User identification using cookies in PHP/MySQL (Page 1 of 3 )
This article will explain the basics and possibilities of user identification using cookies. First of all the mechanics of cookies must be explained in order to understand what can be passed to cookies and how well protected that information is.
information string, called VALUE
relevant host address
relevant host directory
Name is cookie’s name. By this name it will be identified in our script.
The value is a string that can carry certain information. In our case, it will hold the data user is identified by. Expiration time is number of seconds passed since January 1., 1970., midnight GMT. Therefore, it represents accurate date/time combination when the cookie is no longer valid. The host address identifies the host this cookie will be transmitted to, and the directory represents host’s subdirectory which should receive this cookie.
In other words, by setting the address and directory you somewhat ensure that only files contained within that directory and on that host will receive the cookie. For example, you have a script called identify.php with the following url:
To ensure only identify.php will receive the desired cookie, the cookie’s host address must be “.somedomain.com” and the directory must be “/somedirectory/”. Browsers will recognize the addres/directory combination and will pass the cookie to the identify.php script. Note that domain address has a dot as the first character. This ensures that any prefix validates the domain, prefixes being ‘www’ or ‘ftp’ or any other.
So the mechanism is this: browsers register domains and directories for all cookies stored in a local directory. When the browser is directed to a particular URL, only the cookies that are registered for that URL (domain/directory combination) will be passed to a HTML or PHP file in that URL, along with all those cookies that do not have domain address nor host directory set (which are in that case passed to all URL’s browsers are directed to). Also, only those cookies that have not yet expired will be passed. Expired cookies will be deleted from local computers by the browser.
This article assumes that the reader is familiar with PHP programming and usage of MySQL databases.