WikiGalaxy
PHP Cookies
Introduction to PHP Cookies:
Cookies are small files that the server embeds on the user's computer. Each time the same computer requests a page with a browser, it will send the cookie too. PHP can create and retrieve cookie values.
<?php
// Setting a cookie
setcookie("user", "John Doe", time() + (86400 * 30), "/");
echo "Cookie named 'user' is set!";
?>
Setting Cookies:
Use setcookie() to set a cookie in PHP. The function requires the name, value, and expiry time of the cookie.
Console Output:
Cookie named 'user' is set!
Retrieving Cookie Values
Accessing Cookies:
Once a cookie is set, you can access it using the $_COOKIE superglobal array in PHP.
<?php
if(isset($_COOKIE["user"])) {
echo "User is " . $_COOKIE["user"];
} else {
echo "User is not set";
}
?>
Checking Cookie Existence:
Always check if a cookie is set using isset() before accessing its value to avoid errors.
Console Output:
User is John Doe
Cookie Expiration
Understanding Expiry Time:
The expiry time is specified in seconds. A cookie will expire after the set time from when it is created.
<?php
// Cookie expires in one hour
setcookie("user", "John Doe", time() + 3600, "/");
echo "Cookie with one hour expiry set!";
?>
Setting Expiry:
Use the time() function to set the expiry time dynamically.
Console Output:
Cookie with one hour expiry set!
Deleting Cookies
Removing Cookies:
To delete a cookie, use the setcookie() function with an expiry time in the past.
<?php
// Deleting a cookie
setcookie("user", "", time() - 3600, "/");
echo "Cookie 'user' is deleted!";
?>
Expiry in the Past:
Setting the expiry time to a past date effectively deletes the cookie.
Console Output:
Cookie 'user' is deleted!
Secure Cookies
HTTPS Only Cookies:
To ensure cookies are only sent over secure connections, set the secure parameter to true.
<?php
// Secure cookie
setcookie("secure_user", "Jane Doe", time() + (86400 * 30), "/", "", true, true);
echo "Secure cookie 'secure_user' is set!";
?>
Secure and HttpOnly Flags:
The HttpOnly flag prevents JavaScript from accessing the cookie, enhancing security.
Console Output:
Secure cookie 'secure_user' is set!
Cookie Path and Domain
Defining Path and Domain:
The path and domain parameters define the scope of the cookie. The cookie will be available within the specified path and domain.
<?php
// Cookie with specific path and domain
setcookie("site_user", "Alice", time() + (86400 * 30), "/example/", "example.com");
echo "Cookie 'site_user' is set for example.com!";
?>
Path and Domain Usage:
Setting the path to / makes the cookie available throughout the entire domain.
Console Output:
Cookie 'site_user' is set for example.com!
Cookie Size Limitations
Understanding Size Constraints:
Browsers generally limit the size of a cookie to 4096 bytes. Exceeding this size may cause issues with cookie storage and retrieval.
<?php
// Example of a large cookie
$largeValue = str_repeat("a", 4096);
setcookie("large_cookie", $largeValue, time() + (86400 * 30), "/");
echo "Large cookie is set!";
?>
Handling Large Data:
Consider using sessions or server-side storage for larger data to avoid exceeding cookie size limits.
Console Output:
Large cookie is set!
Cross-Site Cookie Sharing
Cross-Domain Cookies:
Cookies are domain-specific and cannot be shared across different domains. However, subdomains can share cookies if the domain is set appropriately.
<?php
// Cookie for subdomain sharing
setcookie("shared_user", "Bob", time() + (86400 * 30), "/", ".example.com");
echo "Cookie 'shared_user' is set for all subdomains of example.com!";
?>
Subdomain Sharing:
Set the domain with a leading dot (e.g., .example.com) to share cookies across subdomains.
Console Output:
Cookie 'shared_user' is set for all subdomains of example.com!
Cookie Security Best Practices
Enhancing Cookie Security:
Always use the secure and HttpOnly flags for cookies that contain sensitive information, and consider using the SameSite attribute to prevent CSRF attacks.
<?php
// Secure cookie with SameSite attribute
setcookie("secure_session", "session_data", time() + (86400 * 30), "/", "", true, true, ["SameSite" => "Strict"]);
echo "Secure session cookie with SameSite is set!";
?>
SameSite Attribute:
The SameSite attribute helps mitigate the risk of cross-site request forgery (CSRF) attacks by allowing you to declare if your cookie should be restricted to a first-party or same-site context.
Console Output:
Secure session cookie with SameSite is set!
