The page I am working on has a javascript function executed to print parts of the page. For some reason, printing in Safari, causes the window to somehow update. I say somehow, because it does not really refresh as in reload the page, but rather it starts the "rendering" of the page from start, i.e. scroll to top, flash animations start from 0, and so forth. The effect is reproduced by this fiddle: http://jsfiddle.net/fYmnB/ Clicking the print button and finishing or cancelling a print in Safari causes the screen to "go white" for a sec, which in my real website manifests itself as something "like" a reload. While running print button with, let's say, Firefox, just opens and closes the print dialogue without affecting the fiddle page in any way. Is there something with my way of calling the browsers print method that causes this, or how can it be explained - and preferably, avoided? P.S.: On my real site the same occurs with Chrome. In the ex
The correct answer is the first:
ReplyDeleteUse the httponly parameter when setting the cookie
This flag prevents (on compatible browsers, almost all, including IE >= 6sp1) the javascript engine on the browser to access cookies with this parameter. You can set this flag for regular cookies with setcookie and for session cookies with session_set_cookie_params.
edited: Support for IE >= 6sp1 instead of IE >= 7
First of all, the question its not well formulated.
ReplyDeleteCookies are an HTTP concept, not a PHP concept. PHP can create and modify cookies, but there is no such thing like a "PHP COOKIE". The browser don't care about if the response was generated by PHP, or by Python, or by a perl cgi.
Trying to identify what could be the real question, the possibilities are:
The cookie to keep the session id in the browser
a cookie sent with setcookie
I bet for the question 1. I understand that the correct question should has been:
"Why the client side using javascript or any other method, its unable to view or modify the information stored in the PHP session?"
Then, the answer is:
"Because, even if the PHP sessions use cookies, this cookies are only used to store the session id, not the content of the session. The content of the session its stored on the server, not in the cookie itself."
When the cookie header is set, you can specify httpOnly.
ReplyDeleteThis can be done via PHP's setcookie function:
setcookie ( $name, $value, $expire, $path, $domain, $secure, $httponly )
httpOnly instructs the browser to not allow JS to access the cookie.
a cookie is client side..... ?
ReplyDeleteThe user must turn off Javascript support - aggressive
Use the httponly parameter when setting the cookie - probably the right answer but as was answered earlier.. there are work-arounds I suppose