETTINGS, select Privacy-And-Security, look down for cookies and select MANAGE-DATA. Then, you will see a list of the cookies stored in Firefox. You can remove them there, but, not edit them.

Does this help explain cookies better for you?

Jannes · December 3, 2021, 7:08pm

no, i dont think you understand my problem even a tiny bit

ErnieAlex · December 3, 2021, 7:12pm

Well, that helps us help you.

Jannes · December 4, 2021, 7:33pm

so last shot…
Im trying to place a cookie, this cookie is being set from an iframe from my site.
This iframe is stored on another server that is not from my main site, so google chrome blocked it cause of “third party cookies” not only google blocked third party cookies but there are a lot more.
So how can i store a cookie (on anybody’s pc that is on my site) from this iframe

ErnieAlex · December 5, 2021, 2:35am

You can’t. Thank you very much for the explanation. Cookies are a security issue. If you could store them on third party machines, you could rewrite cookies and break into other servers that way. They are not allowed to be handled this way.

You can do an authorized AJAX call to store things like cookies thru calls. You said you own both servers. So, just do a post to a PHP file that saves the cookie for you. You basically call a PHP file on the second server which makes sure it is from you and then it can save the cookie for you. Does this make sense?

Most programmers don’t run iFrames these days because they are not secure.

Jannes · December 5, 2021, 10:21am

Thanks for the explanation, i will see if i can do the AJAX call

ErnieAlex · December 5, 2021, 3:40pm

Sorry, Jannes, I was wrong. It seems you CAN do remote cookies. But, it is handled thru cURL calls.
You can use a curl-cookie-jar to pass a cookie to another site. I was not aware of this until I did some research for you. Here is a very simple example of what I found:


    $cookie = "COOKIE.TXT";
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, "HTTP://SITE.COM");
    curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie);
    curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie);
    curl_exec($ch);
    curl_close($ch);

I did not test it, but, from what I read, this should let you save a cookie remotely.
But, I did find this type of code on more than one site that discussed handling it this way.
I suggest reading up on these two CURL options: cookiefile and cookiejar. Hope this helps!

**** EDIT: This site if you skip down to the code, shows examples how to do it. I think you should check out this site as it should help you a lot! Interesting code. Did not know you can do this. Always like to learn new things… https://code-boxx.com/php-curl-cookies/

Jannes · December 7, 2021, 6:56pm

Thanks for the research, this is to complicated for me.
i really thought it was done with a simple

SameSite=None; Secure

nevertheless thanks for your time