Web Conference 2005 Writing PHP for ITS/ASET Web services Using Cookies

About Cookies

Cookies are stored in name=value format, much like CGI parameters. They may contain an expiration date, informing the browser as to when to perform house-cleaning. They also contain information as to their server origin, so that they may only be returned to the proper location. They may also contain information limiting return to a specific page on the server.

Using Cookies in PHP

• In PHP, you have several options for Cookie management:

  • Writing/Reading your own cookies from the raw HTTP protocol (see header()).

  • Using setcookie() and $_COOKIE[] primitive function/global variable. See also PHP Cookie section.

  • Using session management via the session_start() function and $_SESSION[] array. More on this in the next section.

• To set a cookie named chocolate_chip with a value crumbled, place the following code in your script before any HTML tags or other text:

  <?php
    setcookie("chocolate_chip","crumbled");
?>
<html>
<head>
<!-- the rest of your page goes here -->

• To see the value of a cookie called chocolate_chip that may have been set by a browser, use the following (anywhere in your code):

  <?php
        echo "<p>The value of chocolate_chip cookie is: " . htmlspecialchars($_COOKIE['chocolate_chip']) . "</p>\n";
?>

• But you may want to first test to see if the cookie has been set at all. The following is a safer version of the last code segment:

  <?php
    if(isset($_COOKIE['chocolate_chip'])){
        echo "<p>The value of chocolate_chip cookie is: " . htmlspecialchars($_COOKIE['chocolate_chip']) . "</p>\n";
    }else{
        echo "<p>Sorry, no chocolate_chip cookies before dinner.</p>\n";
    }
?>

You The Baker

• Here's a cookie management tool for you to try. Create a new file with the following code:

  <?php
$pageself = basename($_SERVER['PHP_SELF']);
if(isset($_REQUEST['add']) and isset($_REQUEST['name']) and isset($_REQUEST['value'])){
    setcookie(htmlspecialchars($_REQUEST['name']),htmlspecialchars($_REQUEST['value']));
}
if(isset($_REQUEST['remove']) and isset($_REQUEST['name'])){
    setcookie(htmlspecialchars($_REQUEST['name']),"",0);
}
?>
<html>
<body>

<h1>Cookie Manager</h1>
<p>Note, new cookies sent to the browser will be seen by this script after the next page load.</p>

<?php
if(isset($_REQUEST['add']) and isset($_REQUEST['name']) and isset($_REQUEST['value'])){
    echo "added \"" . htmlspecialchars($_REQUEST['name']) . "\" = \"" . htmlspecialchars($_REQUEST['value']) . "\" for next time\n";
}
if(isset($_REQUEST['remove']) and isset($_REQUEST['name'])){
    echo "removed \"" . htmlspecialchars($_REQUEST['name']) . "\" for next time\n";
}
?>

<p>The following cookies were sent from your browser this time:</p>
<ul>
<?php
if(count($_COOKIE)){
    foreach($_COOKIE as $cookie => $value){
        echo "<li>Name: <b>" . htmlspecialchars($cookie) . "</b> - Value: <b>" . htmlspecialchars($value) . "</b>\n";
    }
}else{
    echo "None";
}
?>
</ul>

<p>Ask the server to set a new cookie:</p>
<form method=GET action="<?=$pageself?>">
<p><b>Add cookie</b> name: <input type=text name=name>, 
value: <input type=text name=value>, <input type=submit name=add value=Add><br>
</form>
<form method=GET action="<?=$pageself?>">
<b>Remove cookie</b> name: <input type=text name=name>, 
<input type=submit name=remove value=Remove></p>
</form>
<form method=POST action="<?=$pageself?>">
<p><input type=submit value=Reload></p>
</form>

</body>
</html>

• Name the file cookie_manager.php.

Cookies That Go Stale

• As mentioned earlier, cookies may be set with an explicit expiration date to inform the browser when they are to be discarded. They will be retained until the expiration, even when the browser is closed and the computer is shut off.

  • For example, setcookie("oatmeal_raisin","with nuts",time()+3600); will set the cookie oatmeal_raisin with an expiration of one hour. It may appear in the HTTP headers as:

    Set-Cookie: oatmeal_raisin=with+nuts; expires=Sun, 13 Jun 2004 20:13:39 GMT
    

• Browsers may be instructed to remove cookies by being told to expire them immediately. You can do that easily with setcookie() by setting the third argument to 0. For example:

  setcookie("old_cookie","this field does not matter",0);
  

  This will set the expiration date to be the current time. For example, the HTTP header for the above may appear to be:

  Set-Cookie: old_cookie=this+field+does+not+matter; expires=Sun, 13 Jun 2004 19:13:39 GMT
  

• Cookies may be set to expire at the end of the session, which are called session cookies. By default, cookies created by setcookie() are session cookies when the third argument is not set. The session ends when the browser exits.

  • When this is the case, no expires=... attribute is sent with the Cookie in the HTTP Set-Cookie header. For example:

    Set-Cookie: PHPSESSID=612b9f35e6dae2dcffcdaf51c8c1c4e7; path=/
    

• Read the online manual for setcookie() to learn more about cookies in PHP.

If you have any questions, feel free to ask me. Content by: Jeff D'Angelo <jcd@psu.edu> © 2005 See the source for this page Last update on: Mon Jun 29, 2009, 12:37:25 AM