Page 314 - Beginning PHP 5.3

P. 314

Part III: Using PHP in Practice
Setting a Cookie in PHP

So how do you actually send a cookie to the browser in your PHP script? Although you can set a
cookie directly as a Set - Cookie: HTTP header (using PHP ’ s header() function), there ’ s an easier way.
PHP provides a built - in function, setcookie() , that can send the appropriate HTTP header to create the
cookie on the browser. This accepts arguments for each of the cookie fields in the order shown in
the previous table. Although only the name argument is required, it ’ s always a good idea to supply at
least name , value , expires , and path to avoid any ambiguity.
The expires argument should be in UNIX timestamp format. A UNIX timestamp is expressed as the
number of seconds between midnight on January 1, 1970 (in the UTC time zone) and the date/time to
represent. Don ’ t worry though — you don ’ t need to work this out yourself. PHP provides many
time - related functions to calculate this value, as you see in a moment.
For more on PHP ’ s time - and date - related functions, see Chapter 16 .

Make sure you call setcookie() before sending any output to the browser. This is because
setcookie() needs to send the Set - Cookie: HTTP header. If you output any content before
calling setcookie() , PHP automatically sends the headers first, so by the time setcookie() is called
it ’ s too late to send the Set - Cookie: header.

Here ’ s an example that uses setcookie() to create a cookie storing the user ’ s font size preference
( 3 in this case):

setcookie( “fontSize”, 3, time() + 60 * 60 * 24 * 365, “/”, “.example.com”,
false, true );

Notice that the expires argument uses a PHP function called time() . This returns the current time in
UNIX timestamp format. So the expiry time is 60 * 60 * 24 * 365 seconds after the current time, or one
year into the future. The cookie will remain until that time, even if the browser is closed and reopened,
unless the user chooses to delete it manually. The remaining arguments set a path of “/” (so the cookie
will be returned to any URL within the Web site), a domain of “.example.com” (so that the cookie is
sent to any server within the domain example.com ), no secure flag (so that the cookie can be sent over
standard HTTP connections), and the HttpOnly flag (so that JavaScript can ’ t read the cookie).

Note that it ’ s a good idea to precede the domain value with a dot ( . ) character, as in “.example.
com”, unless the domain is a hostname such as www.example.com , in which case the initial period
should not be used.
In this next example, setcookie() is used to store the number of page views in the user ’ s current
browser session. Note that the expires argument is zero, so the cookie will disappear when the user
closes her browser. In addition the domain argument is an empty string, which means the browser will
only send the cookie back to the exact Web server that created it:

setcookie( “pageViews”, 7, 0, “/”, “”, false, true );

You can also update an existing cookie simply by calling setcookie() with the cookie name and
the new value. Note that you still need to supply the path and expires arguments when updating the
cookie:

setcookie( “pageViews”, 8, 0, “/”, “”, false, true );
276

9/21/09 9:05:10 AM
c10.indd 276 9/21/09 9:05:10 AM
c10.indd 276

309 310 311 312 313 314 315 316 317 318 319