Cookies are tiny bits of information stored on your Web site visitor’s computer. There appears to be
some sort of paranoia about using cookies, so many people choose to disable this feature in their Web
browsers. In theory, cookies can be intercepted to gain information such as a person’s IP address and
operating system, but cookies are primarily used for storing information only. A few ad campaigns have
developed technology to use cookies to track your browsing habits, and many people see this as an invasion
of privacy. Also, because cookies are stored in a commonly named directory, anyone with access to
someone else’s computer (either via a hack or physical location) can potentially open cookie files and glean information about the owner. Because of these possibilities it’s not a good idea to store any potentially
private information on a computer.
So why do developers use cookies, anyway? The advantage to storing information in a cookie versus a
session is longevity. Sessions alone can’t store information for more than the length of time the browser
window is open. Like the elusive and mean-spirited video game that loses all high scores once it’s
unplugged, once a browser closes, all session information is lost. Cookies, on the other hand, can live on
a person’s computer until the developer has decided it’s been long enough and they automatically “die.”
It is because of this longevity that cookies are fabulous for storing information such as a visitor’s username
or language preferences. These are the pieces of information that users won’t have to retype every
time they visit your site, but if for some reason someone did get wind of the information, it wouldn’t be
the end of the world.
We mentioned earlier that sessions alone can’t store information for very long. However, you can alter
this limitation if you use sessions in conjunction with cookies. If your sessions are passing variables
using cookies, you can set the life of these cookies to longer than the life of the browser using the
session.cookie_lifetime configuration in your php.ini file. Keep in mind, however, that not only
will the session information be stored on the person’s computer, but the session ID also will be stored,
and that can cause you problems later on.
To set a cookie, you use the appropriately named setcookie() function. When setting a cookie, you can
determine that the following information be set along with it:
❑ Cookie name (this is mandatory).
❑ Value of the cookie (such as the person’s username).
❑ Time in seconds when the cookie will expire. (This time is based on a Unix timestamp, but you
can set it using the syntax time()+60*60*24*365, which keeps the cookie alive for a year. This
is optional, but if it is not set, the cookie will expire when the browser is closed.)
❑ Path (the directory where the cookie will be saved—the default is usually sufficient; this is
optional).
❑ Domain (domains that may access this cookie—this is optional).
❑ Whether a cookie must have a secure connection to be set (defaults to 0; to enable this feature
set this to 1).
You make each of these settings as follows:
setcookie(‘cookiename’, ‘value’, ‘expiration time’, ‘path’, ‘domain’,
‘secure connection’);
As you can probably guess by now, those values will be referenced in the script as So why do developers use cookies, anyway? The advantage to storing information in a cookie versus a
session is longevity. Sessions alone can’t store information for more than the length of time the browser
window is open. Like the elusive and mean-spirited video game that loses all high scores once it’s
unplugged, once a browser closes, all session information is lost. Cookies, on the other hand, can live on
a person’s computer until the developer has decided it’s been long enough and they automatically “die.”
It is because of this longevity that cookies are fabulous for storing information such as a visitor’s username
or language preferences. These are the pieces of information that users won’t have to retype every
time they visit your site, but if for some reason someone did get wind of the information, it wouldn’t be
the end of the world.
We mentioned earlier that sessions alone can’t store information for very long. However, you can alter
this limitation if you use sessions in conjunction with cookies. If your sessions are passing variables
using cookies, you can set the life of these cookies to longer than the life of the browser using the
session.cookie_lifetime configuration in your php.ini file. Keep in mind, however, that not only
will the session information be stored on the person’s computer, but the session ID also will be stored,
and that can cause you problems later on.
To set a cookie, you use the appropriately named setcookie() function. When setting a cookie, you can
determine that the following information be set along with it:
❑ Cookie name (this is mandatory).
❑ Value of the cookie (such as the person’s username).
❑ Time in seconds when the cookie will expire. (This time is based on a Unix timestamp, but you
can set it using the syntax time()+60*60*24*365, which keeps the cookie alive for a year. This
is optional, but if it is not set, the cookie will expire when the browser is closed.)
❑ Path (the directory where the cookie will be saved—the default is usually sufficient; this is
optional).
❑ Domain (domains that may access this cookie—this is optional).
❑ Whether a cookie must have a secure connection to be set (defaults to 0; to enable this feature
set this to 1).
You make each of these settings as follows:
setcookie(‘cookiename’, ‘value’, ‘expiration time’, ‘path’, ‘domain’,
‘secure connection’);
As you can probably guess by now, those values will be referenced in the script as $_COOKIE[‘cookiename’]
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment