Home  >  Article  >  Backend Development  >  Knowledge points about cookies in PHP

Knowledge points about cookies in PHP

不言
不言Original
2018-05-07 09:26:131604browse

This article mainly introduces the knowledge points about cookies in PHP, which has certain reference value. Now I share it with everyone. Friends in need can refer to it

What is a cookie

Cookies, ie small cookies, are pieces of data stored on the user agent side (browsers are the most common user agents). When browsing the web, the browser will put the valid cookie of the current page in the header of the request and send it to the server.

Cookie composition

Cookie consists of the following parts:

domain, the domain name to which the cookie belongs. When the browser sends a cookie, it will check the domain name to which the cookie belongs and only send it if it matches. The browser will send the cookie under the tlanyan.me domain to the page request of www.tlanyan.me or dev.tlanyan.me, but will not send it to www.baidu.com. Similarly, the cookie of dev.tlanyan.me cannot be sent to tlanyan.me because the domain name is limited to the dev subdomain.

path, the path to which the cookie belongs. Cookies set to /author will not be sent to the /category path, but cookies set to / will be sent to all page requests.

name, the name of the cookie (key name).

value, the value (content) of the cookie.

expires, expiration time.

secure, whether the cookie will only be sent when https.

httponly, whether it is only used for http transmission. When set to true, browser-side scripting language will not be able to access the cookie.

Uses of cookies

Cookies are mainly used in the following aspects:

http is a stateless protocol, and additional information is needed to maintain the session. To mark data, cookies are the most commonly used method. The two common types of cookies, PHPSESSID and JSESSIONID, are used to maintain sessions in PHP and Java web applications respectively.

Some data needs to be stored on the client side, and cookies are an option. After the user checks "Don't prompt again", the logo can be saved to the client, and the program can be accessed again to read the settings and decide whether to display it. With the popularity of HTML 5, this part of the function is slowly being replaced by localStorage.

Cookie operation on PHP side

Reading cookies can read all cookies sent from the user side through the $_COOKIE super global variable. $_COOKIE is an array that can be traversed to read the name and value of the cookie sent. The browser only sends the key value of the cookie to the server, so it cannot read the domain/path/exipres and other information of the cookie because.

PHP provides the setcookie function to send cookies to the client. The function signature of setcookie is:

bool setcookie ( string $name [, string $value = "" [, int $expire = 0 [, string $path = "" [, string $domain = "" [, bool $secure = false [, bool $httponly = false ]]]]]] )

The parameters correspond to the content of the cookie: expires defaults to 0, which means that only the current session is valid, after the user closes the browser The cookie will be cleared; path defaults to the current page path, that is, the part before the last backslash of the URL; domain defaults to the domain name of the current page. If you want to expand the scope of use, it can be set to the parent domain name or top-level domain name; httponly defaults to is false, it is recommended to set it to true to avoid XSS attacks.

To delete a cookie, you only need to set the expires of the cookie to a past timestamp, such as time() – 3600. So to delete the cookie foo, the code can be

setcookie('foo', '', time() - 3600);

Good cookie practices

From the literal meaning of cookie It can be seen that what is saved is the data fragment. Cookies are used frequently in web development and should be understood more. The following are some good practices for using cookies:

Oversized and excessive data should not be saved in cookies;
Cookies are clearly visible on the client and in transmission, and sensitive data should not be saved in cookies Information;
For the security of the site and users, set the httponly attribute of the cookie to true as much as possible;
Cookies are fully controlled by the client and are also external inputs. The server cannot blindly trust them and should filter them.
Others

Cookies are sent with the request and set to the client with the response. After understanding this process, you can understand some common problems for novices, such as the following code:

if (!isset($_COOKIE['foo']) {
   setcookie('foo', 'foobar');
 } 
 $foo = $_COOKIE['foo'];

When the cookie foo is not set, line 5 An error will occur during operation. The reason is that setcookie sets the cookie information for this response. The browser needs to receive the response and set it before it can attach the cookie to subsequent requests, and it is not reflected in this request.

Similarly, cookies exist in the header information of requests and responses, and the header should be before the request body, so the function context usage restrictions of setcookie are the same as the header function, that is: it cannot have been sent before. Response text.

Related recommendations:

Use of Cookies in PHP

php uses cookies to realize the function of web pages remembering user names and passwords

php set cookies

The above is the detailed content of Knowledge points about cookies in PHP. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:Session learning in PHPNext article:Session learning in PHP