<?
if ( isset($_POST[name]) || isset($_POST[pass]) )
{
setcookie("tutorial_name", "$_POST[name]");
setcookie("tutorial_pass", "$_POST[pass]");
}
if ( isset($_GET[delete]) )
{
setcookie("tutorial_name", "" time()-60 );
setcookie("tutorial_pass", "" time()-60 );
}
?>
<html>
<body>
<form method="post" action="<?php echo $_SERVER[PHP_SELF]; ?>">
Name <input type="text" name="name" value="<? echo $_COOKIE[tutorial_name]; ?>" /><br />
Pass <input type="text" name="pass" value="<? echo $_COOKIE[tutorial_pass]; ?>" /><br />
<input type="submit" value="Set Cookies" /><br />
</form>
<form>
<input type="submit" name="delete" value="Delete Cookies"/>
</form>
In theory, cookies are simple but if try the form above, you'll see a problem. When you submit a name and password, nothing seems to happen. It isn't until you either reload the page or leave it then retuen to it that you can see that it saved whatever you entered. This is because the cookies are part of the HTTP header, so they must be must be called before any output is sent to the browser. Since the action of the form is this page, the headers have already been sent when the viewer first loaded the page. If the action was a different page, that page could read the cookie because a new HTTP request has been sent. If you haven't already done so, submit something to the demo form, you can enter anything, then reload the page so you can see that the cookie has been saved.
Cookies can be set in the header like so:
<?
header("set-cookie: cookie_name=cookie value");
?>
but it is easier to use setcookie(). Either way, they must be set before any output is sent to the browser.
setcookie() has one required argument; cookie name and optional arguments for value, expiry date, path, domain and an argument telling if the cookie can be sent in an insecure environment. Although PHP requires only the first argument, some browsers require all but the domain and secure flag so if you omit them, the cookies won't work on all browsers correctly. Here is an example of a cookie set for one hour that can be read by any of your web pages.
<?
setcookie( "cookie_1", "this is cookie 1", time()+60*60, "/" );
?>
| Cookie Name | cookie_1 |
| Cookie value | this is a cookie |
| Experation | time()+60*60 (present time + 60*60 seconds = 1 hour) |
| Cookie path | / |
Setting to path to / makes the cookie avaluable to all of your web pages. If you omit it, the cookie is only avaluable to pages in the same directory and its subdirectories.
You can create a cookie that only lives while the browser is running by giving it an expiry of 0.
<?
setcookie( "password", "$_POST[pass]", 0 );
?>
When the browser is shut down, the cookie dies. If someone else restarts the browser, they cannot use the previous persons cookie.
Session cookies are not to be confused with sessions.
Technically, all you have to do do delete a cookie is call setcookie() with only the name argument:
<?
setcookie( "cookie_name" );
?>
Note that this sets the cookie to a null value but does not remove it and that this may not work with all browsers. It is more reliable to assign both a null value and an expiry in the past:
<?
setcookie( "cookie_name", "", time()-60 );
?>
If you used a path, domain or secure flag when you set the cookie, you must include them when you delete the cookie.
 |
|
 |
