Posted by: prajapatinilesh | December 13, 2007

About Cookies

What is a cookie?

    Sometimes it becomes necessary to track certain user details like (No. Of Visits, names, last visit, etc). The client machine stores such information and sends it to the web server whenever there is a request. Cookies data are sent along with the HTTP headers. You can look at this URL to know more about how they work. http:\\www.cookiecentral.com\faq\

Difference between session and cookie?

    The key difference would be cookies are stored in your hard disk whereas a session aren’t stored in your hard disk. Sessions are basically like tokens, which are generated at authentication. A session is available as long as the browser is opened.
    Sessions are popularly used, as the there is a chance of your cookies getting blocked if the user browser security setting is set high.
    Note: When you issue a session_start() it generates a sessionID and places that on the client side in a cookie. There are also some ways to avoid this using the tag rewrite.

How secure is storing password using cookies?

    Generally we store the cookies with the username followed by the password. Now we can use any algorithm to encrypt the password before we store then to make it secured. Now we will have the user name and encrypted password stored in the cookie, which again can be played around. A good practice would be to avoid the storing of user name and using a unique ID generated. This is a overhead which we have to compromise to make thinks more secure.

PHP Cookie Function

    As told earlier cookie is sent along with the HTTP headers and to do this we have the set_cookie() function.
    boolean setcookie ( string name [, string value [, int expire [, string path [, string domain [, int secure]]]]] )
    All the arguments except the name argument are optional. If only the name argument is present, the cookie by that name will be deleted from the remote client. You may also replace any argument with an empty string (“”) in order to skip that argument. The expire and secure arguments are integers and cannot be skipped with an empty string. Use a zero (0) instead. The expire argument is a regular Unix time integer as returned by the time() or mktime() functions. The secure indicates that the cookie should only be transmitted over a secure HTTPS connection.

Common Errors

    Warning: Cannot modify header information – headers already sent by….
    Always ensure there are no white spaces or HTML tags before the cookie function. When you start with a blank line in your PHP file there is a possibility of getting this error.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: