Lesson 13: Cookies
How and what kind of information websites are collecting from their users, and especially how they use it, is a hot topic. Cookies are often mentioned as an example of how information is collected and pose a threat to your privacy. But are there reasons to be worried? Judge for yourself. Once you have gone through this lesson, you will know what can be done with cookies.
What is a cookie?
A cookie is a small text file in which a website can store different information. Cookies are saved on the user's hard drive and not on the server.
Most cookies expire (delete themselves) after a predetermined time period, which can range from one minute to several years. But the user can also identify and delete any cookies on his/her computer.
Most browsers, such as Microsoft Internet Explorer, Mozilla Firefox and Google Chrome, can be configured to let the user choose whether or not he/she will accept a cookie. But then, why not just say no to all cookies? It is possible. But many websites would not work as intended without cookies, since cookies in many contexts are used to improve the usability and functionality of the website.
How is information stored in a cookie?
It's easy to set or modify a cookie in PHP with 
setcookie. In the first example, we will create a cookie and set the value.
First, you need a name for the cookie. In this example we will use the name "HTMLTest". Next, you set the value of the cookie like this:
<?php // Setting the cookie setcookie("HTMLTest", "This is a test cookie"); ?>
By default, a cookie is kept untill the browser is closed, but it can easily be modified by adding another parameter setting the expiry time:
<?php // Setting the cookie setcookie("Name", "C. Wing, time()+3600); setcookie("Interests", "plane spotting", time()+3600); ?>
"Time()+3600" specified that the cookie should expire in 3600 seconds (60 minutes) from now.
In the example above, we stored information about a user's name and interests. This information can, for example, be useful to target the website specifically for the individual visitor.
How do you retrieve the value of a cookie?
To get the value of the cookie, 
$_COOKIE is used. For example, if we need the information from the example above, we do it like this:
<?php // Retrieve values from the cookie $strName = $_COOKIE["Name"]; $strInterest = $_COOKIE["Interest"]; // Write to the client echo "<p>" . strName . "</p>" echo "<p>Your interest is . " strInterest . "</p>" ?>
Who can read the cookie?
By default, a cookie can be read at the same second-level domain (e.g. html.net) as it was created. But by using the parameters domain and path, you can put further restrictions on the cookie using the following syntax:
setcookie(name, value, expiration time, path, domain);
Let us look at an example:
<?php // Setting the cookie: name, value, expiration time, path, domain setcookie("Name", "C. Wing", time()+60*60*24*365, "/tutorials/php/", "www.html.net"); ?>
In the example above, we set a cookie called "Name" with the value "C. Wing." The cookie expires after one year (60 seconds * 60 minutes * 24 hours * 365 days) and can be read only by sites located in the directory "/tutorials/php/" on the (sub-)domain "www.html.net".
Example of a cookie
We can try to save a sample cookie on your computer and then see how it looks.
The following code sets the cookie:
<?php // Setting the cookie setcookie("HTMLTest", "This text is in a cookie!", time()+60*60*24, "/tutorials/php/", "www.html.net"); // Write the information to the client echo $_COOKIE ["HTMLTest"]; ?>
The cookie is being placed on your hard drive. Depending on what operating system you use, your cookies may be saved in different places. Once you find them, they will probably look like this:
As you can see, a cookie is a normal text file that can be open with Notepad, for example. The contents of the cookie we have just created will probably look something like this:
HTMLTest TEXT=This+text+is+in+a+cookie% 21 www.html.net/tutorials/php 0 80973619229399148 4216577264 29399141 *
We will not go into detail with the different codes, but simply note that the user has full control over cookies on his/her computer.
In this lesson, we have looked at what cookies can do but not what they can be used for. It's a common concern that some sites use cookies for inappropriate activities. But in most cases, cookies are used to make sites more user-friendly or relevant for the individual users.
If you choose to use cookies on your site, it might be a good idea to tell your users that your site uses cookies. This can, for example, be communicated in a privacy policy or registration process.
| Related topics in the PHP Forum | Replies | Views |
|---|---|---|
| what is a cookie used for? | 2 | 6851 |
| Passing form data to a cookie using php | 2 | 10047 |
| Cookie | 1 | 6725 |
| Cookie problem. Cannot read after creating. | 5 | 13456 |