Session and cookie session control

COOKIEcookie of 1PHP is a mechanism for storing data on a remote browser and tracking and identifying users. PHP sends a cookie in the http header. Therefore, the setcookie () function must be called before other information is output to the browser.

1. PHP COOKIE

Cookie is a mechanism for storing data in a remote browser and tracking and identifying users.

PHP sends cookies in the http header. Therefore, the setcookie () function must be called before other information is output to the browser, which is similar to the header () function.

1.1 Set cookie: (session cookie, persistent cookie)

You can use the setcookie () or setrawcookie () function to set the cookie. You can also set it by sending an http header directly to the client.

1.1.1 Use the setcookie () function to set the cookie:

Bool setcookie (string name [, string value [, int expire [, string path [, string domain [, bool secure [, bool httponly])

Name: cookie variable name

Value: The value of the cookie variable.

Expire: the end time of the validity period,

Path: valid directory,

Domain: valid domain name, unique in top-level domain

Secure: if the value is 1, the cookie can only be valid for https connections. if the default value is 0, both http and https can be used.

Httponly: if the value is 1, the cookie can only be accessed through the HTTP protocol, but cannot be accessed through the script, which effectively avoids XSS attacks. Example:

1.  
2. $ Value = 'something from somewhere ';
3. Setcookie ("TestCookie", $ value );
4. Setcookie ("TestCookie", $ value, time () + 3600 );
5. Setcookie ("TestCookie", $ value, time () + 3600 ,"/~ Rasmus/"," .example.com ", 1 );
6. ?>

Set multiple cookie variables: setcookie ('Var [a] ', 'value'); use an array to represent variables, but its subscript is not enclosed in quotation marks. (the subscript is automatically added. if the quotation mark is added, it will be repeated or may be escaped. the subscript is unavailable) in this way, you can use $ _ COOKIE ['var'] ['A'] to read the COOKIE variable.

1.1.2. use header () to set the cookie;

Header ("Set-Cookie: name = $ value [; path = $ path [; domain = xxx.com [;...]");

The following parameters are the same as those of the setcookie function listed above. for example:

$ Value = 'something from somewhere ';

Header ("Set-Cookie: name = $ value ");

1.1.3. Cookie storage location

Different browsers store cookies in different locations, and even different storage formats. For example, IE stores Cookies in C: \ Documents Ents and Settings \ Username \ Cookies. each cookie is a txt file, the file name is named "user name @ website URL"; firefox stores the cookie in the C: \ Documents Ents and Settings \ User name \ Application Data \ Mozilla \ Firefox \ Profiles \ random directory, A cookie is displayed in the directory. sqlite file (firefox3.X version). all cookies are stored in this file.

1.2 Cookie reading:

Directly use php's built-in Super global variable $ _ COOKIE to read the cookie on the browser.

Print $ _ COOKIE ['testcooker'];

1.3 Delete a cookie

(1) set the effective time to less than the current time.

(2) set the value to null.

Example: setcookie ("name", "", time ()-1 );

Similar to header.

1.4 Troubleshooting:

1) when setcookie () is used, an error message (headers already sent...) is displayed ...), it may be because there is an output or space before the setcookie () call. or your document may be converted from other character sets. the document may contain BOM signatures (that is, add some hidden BOM characters to the file content ). the solution is to prevent this problem in your document. you can also use the ob_start () function to handle this problem.

2) $ _ COOKIE is affected by magic_quotes_gpc and may be automatically escaped

3) it is necessary to test whether the user supports cookies.

1.5 cookie working mechanism:

A) when the client first requests the server, if the server has a cookie-setting statement, the server sends an http Set-Cookie header along with the response, set a cookie file on the client.