Posted: Thursday 4th of October 2012
PHP and Cookies
Introduction
This tutorial covers the use of the PHP scripting language to set and read cookies. Cookies in PHP are not difficult to implement, and there are only two commands that need to be used with them. PHP makes it easy to set and read cookies and provides all the features needed to give their details.
Setting a Basic Cookie
The PHP function for setting cookies is called:
setcookie()
It is a PHP function which can be used without returning a value (for example you can simply execute a setcookie()) command, or you can take the return value and use it. The setcookie() function returns a boolean (true or false) value depending on whether it is successful. So you could execute:
if(setcookie())
{
echo "Cookie set";
}
else
{
echo "Cookie not set";
}
For the purposes of this tutorial, though, we will not be using the return value, instead simply setting the cookie.
The most basic information for a cookie is it's name and it's value. The name of the cookie must be something which you can refer to it later as. You don't need to worry about it clashing with other sites as cookie names are site specific but you should try and use a descriptive and unique name for your cookies.
For this first example, assume that you have used PHP to load the user's name into the variable $name and want to greet the user in the future by their name. You would need to create a cookie which stores their name as follows:
setcookie("UsersName",$name);
This creates the most basic of cookies, storing the user's name in a cookie called 'UsersName'. By setting cookies like this, you don't set any specific options, so by default the cookie will be available to the domain in which it was set (e.g. yoursite.com) and will be deleted when the user closes their browser.
Reading Cookie Values
PHP makes it extremely simple to read the value of a cookie. In PHP, reading form values are achieved using $_GET and $_POST. PHP has a similar global variable for cookies:
$_COOKIE['CookieName'];
This variable contains the value of the cookie with name 'CookieName'. So on your website, if you wanted to display the name of the user, you could simply use the following:
echo "Hello, ".$_COOKIE['UsersName']."! Welcome back!";
Of course, the user may not already have the cookie, so you should use the PHP function isset. This returns true if a variable has been set and false if not. Using this, your site could do the following:
if(isset($_COOKIE['UsersName'])
{
echo "Hello, ".$_COOKIE['UsersName']."! Welcome back!";
}
else
{
setcookie("UsersName",$name);
}
Cookie Settings
Although the code I have given you allows you to set a simple cookie on the user's computer, it isn't very powerful because, for example, it is lost when the browser closes. One of the most powerful features of cookies is the ability to set and expiry date for the cookie. The cookie will remain on the users computer until the expiry date, then will automatically delete itself.
To set a cookie with an expiry date, use:
setcookie("UsersName", $name, time()+3600);
This code takes the current time (using time()) and then adds 3600 seconds to it, and uses this value to set as the expiry time for the cookie. Basically this means that the cookie will remain on the user's computer for an hour (it expires 3600 seconds (1 hour) from the current time). For one week (for example) you would set the cookie as:
setcookie("UsersName", $name, time()+604800);
There are three other options which can be used when setting cookies. Firstly the path. This refers to where in the domain you are able to access the cookie in future. By default this is the current directory (so if you set the cookie at the page: www.mysite.com/scripts/setcookie.php, it would only be available to scripts in the scripts directory and below). You can set this to any part of your site, though, which can be useful in some situations.
A second setting you can change is the domain. By default, a cookie is only available in the domain you set it in, for example if you set the cookie on www.mysite.com you can only ever access it from www.mysite.com (and not mail.mysite.com etc.). The most common need to change this setting is to allow the cookie to be viewed across all subdomains of a site. This can be done by setting the domain to .yoursite.com (with both .s). By doing this anything.yoursite.com is accepted, not just www.yoursite.com.
Finally, a cookie has the option to be set as a secure cookie. If this is turned on, the cookie will only ever be surrendered to the site over a secure connection, not an insecure one.
The following code shows the imiplementation of a cookie with all settings specified:
setcookie("UsersName", $name, time()+3600, "/", ".mysite.com", 1);
The cookie set here, is called 'UsersName' and again stores the value $name. It will expire an hour from the current time. It is available in all directories of the site (/ is the root directory). It is available across any subdomain of the site mysite.com as '.mysite.com' has been given as the domain. The final 1 means that this is a secure cookie, and can only be transmitted over a secure connection. This would be 0 for a standard (non-secure) cookie.
Deleting Cookies
There are occasions on which you may wish to delete a cookie from a user's computer. This could be if, for example, you want to log the user out of a system (perhaps they are on a public computer). Deleting a cookie is quite simple to do because all you have to do is to set the expiry time in the past. By doing this, the cookie will be automatically deleted as soon as it is created, and will remove any data that already exists there. The simplest way is using:
setcookie("UsersName", "", time()-3600);
This sets the expiry time in the past so it should be deleted immediately. There is also no information stored in the cookie.
There is a known problem with this, though. Although it works in most cases, there can be problems if a user's timezone is set wrongly. The safest way to completely delete a cookie is to use the following:
setcookie("UsersName", "", mktime(12,0,0,1, 1, 1990));
The mktime() function is a PHP function for setting up a time specified. The time specified here is in the year 1990, so even a badly configured computer should still delete the cookie immediately.
Conclusion
This short tutorial should cover all the information you will need to set up, manage and delete cookies in PHP. Using other PHP scripting techniques you can store more data in a cookie (for example using it to interface with a database). All the information here, though, should allow you to do practically anything you need to with your cookie.
That's it guys...