Setting Cookies

Before you start setting cookies, determine how you will use them and at what point you will set them. Whatever cookies you decide to set, remember that you absolutely must set a cookie before sending any other content to the browser, because a cookie is actually part of the header information.

If you heed this warning, you won't spend hours wondering why you're getting "Cannot add header information" errors. This sample code does just that.

It produces the error shown in the following figure.

Anytime you see this error, assume that you've sent something to the web browser before its time. This can include white space, a line break, or text you can actually see.

The setcookie() function, used to set one cookie at a time, expects six arguments:

Name. Holds the name of the variable that is kept in the global $_COOKIE and is accessible in subsequent scripts.
Value. The value of the variable passed in the name parameter.
Expiration. Sets a specific time at which the cookie value is no longer accessible. Cookies without a specific expiration time expire when the web browser closes.
Path. Determines for which directories the cookie is valid. If a single slash is in the path parameter, the cookie is valid for all files and directories on the web server. If a specific directory is named, this cookie is valid only for pages within that directory.
Domain. Cookies are valid only for the host and domain that set them. If no domain is specified, the default value is the host name of the server that generated the cookie. The domain parameter must have at least two periods in the string in order to be valid.
Security. If the security parameter is 1, the cookie will only be transmitted via HTTPS, which is to say, over a secure web server.

This next line is an example of a cookie called id with a value of 55sds809892jjsj2. This particular cookie expires in four hours (the current time plus 14,400 seconds), and it is valid for any page below the document root on the domain yourdomain.com.

setcookie("id", "55sds809892jjsj2", time()+14400, "/" ,".yourdomain.com",0);

In the next section, I'll give you a cheat sheet for common values of time. Then you'll move into using cookie variables.

Counting Time

If you want to specify an expiration date or time, the easiest way is to tell PHP to count forward for you, and then place a value in the expiration slot within the setcookie() function. This value should be a Unix time integer (the number of seconds since January 1, 1970), which you can get using the time() function with additional seconds added to it.

Setting an expiration date on your cookies builds in some extra assurances of the validity of your users. If you set your cookie without a time limit, it will automatically expire when the users close their browsers. This is useful when users are sharing computers; you don't want the next user to have all the access afforded by the previous user's cookie. Similarly, you might want to set a cookie for only 15 minutes, if you are building an online store that allows you to receive a discount on everything purchased in the first 15 minutes of your users' visits.

Table 16.1 shows some common uses of time()+n within the setcookie() function.

Table 16.1: Common Times
Value	Definition
time()+60	One minute from the current time
time()+900	15 minutes from the current time
time()+1800	30 minutes from the current time
time()+3600	One hour from the current time
time()+14400	Four hours from the current time
time()+43200	12 hours from the current time
time()+86400	24 hours from the current time
time()+259200	Three days from the current time
time()+604800	One week from the current time
time()+2592000	30 days from the current time

Setting a Test Cookie

The goal of this little script is just to set a test cookie and then print a message to the screen. Before you start, ensure that you do not have any personal firewall settings blocking incoming cookies. Also, modify your web browser preferences to prompt you before setting cookies. This is the only way to watch a cookie as the server attempts to send it to your browser.

Open a new file in your text editor and start a PHP block. Then create a set of variables called $cookie_name, $cookie_value, $cookie_expire, and $cookie_domain, and give them the following values:
```
<?
$cookie_name = "test_cookie";
$cookie_value = "test string!";
$cookie_expire = time()+86400;
$cookie_domain = "127.0.0.1";
```
Note
Substitute your own domain name for the value of $cookie_domain, if you are not using 127.0.0.1 (localhost) as your domain.

Use the setcookie() function to set this test cookie and then close the PHP block:

setcookie($cookie_name, $cookie_value, $cookie_expire, "/" ,
$cookie_domain, 0);
?>

Type the following HTML:

<HTML>
<HEAD>
<TITLE>Set Test Cookie</TITLE>
</HEAD>
<BODY>
<h1>Mmmmmmmm...cookie!</h1>
</BODY>
</HTML>

Save the file with the name setcookie.php, and place this file in the document root of your web server.
Open your web browser and type http://127.0.0.1/setcookie.php.

You should see a dialog box prompting you to accept the cookie. The actual dialog box will differ from browser to browser, as will the action buttons.
Click on Allow to accept the cookie.

You should see the HTML text.