Cookies

A cookie is a message given to a Web browser by a Web server. The browser stores the message in a text file. The message is then sent back to the server each time the browser requests a page from the server.

The main purpose of cookies is to identify users and possibly prepare customized Web pages for them. When you enter a Web site using cookies, you may be asked to fill out a form providing such information as your name and interests. This information is packaged into a cookie and sent to your Web browser which stores it for later use. The next time you go to the same Web site, your browser will send the cookie to the Web server. The server can use this information to present you with custom Web pages. So, for example, instead of seeing just a generic welcome page you might see a welcome page with your name on it.

PHP cookies are created using the setcookie() function. All cookie data is stored in the PHP $_COOKIE global variable and accessible to subsequent pages.

setcookie(name,value,expiration,path,domain,security) - defines a cookie to be sent along with the rest of the HTTP headers. Like other headers, cookies must be sent before any output from your script (this is a protocol restriction). This requires that you place calls to this function prior to any output, including and tags as well as any whitespace. If output exists prior to calling this function, setcookie() will fail and return FALSE. If setcookie() successfully runs, it will return TRUE. This does not indicate whether the user accepted the cookie.

The setcookie() parameters are explained below:

Parameter Description
name The name of the cookie. The identifier is keep in the global $_COOKIE and is accessible in subsequent scripts
value The value of the cookie. The value associated with the cookie identifier. The value is stored on the user's computer. For this reason, the value should not contain sensitive information.
expiration The time at which the cookie value expires or is not longer accessible. The expiration time can be set using the time() function. Cookies without an expiration value expire when the browser is closed.
path Indicates the paths on the server for which the cookie is valid or available. A forward slash "/" indicates the cookie is available to all folders.
domain The domain that the cookie is available. If not domain is specified, the default value is the value of the host on which the cookie is created. Domain values must contain at least two periods "." in the string to be valid.
security Indicates whether the cookie will be transmitted via HTTPS. A value of 1 the cookie is transmitted over a secure connection. A value of 0 denotes a standard HTTP transmission.

The following example demonstrates how a cookie is used to retain a visitor's user name. Intially, a user is required to enter a user name in order to access the restricted site. Once a user name is created, a cookie containing the user name is stored on the user's computer. Future access is possible by retrieving the cookie from the user's computer. 




<?php

	
	if ($_REQUEST[auth] == "no")
	
	{
	
		$msg = "You are not a current user. Please register";
	
	}
	
	//If the user clicks the Login button, create a cookie containing their username and IP address
	
	if ($_POST[submit] == "Login") 
	
	{
	
		$cookie_name = "user";
		$cookie_value = $_POST[uname];
		$cookie_value = $cookie_value;
		$cookie_expire = time() + 14400;
		
		setcookie($cookie_name,$cookie_value,$cookie_expire,"/");
		
		
		$formDisplay = "no";
		
	}


?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHMTL 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>A Web Page</title>

<style type="text/css">

body {font:10pt arial;color:white}
div#form {background-color:gray;border:solid 1px black;padding:10px}
input {border:solid 2px black}

</style>

<?php

	if ($formDisplay == "no") 
   
	{
   
 ?>

<meta http-equiv='refresh' content='0;url=siteaccess.php?auth=yes'/>

<?php

	}

?>

</head>


<body>



<div id="form">
<h4 style="color:red">New User? Create User Name</h4>
<form action="setcookie.php" method="post">

<p>User Name:
<br/>
<input type="text" name="uname" size="7"/>
</p>

<input type="submit" value="Login" name="submit"/>


</form>

<h4 style="color:red">Existing User? <a style="color:white" href="siteaccess.php?auth=yes">Enter Site</a></h4>

</div>
<br/>
<br/>
<?php 

	echo "<span style='color:red'>" . $msg . "</span>";
	
?>


</body>
</html>


siteaccess.php 

<?php

//If the user clicks the Login button, create a cookie containing their username and IP address
	
if ($_REQUEST[auth] == "yes" && $_REQUEST[user]) 
{
	
  echo "Welcome" . " " . $_COOKIE[user] . " to the restricted site. Now that you have a cookie stored on your
        hard drive, you can access this site without logging in each time";
		
}

else  
	
{
	
	header("Location:setcookie.php?auth=no");
}

?>