During a complex project, there are times when you want to send data from one web-page to another. For example, in an e-commerce web-site, it is essential that you store the contents of a shopping cart while the user is browsing your site. In order to do this, there are two easy ways: you either use cookies or sessions.
Cookies are small amounts of data stored by the user's browser after a request from a server or script. While they are excellent from passing information from page to page, or even from visit to visit, cookies do have some limitations. For example, the maximum number of cookies from a host that can be stored by a browser is 20, and the maximum cookie size is 4KB. The main thing about cookies is that only the originating host can read the stored data, so the user's privacy is respected. Not only that, but the user can choose to be notified by the browser when accepting a cookie, and can even refuse some, or all of them. This is why you shouldn't rely on cookies to be an essential part of your web-site without first warning the user that you are using cookies.
Cookies consist of a name, value, expiry date, host and path information, and they end up to the user because they are send from the server thru an HTTP header. There are 3 ways a PHP script can access the cookie: using the environmental variable "$HTTP-COOKIE" – which holds all cookie names and values -, in a global variable "$cookie_name" (replace with the name, of course), or in the global array variable "HTTP_COOKIE_VARS["cookie_name"]" (again, replace "cookie_name" with the actual name of the cookie). Let's say we have a cookie called "visits" which holds the value 23, this is how you can output it to the web-browser:
print $HTTP_COOKIE; //outputs "visits=23"
print getenv("HTTP_COOKIER"); //outputs "visits=23"
print $visits; //outputs "23"
print $HTTP_COOKIE_VARS[visits]; //outputs "23"
To set a cookie with PHP, you can use the "header()" function, or the "setcookie()" function. While "header()" has a larger scope, and its main purpose is not to set a cookie, it will work just like "setcookie()". Using "header()", you write the cookie header yourself, while "setcookie()" is much more automated. If you don't know this already, always remember that the HTTP headers are automatically sent to the browser, so you must set a cookie before any output is sent to the browser:
//don't output anything before this…
header("visits=23; expires=Friday, 20-Aug-04 03:27:21 GMT; path=/; domain=softwareprojects.org");
setcookie("hits", 23, time() + 3600, "/","softwareprojects.org", 0); //notice this last extra argument
Both statements are used to send a cookie to the user's web-browser, and if you're wondering what's with that last argument we passed to "setcookie()", that tells the web-browser weather the cookies will be send only over a secure connection (0 means no, 1 means yes).
You may think that the "$visits" variable will be created after we send the header, and the first time we run PHP we will be able to read it. That is not true. The web-server reads the information only when the browser sends it the cookie, and this will not happen until the user revisits the web-page.
Setting an expiry date of zero will make the browser use the cookie until the user closes it; the browser will not remember the cookie the next time it's started. This can be useful for scripts that validate a user using cookies, and allow continued access to personal information on multiple pages after a password or other sensitive information has been submitted. It's not ok for the browser to have continued access to these pages after it has been restarted, because you cannot be sure if it's you who is using the browser, or some other user. So it would be better to allow the user to choose weather he wants to have more privacy, or he is the only user of that computer and nobody else accesses it.
Deleting cookies is also very easy, you should set the cookie you want to delete a date that has already expired. Remember to include the same path, domain and secure parameters you originally used when setting the cookie:
setcookie("visits", 23, time() – 60, "/", "softwareprojects.org", 0)
No comments:
Post a Comment