Cookies in PHP
Cookies are text files stored on the client computer used for tracking purposes. PHP transparently supports HTTP cookies. There are three steps involved in identifying returning users. Server script sends a set of cookies to the browser. Browser stores this information on local machine for use later. When next time browser sends any request to web server, it sends the cookie information to the server and finally, the server uses that information to identify the user.
Cookies are usually set in an HTTP header (although JavaScript can also set a cookie directly on a browser). The setcookie() function is used to set a cookie in PHP. Make sure you call the setcookie() function before any output generated by your script otherwise cookie will not set. The basic syntax of this function can be given with:
setcookie(name, value, expire, path, domain, secure);
the Set-Cookie header contains a name value pair, a GMT date, a path and a domain. The name and value will be URL encoded. The expires field is an instruction to the browser to "forget" the cookie after the given time and date. If the browser is configured to store cookies, it will then keep this information until the expiry date. If the user points the browser at any page that matches the path and domain of the cookie, it will resend the cookie to the server. A PHP script will then have access to the cookie in the environmental variables $_COOKIE or $HTTP_COOKIE_VARS[] which holds all cookie names and values.
example of browser header with cookies
GET / HTTP/1.0 Connection: Keep-Alive User-Agent: Mozilla/4.6 (X11; I; Linux 2.2.6-15apmac ppc) Host: zink.demon.co.uk:1126 Accept: image/gif, */* Accept-Encoding: gzip Accept-Language: en Accept-Charset: iso-8859-1,*,utf-8 Cookie: name=xyz
The set cookie takes up to 6 arguments as can be seen above. Name sets the name of the cookie and is stored in an environment variable called HTTP_COOKIE_VARS. This variable is used while accessing cookies. Value sets the value of the named variable and is the content that we want to store. Expiry sets the time in seconds when the cookie will expire, it this is not set, the cookies expire when the browser is closed. Path specifies the directories for which the cookie is valid. A single forward slash character permits the cookie to be valid for all directories. Domain can be used to specify the domain name in very large domains and must contain at least two periods to be valid. All cookies are only valid for the host and domain which created them. Security can be set to 1 to specify that the cookie should only be sent by secure transmission using HTTPS, if not set, it is defaulted to 0 which means that the cookie can be sent by regular HTTP.
Both cookies and sessions are used for storing persistent data. Sessions are stored on server side. Cookies are on the client side. Sessions are closed when the user closes his browser. For cookies, we can set time that when it will be expired. A session is server-side information intended to exist only throughout the visitor's interaction with the website. Only a unique identifier is stored on the client side. This token is passed to the web server when the visitor's browser requests your HTTP address. That token matches your website with the visitor's information while the user is at your site. When the user closes the website, the session ends, and your website loses access to the information. If you don't need any permanent data, sessions are usually the way to go. They are a little easier to use, and they can be as large as needed, in comparison with cookies, which are relatively small.