Preview

Start a free Courses trial
to watch this video

Writing Cookies

Name: Writing Cookies
Uploaded: 2017-04-05T11:15:52Z
Duration: 296 s
Description: There are often times when we want to keep some information available for a longer period of time. We can do this by using cookies. A cookie is a piece of data sent from a website and stored on the user's computer by the user's web browser.

4:56 with Alena Holligan

There are often times when we want to keep some information available for a longer period of time. We can do this by using cookies. A cookie is a piece of data sent from a website and stored on the user's computer by the user's web browser.

Teacher's Notes
Questions?
Video Transcript
Downloads
Workspaces

Here is a list of available properties. View more on setcookie() documentation

name: The name of the cookie. You can store cookies as an array by adding square brackets to the end of the name.

// cookie values as array
setcookie('cookiename[]', 'value1');
setcookie('cookiename[]', 'value2');

value: The value of the cookie. This value is stored on the clients computer; do not store sensitive information.

// assuming the name is 'cookiename[]', retrieve array values
echo $_COOKIE['cookiename'][0];
echo $_COOKIE['cookiename'][1];

// will display
value1value2

expire (optional): default = 0

The time the cookie expires. This is a Unix timestamp, you'll most likely set this with the time() function plus the number of seconds before you want it to expire. If set to 0, or omitted, the cookie will expire at the end of the session (when the browser closes).

// set the cookie to expire in 30 days. 
// 60 seconds, multiplied by 60 minutes, multiplied by 24 hours, multiplied by 30 days
setcookie('cookiename', 'value', time()+60*60*24*30);

//set the cookie to expire with session
setcookie('cookiename', 'value', 0);

path (optional): default = the current directory in which the cookie is being set.

The path on the server in which the cookie will be available on. If set to '/', the cookie will be available within the entire domain. If set to '/foo/', the cookie will only be available within the /foo/ directory and all sub-directories such as /foo/bar/ of domain.

domain (optional): default = works for all subdomains as well

The (sub)domain that the cookie is available to. Older browsers may require a leading . to match all subdomains.

// available to a single subdomain
setcookie('cookiename', 'value', 0, 'www.example.com');

// available to all subdomain
setcookie('cookiename', 'value', 0, '.example.com');

secure (optional): default = FALSE

Indicates that the cookie should only be transmitted over a secure HTTPS connection from the client. When set to TRUE, the cookie will only be set if a secure connection exists. On the server-side, it's on the programmer to send this kind of cookie only on secure connection (e.g. with respect to $_SERVER["HTTPS"]).

httponly (optional): default = FALSE

When TRUE the cookie will be made accessible only through the HTTP protocol. This means that the cookie won't be accessible by scripting languages, such as JavaScript. It has been suggested that this setting can effectively help to reduce identity theft through XSS attacks (although it is not supported by all browsers), but that claim is often disputed.

Related Discussions

Have questions about this video? Start a discussion with the community and Treehouse staff.

Related Discussions

Have questions about this video? Start a discussion with the community and Treehouse staff.

We have our story game working. 0:00

We can step through the game as many times as we'd like, and 0:02

the story changes with each play. 0:05

Sessions provided an easy way to keep the required variables available 0:08

throughout the site. 0:12

One of the main features and limitations of sessions 0:14

is that they are only available for the current user session. 0:17

They terminate when the browser is closed, or 0:21

after a set amount of time with no activity. 0:24

There are often times when we want to keep some information available for 0:28

a longer period of time. 0:32

Storing a zip code preference for location based searches or to calculate shipping. 0:34

Storing a referrer reference, so 0:39

affiliates get credit when someone purchases a product or service. 0:41

Storing shopping cart data for people who are not yet logged in. 0:45

All of these require that we keep data persistent for 0:49

longer than a user's session. 0:52

We can do this by using cookies. 0:55

A cookie is a piece of data sent from a website and 0:57

stored on the users computer by the user's web browser. 1:01

Let's take a look at how PHP accesses cookies 1:05

by adding the ability to save a story. 1:08

Create a new file in the inc directory and we'll name it cookie.php. 1:11

We want to grab our session variables, 1:20

so add session_start(); at the top of the file. 1:23

We'll be using this file to write, read, and delete a cookie. 1:28

So we need to know which action we're performing. 1:32

if (isset($_GET['save])). 1:36

If we're saving a cookie, first we need to come up with a unique name for the cookie. 1:46

If the name is not unique, it will write over the cookie that already exists. 1:51

We could just use a timestamp, but 1:56

we want people to be able to distinguish the story they want to read. 1:58

I probably won't remember what story I wrote at which time, but 2:02

I'll be more likely to remember if I'm shown the name that I used with the story. 2:07

So let's use the name from the story, along with the timestamp. 2:11

The name should be a simple string of letters. 2:15

But we'll use urlencode just to be sure. 2:18

To set a cookie we use setcookie. 2:27

The first parameter is the name, and the second parameter is value. 2:32

Value has to be stored a string. 2:37

This could be a serialized version of an array, a JSON object, 2:39

or any other string representation of an object or an array. 2:44

We can also turn a cookie into an array by 2:48

adding square brackets to the end of our name. 2:51

But's let use implode to create a string from our session variables. 2:53

We'll separate them with a colon. 2:58

That's technically all you need to set a cookie. 3:06

But it won't work for what we want. 3:09

The third parameter is an expiration time. 3:11

If this is not set, the cookie will expire when the session is closed. 3:14

So we aren't gaining anything there. 3:18

Let's set this to 30 days. 3:21

String to time will turn this string into a time stamp. 3:23

The fourth parameter is the path on the server 3:27

in which the cookie will be available. 3:30

By default the current path is used, which would mean 3:32

that the cookie would only be accessible from within the inc folder. 3:36

We could make that work but let's set the path to the root of our site. 3:40

These are the parameters we need for our project, but 3:44

let's check out the documentation for the last three parameters. 3:47

These can help with securing the cookie. 3:51

The fifth parameter is the domain. 3:55

This will allow you to control which domain and 3:57

subdomains can access the cookie. 4:00

The sixth parameter will allow us to set a cookie 4:02

that is only available over a secure connection. 4:05

The seventh and final parameter will allow us to set the cookie to HTTP only. 4:08

This means that the cookie won't be accessible 4:15

by scripting languages such as JavaScript. 4:18

Let's go back to workspaces. 4:21

Let's add a redirect to the welcome page. 4:25

Now we can update the link on our story page to save the story. 4:33

Our story is ready to be saved to a cookie, but 4:45

we have no way of reading that cookie yet. 4:48

In the next video, we'll read the cookie and use that data to rewrite the story. 4:50

You need to sign up for Treehouse in order to download course files.

You need to sign up for Treehouse in order to set up Workspace

Browser Persistent Data with PHP

Writing Cookies

Setting a Cookie

Related Discussions

Related Discussions