HTTP State Management with Cookies - Cookies and PHP
(Page 4 of 5 )
PHP has the built-in setcookie function for cookie creation. The function instructs the server to send a cookie along with the other HTTP headers. As with all headers, this must be done before the script generates any output. Setcookie() accepts the following arguments:
name (required, string): sets the cookie name.
value (optional, string): sets the cookie value.
expire (optional, int): sets the time the cookie is to expire, as a Unix timestamp.
path (optional, string): The server path for which the cookie is available.
domain (optional, string): The domain to which the cookie applies.
secure (optional, bool): Defines whether the cookie is available only over secure connections.
httponly (optional, bool): Defines whether the cookie should be available only through the HTTP protocol, rather than through scripting languages such as JavaScript.
Creating a cookie is as simple as invoking the setcookie function and supplying the required arguments, e.g.:
<?php
setcookie ("user_id", "12345678", time()+3600);
?>
In this example, a cookie will be sent with the name "user_id," the value "12345678" and the expiry set for one hour's time. The expire parameter is supplied as an integer representing a number of seconds. The most straightforward way to specify a value for expiration is to use the time() function to generate the current timestamp, and add the number of seconds you want to elapse before the cookie expires. For reference, there are 3600 seconds in one hour.
When the user agent returns the cookie with the next request, its data is decoded and assigned to a variable with the same name as the cookie. To retrieve the data you simply need to interrogate the variable for its content, as in this example:
<?php
echo $_COOKIE["user_id"];
?>
PHP also provides an elegant method to delete the cookie:
<?php
setcookie ("user_id", "", time()-3600);
?>
Declaring the cookie again, using exactly the same name argument but setting the expiry time to one hour ago, should ensure the browser removes the cookie immediately.
Cookies in ASP
ASP provides a collection in the Response object that can be used to create cookies. To create our user_id cookie in ASP we would call the collection like this:
<%
Response.Cookies(user_Id) = "12345678"
%>
To include an expiry time, we can simply add that to our definition in a new line, e.g.:
<%
Response.Cookies(user_Id) = "12345678"
Response.Cookies(user_Id) .Expires = Now() + 1
%>
This will set the cookie to expire in one day's time from the moment when it is set.
The cookie's data can be retrieved using the cookies collection in the Request object. Sometimes it's easiest to dump the cookie's content into a variable, as in this example:
<%
Dim strCookieData
strCookieData = Request.Cookies("user_Id")
%>
Deleting the cookie should be as straightforward as setting the expiry sometime in the past, e.g.:
