Introduction

Cookies have long been used in PHP scripts, and are a very useful function. But what exactly are cookies? Maybe you have used then, but you still don’t know exactly what they are. Or you are completely new to cookies? It doesn’t matter, because in this tutorial I will show you exactly what cookies are, and what they are used for.

Cookies in a nutshell

Cookies are small pieces of information that is stored on the computer of your visitors. Each browser handles it differently, but most simply store the information in a small text file. Internet Explorer has a special folder, which can be found in your C:\Windows or C:\Windows\System32 folder. You can delete all your cookies, by going to the Options and ‘Clearing Cookies’ or deleting them by hand. I don’t recommend this though.

Almost every website uses cookies. If you go to Amazon.com, you will get several cookies. The same goes for CNN.com. Even Google uses cookies! They are extremely useful for (temporarily) storing information. For example, if you have a login system for your visitors, you could save their userid and password (very heavily encrypted!) so they are automatically logged in the next time they visit your website.

Or you could remember their last visit, and highlight everything that is new. And that’s just the beginning.

Using Cookies

Using cookies in PHP is extremely easy. In fact, there is nothing to it, because of PHP’s inbuilt setcookie() function (http://php.net/setcookie). Have a look at the documentation, and then try the following example:

<?php

// Set a cookie
// Cookie name: name
// Cookie value: Dennis Pallett
// Cookie expire: in 24 hours

setcookie ('name', 'Dennis Pallett', time() + (60*60*24));
?>

If you run the code above, then a cookie will be set. That’s all. The cookie name and value are pretty obvious. The cookie expire is when the cookie expires, or goes away. Simply use the time() function (http://php.net/time) and add the number of seconds you want to have the cookie available to it. In the example I added 60*60*24=86400 seconds, or 24 hours.

If you have looked at the documentation, you probably noticed there are additional arguments. As the documentation says, the path is to limit a cookie to a specific path on your web server. This is often used when you run multiple instances of the same script in separate directories. You can safely omit this argument when it doesn’t matter if the cookie is available site-wide.

There is also the domain argument. This can be used to limit the cookie to a specific sub-domain, e.g. test.example.com. You can also safely ignore this argument, or set it to .example.com (note the beginning period, this is essential!).

Finally, there is also the secure argument. This argument is only used for cookies that are sent over a secure HTTPS connection (SSL). Just ignore this argument, unless you’re working with a secure connection.

One thing that should be mentioned is that cookies must be set, before you display any HTML/text. It’s probably best if you turn on output buffering by putting ob_start() (http://php.net/ob_start) at the top of your page.

Now that you have set a cookie, you probably want to retrieve the value as well. After all, that is the whole point of using cookies. Thankfully, as PHP is ever so easy, you can retrieve the same way as you retrieve a GET value. See the following example to retrieve the value of the previous example:

<?php
echo 'Your name is ' . $_COOKIE['name'];
?>

This should print “Your name is Dennis Pallett”. There’s nothing more to it. It’s just that easy!

Finally, one thing you probably want to do as well is remove cookies. This is as easy as setting them. Simply change the value of the cookie to FALSE, and change the expire date to -3000 seconds. See the following example:

<?php
setcookie ('name', FALSE, time()-1000);
?>

Checking if cookies are enabled

Before you start using cookies, you must make sure your visitor has cookies enabled. This can be done with a simply PHP checking script. Unfortunately, the PHP page needs to reload to check for cookies. But this can be done very transparently, and your visitor should hardly notice anything.

The following example will first set a test cookie, then reload the page, and finally check whether cookies are enabled.

<?php
error_reporting (E_ALL ^ E_WARNING ^ E_NOTICE);

// Check if cookie has been set or not
if ($_GET['set'] != 'yes') {
	// Set cookie
	setcookie ('test', 'test', time() + 60);

	// Reload page
	header ("Location: checkcookies.php?set=yes");
} else {
	// Check if cookie exists
	if (!empty($_COOKIE['test'])) {
		echo "Cookies are enabled on your browser";
	} else {
		echo "Cookies are <b>NOT</b> enabled on your browser";
	}
}
?>

Run the code above, and see what the output is. Check if cookies are enabled in your browser. If they’re not enabled, then you can enable them by going to your browser’s options. Unfortunately, this is different from each browser, so I can’t give you exact instructions. But Google can.

Storing Arrays

One feature of cookies that is often missed in articles is the ability to story arrays. Cookies can be used to store multi-dimensional arrays, which can be extremely useful to store data.

