Shodor PHP Tutorial

Cookies And How They're Used

By Diya Yang


    What Cookies Are

            Cookies are mechanisms generally supported by browsers (and php) to store data locally on a browser. While they cannot save large amounts of data, they're useful because they are very versatile and can be used to store many different kinds of data. This includes numerical data (passwords, credit card informations), time data (the number of times you have visited, the date of your initial visit) and much more. While cookies are reliable and malware free, they come with the browser, so if the user switches to a new browser, the data will not transfer automatically. However, there are exceptions such as firefox, which asks you whether you want to transfer data from your previous browser.
             Cookies are now an invaluable part of modern net, as authentication cookies are often used to check whether a user is logged in to a page and whether to send sensitive information or not. Without cookies, every time you go to a new page, you'd be required to log in again!
             While cookies are not able to carry viruses or malware, they are still quite dangerous, as tracking cookies can be used to steal information from the user's browser such as histories and passwords. Cookies can also be stolen by hackers for the information within them. The information saved within cookies is now so sensitive that it is a big problem when it falls into the hand of a hacker.

    Types of Cookies

    There are many type of cookies, but they mostly fall under two categories : Session Cookies and Persistent Cookies.

    • Session Cookies do not have a expiration or validity date, making them very temporary and are often deleted when the browser closes or when the user leaves the website.

    • Persistent Cookies are more permanent and last until the expiration date is reached. This kind of cookie sends back data every time the user visits the website until it expires. These types of cookies are sometimes called tracking cookies because they can be used to store vital information and are not deleted quickly. They are also the more dangerous kind, but their uses have become invaluable to our modern net surfing days as passwords and mini-game datas are saved using them.

    How They're Made

    Cookies are technically not made, but they are set and stored in the browser by the maker of a website. We use the php code of setcookie() to define a cookie and its use. Cookies are restricted like headers and must be placed before all other outputs including and tags. Cookies are separated into 6 different parameters: name, value, expire, path, domain, and secure. For the ease of examples, our the cookie will be named ThisIsACookie.

    • Name : the name of the cookie, it is inserted as a string. ex. "ThisIsACookie"

    • Value : what the cookie stores, it is retrieved using $_COOKIE["ThisIsACookie"]

    • Expire : The time the cookie passes before it expires, it is usually written using the time function + number of seconds, if this part is not written or set as 0, the cookie is set as a session cookie and will expire when the browser is closed.
        Ex. time()+ 3600 <- this will set the cookie to expire in 1 hour, you can also write it in multiplying form (such as time()+60*60*24*30), which will set the expiration to 30 days.
    • Path : This sets where the cookie will stick to your browser, the default is the current directory of the cookie, and "/" will set the cookie to be available on the entire domain.
        Ex. /full will make the cookie available from the directory /full and any sub-directory it has.
    • Domain : The domain the cookie will be available on, it works with the path to specify where the cookie will be stored from. The domain is like "www.shodor.org" or "shodor.org".

    The other two are both used for security reasons, they are both set as true or false.

    • Secure : The cookie will only be sent when a secure HTTP server is found if this is set to true.

    • Httponly : The cookie will only work under under HTTP protocol, no scripting will work when this is set to true, while this is not supported by all browsers, it can be used to reduce identity theft through XSS attacks(Cross-site Scripting attack, which like its name, require the execution of scripts).

    How to use them

    After a cookie is set with a value, the code $_COOKIE["ThisIsACookie"] can be used to retrieve the value stored within a cookie.

    How they're used

    Cookies are often used to store passwords and other numerical datas, some of them may contain more than one as well.

    Example of how they're coded

      setcookie( "ThisIsACookie",$ValueHere,time()+60*60*24 ,"/","www.shodor.org",false,false)*
    *Though most of the time, cookies only have the first part of the code, stopping at time.