Home > Article > Backend Development > Detailed explanation of cookie usage cases in PHP
This time I will bring you a detailed explanation of cookie usagecases in PHP, and what are thenotesfor using cookies in PHP. The following is a practical case, let’s take a look.
What is a cookie
Cookies, that is, small cookies, are some pieces of data stored on the user agent side (browsers are the most common user agents). When browsing the web, the browser will put the valid cookie of the current page in the header of the request and send it to the server.
Cookie composition
Cookie consists of the following parts:
domain, the domain name to which the cookie belongs. When the browser sends a cookie, it will check the domain name to which the cookie belongs and only send it if it matches. The browser will send the cookie under the tlanyan.me domain to the page request of www.tlanyan.me or dev.tlanyan.me, but will not send it to www.baidu.com. Similarly, the cookie of dev.tlanyan.me cannot be sent to tlanyan.me because the domain name is limited to the dev subdomain.
path, the path where the cookie belongs. Cookies set to /author will not be sent to the /category path, but cookies set to / will be sent to all page requests.
name, the name of the cookie (key name).
value, the value (content) of the cookie.
expires, expiration time.
secure, whether the cookie will only be sent when https.
httponly, whether it is only used for http transmission. When set to true, browser-side scripting language will not be able to access the cookie.
Uses of cookies
Cookies are mainly used in the following areas:
http is a stateless protocol, and additional data is required to mark the session in order to maintain it. , cookies are the most commonly used means. The two common types of cookies, PHPSESSID and JSESSIONID, are used to maintain sessions in PHP and Java web applications respectively.
Some data needs to be stored on the client side, and cookies are an option. After the user checks "Don't prompt again", the logo can be saved to the client, and the program can be accessed again to read the settings and decide whether to display it. With the popularity of HTML 5, this part of the function is slowly being replaced by localStorage.
Cookie operation on the PHP side
Reading cookies can read all cookies passed by the user through $_COOKIESuper global variable. $_COOKIE is an array that can be traversed to read the name and value of the cookie sent. The browser only sends the key value of the cookie to the server, so it cannot read the domain/path/exipres and other information of the cookie because.
PHP provides the setcookie function to send cookies to the client. The function signature of setcookie is:
bool setcookie ( string $name [, string $value = "" [, int $expire = 0 [, string $path = "" [, string $domain = "" [, bool $secure = false [, bool $httponly = false ]]]]]] )
The parameters correspond to the content of the cookie: expires defaults to 0, which means that it is only valid for the current session. The cookie will be cleared after the user closes the browser; path defaults to the current page path , that is, the part before the last backslash of the URL; domain defaults to the domain name of the current page. If you want to expand the scope of use, it can be set to the parent domain name or top-level domain name; httponly defaults to false, and it is recommended to set it to true to avoid XSS attacks.
To delete a cookie, you only need to set the expires of the cookie to the past timestamp , such as time() – 3600. So to delete the cookie foo, the code can be
setcookie('foo', '', time() - 3600);
Good practices for cookies
It can be seen from the literal meaning of the cookie that it saves data fragments. Cookies are used frequently in web development and should be understood more. The following are some good practices for using cookies:
Oversized and excessive data should not be saved in cookies;
Cookies are clearly visible on the client and in transmission, and sensitive data should not be saved in cookies Information;
For the security of the site and users, set the httponly attribute of the cookie to true as much as possible;
Cookies are fully controlled by the client and are also external inputs. The server cannot blindly trust them and should filter them.
Others
Cookies are sent with the request and set to the client with the response. After understanding this process, you can understand some common problems faced by novices, such as the following code:
if (!isset($_COOKIE['foo']) { setcookie('foo', 'foobar'); } $foo = $_COOKIE['foo'];
When the cookie foo is not set, an error will occur on line 5. The reason is that setcookie sets the cookie information for this response. The browser needs to receive the response and set it before it can attach the cookie to subsequent requests, and it is not reflected in this request.
Similarly, cookies exist in the header information of requests and responses, and the header should be before the request body, so the function context usage restrictions of setcookie are the same as the header function, that is: the response body cannot have been sent before.
I believe you have mastered the method after reading the case in this article. For more exciting information, please pay attention to other related articles on the php Chinese website!
Recommended reading:
php curl batch implementation of controllable concurrent asynchronous operation case details
PHP MySQL implements message queue Detailed explanation of steps
The above is the detailed content of Detailed explanation of cookie usage cases in PHP. For more information, please follow other related articles on the PHP Chinese website!