Breadcrumbs

[smashapps]

Hello everyone,

Another PHP tutorial on cookies this time. No I don't mean cookies you could eat unless you were a digital entity in a PC with...I'm going off topic. I mean the type of cookies that are stored on your PC when you visit websites that hold data.

A cookie can be used to identify a user, it's a file that is saved on your computer. When you visit a website, it's sends the cookie to the website as well. In this tutorial you will learn how to read and write cookies.

Cookies is a data type (Along with $_REQUEST, $_SERVER and $_GET, $_POST).

Retrieving cookies:

Code: Select all

<?php
//Display the cookie in the browser
echo $_COOKIE["name"];
 

the "name" is the name of the cookie you are retrieving. This code won't work if the cookie doesn't actually exist.

If you want to display all cookies use:

Code: Select all

<?php
echo $_COOKIE;
 

Setting cookies:

When you set your cookie you must set it before the <html> in your web page.
Use the setcookie function.

Why you should use setcookie before <html>:

setcookie() defines a cookie to be sent along with the rest of the HTTP headers. Like other headers, cookies must be sent before any output from your script (this is a protocol restriction). This requires that you place calls to this function prior to any output, including <html> and <head> tags as well as any whitespace.

The syntax of setcookie is: setcookie(name, value, expire, path, domain);

Let's now set the cookie

Code: Select all

<?php
setcookie("theme", "default", time()+86400);
?>

<html>
<!-- Now put everything else in here, like..your web page :P -->

Our cookie is named "theme" and it's value is "default" and will expire in 24 hours time. The 86400 is seconds, so we add 24 hours on the current time, and that is when our cookie will expire.

1 week:

time()+604800

Deleting cookies:

It's kind of strange as to how we delete the cookies, but all we do is set the expiry time to a time that's already passed.

Code: Select all

setcookie("theme", "", time()-3600);
 

3600 is 1 hour, we set our cookie 'theme' to expire 1 hour ago, and there, the cookie is gone.

If I wasn't clear on something or I've missed something let me know, and of course if you liked the tutorial +rep If you need any help or have any questions leave a reply to the thread.

Thanks!

[Dummy1912]

hello #smashapps,

i never used cookies before i only eat them :lol:

so can you even write a cookie that contains a login and after some time you are signed out
by the cookie?

i love to see a cookie for that also

thanks

#Birthday

[smashapps]

You could use cookies to store a login I don't see why not, maybe you could set them for an hour, just set the cookies when someone logs in. I normally use sessions for logins though.

[Danny]

You could use cookies to store a login I don't see why not, maybe you could set them for an hour, just set the cookies when someone logs in. I normally use sessions for logins though.

nah man, use sessions. that's more secure.

[comathi]

But you can't store login information in a session long term, can you?

[smashapps]

no sessions are not long term and I don't think either are safe, nothing is safe!

sessions are probably not safe, maybe you could write something to use a mix of both cookies and sessions so if you want to be logged out after 3 days time you could do something like write a cookie for three days and if it is still valid then set the sessions, if the cookie is deleted then log the user out. The best part is the cookie won't need to storing the user's password maybe just an ID or something, since you're providing your user and pass the first time when you log in.

#Birthday

[XTechVB]

no sessions are not long term and I don't think either are safe, nothing is safe!

sessions are probably not safe, maybe you could write something to use a mix of both cookies and sessions so if you want to be logged out after 3 days time you could do something like write a cookie for three days and if it is still valid then set the sessions, if the cookie is deleted then log the user out. The best part is the cookie won't need to storing the user's password maybe just an ID or something, since you're providing your user and pass the first time when you log in.

#Birthday

Sessions are stored on the server, there for are safe to use in login systems, PhpBB, Wordpress, Joomla, Drupal etc.., they all use sessions.
Cookies are only used to provide links to the stored sessions on the server. And NEVER to hold usernames, emails, passwords, or any other sensitive information.
#smashapps You should do some research before declaring that sessions are not safe. They're light-years more safe then cookies.

[comathi]

Weird, I was under the impression sessions stored on a server were destroyed as soon as the user left the page... I might be thinking of something else, or just really misinformed :lol:

[XTechVB]

Weird, I was under the impression sessions stored on a server were destroyed as soon as the user left the page... I might be thinking of something else, or just really misinformed :lol:

Ok let me explain.
Every time you create a session in php, it gets stored on the server, and at the same time a cookie is created locally holding a link to that session (the session id).
So when revisiting a restricted page after you logged-in, php gets the session id stored on the locally created cookie, and tries to find the session on the server with that number. If the session is found then you'll get access to the restricted page without having to re-login.

[smashapps]

I know they're safe they are stored on the server and each session has it's own unique ID etc. I was joking about something off-topic kind of, nothing is safe :P