Lecture 21 - Cookies
Stateful client/server interaction
Sites like amazon.com seem to "know
who I am." How do they do this? How
does a client uniquely identify itself to
a server, and how does the server
provide specific content to each client?
- HTTP is a stateless protocol; it
simply allows a browser to request a
single document from a web server
- today we'll learn about pieces of data called cookies used to work around this
problem, which are used as the basis of higher-level sessions between clients
and servers
What is a cookie?
- cookie: a small amount of information stored by the
browser for your website. It can be accesed through JavaScript. It can also be sent by a
server to a browser, and then sent back by the
browser on future page requests.
- cookies have many uses:
- authentication
- user tracking
- maintaining user preferences, shopping carts, etc.
How cookies are set and retrieved
- Client side (JavaScript):
- JavaScript commands can set and retrieved using
document.cookie
- Server Side (PHP):
- when the browser
requests a page, the server
may send back a cookie(s)
with it using
setcookie()
- if your server has
previously sent any cookies
to the browser, the browser
will send them back on
subsequent requests stored in
$_COOKIE
Facts about cookies
- Cookies are only data, not program code.
- Cookies can have set expiration dates.
- Cookies help websites remember who you are (and if you are loggid in).
- Cookies CAN be used to track your viewing habits on a particular site.
A "tracking cookie"
- an advertising company can put a cookie on your machine when you visit one
site, and see it when you visit another site that also uses that advertising
company
- therefore they can tell that the same person (you) visited both sites
- can be thwarted by telling your browser not to accept "third-party cookies"
- To set a cookie use
document.cookie = cookieString;
cookieString
consists of 3 semicolon separated parts (the second two are optional):
- name / value pair. E.g.,
"lastItemPurchased=cranberry sauce"
- expiration date (by default when browser closed). E.g.,
"expires=Thu, 23 Dec 2017 12:00:00 UTC"
- Path where cookie belongs (default is current page). E.g.,
"path=/"
- Example:
document.cookie = "numberSiteVisitsToday=57; expires=Thu, 23 Dec 2017 12:00:00 UTC; path=/";
- If you set a cookie where the name already has a value, the old value gets overwritten.
- To get a cookie use
let cookies = document.cookie;
- This will return a semicolon separated list of all current name=value pairs
- E.g.,
"lastItemPurchased=cranberry sauce;numberSiteVisitsToday=57"
- You have to get the values out of the string yourself.
Cookies in PHP: Setting
setcookie("name", "value", expiration);
$expireTime = time() + 60*60*24*7; # 1 week from now
setcookie("CouponNumber", "389752", $expireTime);
setcookie("CouponValue", "100.00", $expireTime);
- setcookie must be called before any output statements (HTML
blocks, print, or echo)
- If you don't use the third parameter, the cookie expires when browser is closed (a "session cookie")
$variable = $_COOKIE["name"]; # retrieve value of the cookie
if (isset($_COOKIE["username"])) {
$username = $_COOKIE["username"];
print("Welcome back, $username.\n");
} else {
print("Never heard of you.\n");
}
print("All cookies received:\n");
print_r($_COOKIE);
- any cookies sent by client are stored in $_COOKIES associative array
- use isset function to see whether a given cookie name exists
- When you call setcookie, the cookie will be available in $_COOKIE on
the next page load, but not the current one.
Cookies in PHP: Deleting
setcookie("name", FALSE);
setcookie("CouponNumber", FALSE);
- setting the cookie to FALSE erases