User identification using cookies in PHP/MySQL

(Page 1 of 3 )

What is a cookie and how do we use them in PHP? If you can not answer this question, you should definitely have a read through this article.

This article will explain the basics and possibilities of user identification using cookies. First of all the mechanics of cookies must be explained in order to understand what can be passed to cookies and how well protected that information is.

Cookies are ASCII files that browsers store in temporary internet directories. These files are set by internet webpage, either through HTTP header properties, or by using javascript code. Therefore, the browser is the one responsible of storing the cookie files, by request of the viewed page. All that gets transmitted from remote page is a set of variables the cookie should contain. A cookie contains several variables that are important to us:

• name string
• information string, called VALUE
• expiration time
• relevant host address
• relevant host directory

Name is cookie’s name. By this name it will be identified in our script.

The value is a string that can carry certain information. In our case, it will hold the data user is identified by. Expiration time is number of seconds passed since January 1., 1970., midnight GMT. Therefore, it represents accurate date/time combination when the cookie is no longer valid. The host address identifies the host this cookie will be transmitted to, and the directory represents host’s subdirectory which should receive this cookie.

In other words, by setting the address and directory you somewhat ensure that only files contained within that directory and on that host will receive the cookie. For example, you have a script called identify.php with the following url:

www.somedomain.com/somedirectory/identify.php

To ensure only identify.php will receive the desired cookie, the cookie’s host address must be “.somedomain.com” and the directory must be “/somedirectory/”. Browsers will recognize the addres/directory combination and will pass the cookie to the identify.php script. Note that domain address has a dot as the first character. This ensures that any prefix validates the domain, prefixes being ‘www’ or ‘ftp’ or any other.

So the mechanism is this: browsers register domains and directories for all cookies stored in a local directory. When the browser is directed to a particular URL, only the cookies that are registered for that URL (domain/directory combination) will be passed to a HTML or PHP file in that URL, along with all those cookies that do not have domain address nor host directory set (which are in that case passed to all URL’s browsers are directed to). Also, only those cookies that have not yet expired will be passed. Expired cookies will be deleted from local computers by the browser.

This article assumes that the reader is familiar with PHP programming and usage of MySQL databases.

Next: The Article >>
 

More PHP Articles
More By Vladmir Krstulja

Comments On: User identification using cookies in PHP/MySQL

· HI.There is possible to make it even more secure.Pitfal with cookies is that...   >>> Post your comment now!