I have been facing some issues regarding setcookie() in php. setcookie() is working fine on local host
but not on live domain. here's how i am setting in localhost.
Localhost
setcookie("private_token",$jwt,$expire_claim,"/","",false,true);
Domain
setcookie("private_token",$jwt,$expire_claim,"/","domain.com",false,true);
Ajax Call
$.ajax({
url: "includes/api/userAPI.php",
type: 'POST',
data: data,
xhrFields: {
withCredentials: true
},
crossDomain: true,
success: function (res, text, code) {
if (code.status == 200) {
window.location.replace("landing.php");
} else {
alert("something went wrong");
}
},
error: function (res) {
if (res.status == 401) {
alert("failed to authorize");
}
}
});
Header's in PHP
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Credentials: true");
header("Content-Type: application/json; charset=UTF-8");
header("Access-Control-Allow-Methods: POST");
header("Access-Control-Max-Age: 3600");
header("Access-Control-Allow-Headers: Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With");
P.S: i think i have already searched entire site. but haven't found anything regarding this matter
Edit:
These are the lines before setcookie . these are excuted after setting header which i already mentioned earlier
SELF::$connection = Parent::getConnection();
$str = "select * from user where col=?";
$query = SELF::$connection->prepare($str);
$array = array($user->__get('col'));
$query->execute($array);
$row = $query->fetch(PDO::FETCH_ASSOC);
$session = new session();
$session->set_session($row['id']);
$id = $row["id"];
$username = $row["user"];
$password = $user->__get("pass");
$email = $user->__get("mail");
$hash = $row['pass'];
if(password_verify($password,$hash))
{
$secret_key = "dummy";
$issuer_claim = "THE_ISSUER"; // this can be the servername
$audience_claim = "THE_AUDIENCE";
$issuedat_claim = time(); // issued at
$expire_claim = strtotime('+1 day', $issuedat_claim);; // expire time in seconds
$token = array(
"iss" => $issuer_claim,
"aud" => $audience_claim,
"iat" => $issuedat_claim,
//u "nbf" => $notbefore_claim,
"exp" => $expire_claim,
"data" => array(
"id" => $id,
"username" => $username,
"email" => $email
));
now i just got following error in response
<b>Warning</b>: Cannot modify header information - headers already sent by (output started at <file directory where setcookie has been called>:74) in <b><file directory where setcookie has been called></b> on line <b>77</b><br />
line 74 "expireAt" => $expire_claim
line 77 setcookie("private_token",$jwt,$expire_claim,"/","domain.com",false,true);
setcookie is failing to actually set the cookie because the headers have already been sent. Cookies are set in HTTP responses using the Set-Cookie header.
You have PHP script outputting content prior to your setcookie call. Without seeing your entire project, it is not possible to identify exactly where. Typically the cause of this is having files saved with extra characters after closing PHP tags at the end of a file(this is a common problem). You will need to locate and remove these extra characters(assuming they are extraneous). Otherwise, you will need to refactor your logic so that setcookie can be called earlier.
The only other option would be to enable output buffering. This will prevent the output from being sent immediately; it will be buffered in memory and send when the request is complete unless you explicitly send it earlier. This is useful in various cases, but would really only be a workaround for the root problem here.
In your case, since this is happening only in one environment, I would start with reviewing any environment specific code/configuration(which it sounds like you have). It may also be your deployment/build process is adding extra characters when deploying to the problematic environment.