PHP Tutorial: Cookies

You are probably familiar with cookies from your time with our HTML tutorials (or from your experience with HTML), but just to recap, cookies are pieces of data that are stored as simple little text files in the site visitor's computer, and allow the site server to keep track of what a visitor is doing during their visit (or even across multiple visits.)  Some people think of cookies as bad or evil things, because they are sometimes used by advertisers to track an individual's browsing habits.   Any decent anti-spyware program can prevent that kind of thing, however, and cookies are a useful and necessary mechanism for such things as personalized sites (where you first log in, and are then presented your personalized version of the site), shopping carts and the like.

Creating a Cookie

PHP provides full support for cookies.  Creating a cookie is a simple matter, but there is an important timing consideration to remember.  If you are going to send a cookie down to the user's system, you must send it down before you send anything else; before any part of the page itself is sent, even before a blank line!  A cookie is sent by using the setcookie( ) function.  Here's an example:

<?php
setcookie ("cookiename", "This text will be in the cookie");
?>
<html>
<head> ....... etc.

Here you can see a cookie being sent with the name "cookiename" and containing the value "This text will be in the cookie".  Also, you can see that it is sent before ANY of the HTML code on the page itself is sent.  You can send more than one cookie, if you need to, by using more setcookie( ) function calls, but remember that the protocol has a limit of twenty cookies from one site to a single user.

Reading a cookie

When a user visits a PHP page that could read a cookie that is present in the user's computer at the time they call for the page, PHP automatically reads the cookie into a variable named the same as the cookie, but prefixed with a $ sign.  (Note that for this reason you should follow PHP variable naming conventions when creating your cookies - no spaces, for example!)  So, to read our cookie, we would simply reference it's variable name like this:

<?php
print "our cookie says $cookiename";
?>

This would show up on the page as:

our cookie says This text will be in the cookie

Simple enough!

Deleting a cookie

When cookies are created, they are set by default to be deleted when the user closes their browser.  You can override that default by setting a time for the cookie's expiration like this:

<?php
setcookie ("cookiename", "This text will be in the cookie", time( ) + 3600);
?>
<html>
<head> ....... etc

The addition of the time( ) parameter followed by a plus sign and a number of seconds sets the amount of time from now at which point the cookie is to expire.  In our example, the cookie will expire one hour from now.

 

There may be occasions when you need to delete a cookie before the user closes their browser, and before its expiration time arrives.  To do so, you would use the setcookie( ) function with the appropriate name for the cookie and with a time( ) parameter with a negative number, like this:

<?php
setcookie ("cookiename", "", time( ) - 1);
?>

Notice that we have left the contents parameter in its proper place, but with nothing in it.  Remember also that the setcookie( ) function call has to come before anything else on the web page.

Being able to manipulate cookies, we will now be able to manipulate information within a user's session, remembering it from page iteration to iteration, and from page to page.

Continue to the next part of this Tutorial

Return to the Tutorial Series Index