PHP Cookies
Cookies are text files stored on the client
computer and they are kept of use tracking purpose. PHP transparently supports
HTTP cookies.
There are three steps involved in identifying
returning users −
·
Server script sends a set of cookies to
the browser. For example name, age, or identification number etc.
·
Browser stores this information on
local machine for future use.
·
When next time browser sends any
request to web server then it sends those cookies information to the server and
server uses that information to identify the user.
This chapter will teach you how to set cookies, how
to access them and how to delete them.
The Anatomy of
a Cookie
Cookies are usually set in an HTTP header (although
JavaScript can also set a cookie directly on a browser). A PHP script that sets
a cookie might send headers that look something like this −
HTTP/1.1
200 OK
Date:
Fri, 04 Feb 2000 21:03:38 GMT
Server:
Apache/1.3.9 (UNIX) PHP/4.0b3
Set-Cookie:
name=xyz; expires=Friday, 04-Feb-16 22:03:38 GMT;
path=/;
domain=example.com
Connection:
close
Content-Type:
text/html
As you can see, the Set-Cookie header contains a
name value pair, a GMT date, a path and a domain. The name and value will be
URL encoded. The expires field is an instruction to
the browser to "forget" the cookie after the given time and date.
If the browser is configured to store cookies, it
will then keep this information until the expiry date. If the user points the
browser at any page that matches the path and domain of the cookie, it will
resend the cookie to the server.The browser's headers might look something like this −
GET /
HTTP/1.0
Connection:
Keep-Alive
User-Agent:
Mozilla/4.6 (X11; I; Linux 2.2.6-15apmac ppc)
Host:
zink.demon.co.uk:1126
Accept:
image/gif, */*
Accept-Encoding:
gzip
Accept-Language:
en
Accept-Charset:
iso-8859-1,*,utf-8
Cookie:
name=xyz
A PHP script will then have access to the cookie in
the environmental variables $_COOKIE or $HTTP_COOKIE_VARS[]
which holds all cookie names and values. Above cookie can be accessed using
$HTTP_COOKIE_VARS["name"].
Setting Cookies
with PHP
PHP provided setcookie() function
to set a cookie. This function requires upto six
arguments and should be called before <html> tag. For each cookie this
function has to be called separately.
setcookie(name, value, expire, path, domain, security);
Here is the detail of all the arguments −
·
Name − This sets
the name of the cookie and is stored in an environment variable called
HTTP_COOKIE_VARS. This variable is used while accessing cookies.
·
Value − This sets
the value of the named variable and is the content that you actually want to
store.
·
Expiry − This specify
a future time in seconds since 00:00:00 GMT on 1st Jan 1970. After this time
cookie will become inaccessible. If this parameter is not set then cookie will
automatically expire when the Web Browser is closed.
·
Path − This
specifies the directories for which the cookie is valid. A single forward slash
character permits the cookie to be valid for all directories.
·
Domain − This can be
used to specify the domain name in very large domains and must contain at least
two periods to be valid. All cookies are only valid for the host and domain
which created them.
·
Security − This can be set to 1 to specify that
the cookie should only be sent by secure transmission using HTTPS otherwise set
to 0 which mean cookie can be sent by regular HTTP.
Following example will create two cookies name and age these
cookies will be expired after one hour.
<?php
setcookie("name", "John Watkin", time()+3600, "/","", 0);
setcookie("age", "36", time()+3600, "/", "",
0);
?>
<html>
<head>
<title>Setting
Cookies with PHP</title>
</head>
<body>
<?php echo "Set Cookies"?>
</body>
</html>
Accessing
Cookies with PHP
PHP provides many ways to access cookies. Simplest
way is to use either $_COOKIE or $HTTP_COOKIE_VARS variables. Following example
will access all the cookies set in above example.
<html>
<head>
<title>Accessing
Cookies with PHP</title>
</head>
<body>
<?php
echo $_COOKIE["name"]. "<br />";
/* is
equivalent to */
echo
$HTTP_COOKIE_VARS["name"]. "<br />";
echo $_COOKIE["age"] . "<br
/>";
/* is
equivalent to */
echo
$HTTP_COOKIE_VARS["name"] . "<br
/>";
?>
</body>
</html>
You can use isset() function
to check if a cookie is set or not.
<html>
<head>
<title>Accessing
Cookies with PHP</title>
</head>
<body>
<?php
if( isset($_COOKIE["name"]))
echo "Welcome " . $_COOKIE["name"] . "<br
/>";
else
echo "Sorry... Not recognized" . "<br
/>";
?>
</body>
</html>
Deleting Cookie
with PHP
Officially, to delete a cookie you should call setcookie()
with the name argument only but this does not always work well, however, and
should not be relied on.
It is safest to set the cookie with a date that has
already expired −
<?php
setcookie( "name", "", time()- 60, "/","", 0);
setcookie( "age", "", time()- 60, "/","", 0);
?>
<html>
<head>
<title>Deleting
Cookies with PHP</title>
</head>
<body>
<?php echo "Deleted Cookies" ?>
</body>
</html>