Consider the following code;

<?php
setcookie ("name[first]", "Dennis", time() + (60*60*24));
setcookie ("name[last]", "Pallett", time() + (60*60*24));
?>

You can then display these two cookies using the following code:

<?php
echo "First Name: " . $_COOKIE['name']['first'];
echo "<br />Last Name: " . $_COOKIE['name']['last'];
?>

The cookie ‘name’ is an array, and has multiple values. You can even go deeper and have multi-dimensional arrays, e.g. $_COOKIE['name']['test']['something']['value']. You could store whole arrays of data in cookies. But beware that you don’t store too much data, there are certain size limits to cookies.

In Conclusion…

Cookies are really versatile, and can be used for a lot of different purposes. Many websites use cookies, and cookies can really make your website more personalized. Using cookies in PHP isn’t hard at all, and you should be able to use them without any difficulty.

Before actively using cookies in your website, you must check whether the visitor has enabled them in their browser. If they don’t have cookies enabled, you must either redirect to a non-cookies version of your website, or you can make sure your website also works without cookies.

You can download a sample script at http://www.phpit.net/demo/php%20and%20cookies/logger.zip, where cookies are used in a (somewhat) practical way. In this example, there is a logging module, called log.php and a display module, called history.php. Basically, you include the log.php in other PHP pages, and then you can view history.php to lookup all the pages you have viewed and how often. The example uses arrays, and stores them in cookies.

The examples in this article can be downloaded at http://www.phpit.net/demo/php%20and%20cookies/examples.zip.

If you have a really unique practical way of using cookies, please let me know at dennis [AT] nocertainty [DOT] com. I’d really like to hear about interesting ways of using cookies.

Well, as a follow-up to our PHPCGI tutorial that showed you how to install the PHP files as a CGI program on your server, we wanted to get a bit more into some of the details of using it and running scripts automatically with it. Once again, we’re going to assume that it’s a UNIX-based operating system you’re working on. This is much easier to get working than a Windows based machine (well, for me anyway) and cron just does such a good job, we’re going to stick with it. <p> Anyway, for those out there that aren’t too linux-literate and aren’t exactly sure how to set up a cron job, we’re here to help. I’m going to give you a crash course in setting them up and then show you how to get a nice little PHP script working with it. This will let you make some nice scripts and allow you to (possibly) transfer some of the admin portions of your site to a well-written PHP script in a cron job.

So, on with cron: cron is actaully the name of the daemon that any good sysadmin runs on their systems to make their lives easier. For the most part, the server you’re working on should have the cron daemon running and working properly. Otherwise, you’ll need to contact your friendly neighborhood sysadmin and get them to fix what they broke. Once you’re sure that they have it up and working (if it wasn’t in the first place), then you can go on from here.

The cron daemon looks at something called the “crontab” to get the scripts and their parameters that it needs to run. You set all of this info in one place – the script to be run and the time(s) when this needs to be done. The syntax for the crontab is pretty easy to figure out and can be accessed easily with the following command:

crontab -e

This should bring up your crontab file. Most likely, unless you’ve messed with cron stuff before (in which case you probably wouldn’t be reading this). You now have a nice clean crontab to mess with. Now, the fun of the syntax – the fields go in this order and are separated by spaces: minute, hour, day of month, month, day of week, then the script to be run. Now, this is all well and good, but how do you actually use it to make a script run? Well, it’s pretty simple really. For example:

5 0 * * * /bin/ls

would run the “ls” command every day at five minutes after midnight. There are tons of combinations that you can have for all of the times and numbers you can put in. For more info on that, check out the “man 5 crontab” command and read the info in there. Now, obviously this is kind of a silly example, but that’s all it is. Now, we’ll show you how it can actually be useful.

Say we have a site that, each night at five after midnight, you want it to send out emails to everyone that has some kind of money due by the end of the next day. We have our PHP script:

<?php
$sql=mysql_connect(“localhost”,”username”,”password”);
$fetch=mysql_query(“select * from users where balance_due>1000);
// insert more useful code here
?>

You get the idea…the code that’s in the file isn’t the important part right now. What’s important is having it set up right with the cron job. Now, if we use our example from above (and assume that PHP is already compiled as a CGI), then we can safely set this in the crontab:

5 0 * * * /usr/local/bin/php /path/to/file.php

You’ll have to substitute your locations and all when you get those pinned down, but other than that, that should be all that you need. You should now have a PHP script that updates your database nightly at 12:05 (00:05 for you 24-hr buffs, hence the 0). There are tons of neat uses for this besides getting updates to run and all, but this is one of the main ones that I’ve found it used for.
Enjoy!