First time here? Welcome to the site! A log of this visit has been recorded using cookies. Refresh the page to see cookies in action!

---

What are Cookies? | Why are Cookies Useful? | Examples | Cookies And Sessions | Security Concerns

PHP - Cookies are set in PHP via the setCookie() function. The function has six parameters that correspond to the attributes described in the first section of this tutorial. However, only the first (name) parameter is required. Refer to the formal documentation for a more thorough treatment of the parameter list. One thing to note is that the function expects the expiration date in the form of a Unix timestamp.

Cookies are retrived in PHP via the $_COOKIE or $HTTP_COOKIE_VARS arrays. For instance, if you set a cookie with the name my_cookie, then you would retrieve the cookie by referencing $_COOKIES['my_cookie']. Note that the $_COOKIES syntax is only available as of PHP 4.1.0. If you have register globals turned on, the cookie will automatically be in scope under the variable name $my_cookie. The link below demonstrates the use of cookies through PHP. Play around with the page first, then view its source here.

  Cookies in PHP

JSP - In order to use cookies within a JSP page, a web developer must make use of the Cookie class, which is part of the javax.servlet.http library. There is no need to import the Cookie class when developing JSP applications because the entire javax.servlet.http library is available by default. The Cookie class expects two string parameters in its constructor, corresponding to the cookie's name and value, respectively. The cookie may be further defined by using the setPath, setMaxAge, and other member functions of class Cookie. The most notable of these functions is setMaxAge, which allows the developer to specify the cookie's timestamp. However, unlike PHP where you provide an absolute timestamp, Java expects a relative measurement. If the age is set to a negative number, then the cookie becomes a session cookie and will expire automatically when the session ends. If the age is set to zero then the cookie will be deleted on the user's machine. Once a Cookie object has been instantiated, it must be added to the server's response to the webpage request. This is accomplished by calling response.addCookie(). Thus, a typical cookie in JSP might look as follows:


In order to extract cookie values from an HTTP request in JSP, it is necessary to call request.getCookies(), which returns an array of Cookie objects or null if no cookies were received. The cookie may then be examined, modified, and potentially reused.

Javascript - Javascript stores cookie values in a single, globally accessible object/property known as document.cookie, which may be treated like a string for all practical purposes. It is unlike a string in the sense that if you say document.cookie = "some string", the previous contents of document.cookie are not overwritten. Instead, the new assignment is simply appended to the end of the existing string. Since multiple cookies are all stored within a single string, semicolons are used to separate the cookies and their respective parameters. Therefore, Javascript does not allow cookies to contain any semicolons, commas, or whitespace. This is easily remedied by calling escape(my_string) prior to storing the variable my_string in a cookie, and calling unescape(my_string) when the cookie value is later retrieved. The following code shows how to manually set a cookie in Javascript.

As you can see, the syntax of Javascript cookies is quite strict and cumbersome. Furthermore, retrieving cookie values from document.cookie is very painstaking. Doing so requires manual string analyzations. Thankfully, many libraries exist for the purpose of automating these processes. The file cookies.js, written by Scott Andrew, contains three simple and readable functions that streamline cookies in Javascript.

Cookies and Sessions

Email: mcintyr@cs.montana.edu   Last Updated: June 8th, 2005