Implementing PHP-based Sessions and Cookie Settings

As sites become more expansive and require additional layers of information from users, cookies have become a primary method of storing session and user preferences. Cookies are simply text files stored locally on user’s computers which serve as a key so sites can recognize users for future visits.

Common uses of cookies include account logins, site preferences, advertising targeting and visit history. For example, cookies can help Google recognize what types of advertisements to show to you or that you’re still logged into your account as you switch from calendar to email and social networks.

With the growing importance of customizing sites based upon user preferences, PHP-based websites often implement and extend cookie functionality into new areas. Both content and e-Commerce sites alike utilize cookies for these purposes, and can make for a richer user experience in a variety of ways.

Session based user memory doesn’t allow for retargeting, login memory or user preferences beyond when a browser is closed – cookies, on the other hand, allow for longer term memory and functionality. Learning how to implement, update and modify cookie settings, as well as understanding the privacy implications can play a large role in how you structure your policies.

Coding Principles for Implementing PHP Cookies

You can utilize PHP code to set various types of cookies of variable lengths. The length of a cookie relates to how long it “lives” on a given user’s computer, although users can also manually delete them in advance of the expiration date. Implementing cookies should also influence how you structure your site’s privacy policy which should feature the cookie length, purpose and use explicitly according to regulations. There are three primary elements in setting a cookie – the setting, retrieval and deletion.

1. Setting a Cookie

There are three parameters when setting a cookie including the name, start date and expiration date all measured in seconds (the most granular time block):

setcookie(name, start, expiration)

<?php
     $Month = 2592000 + time();
     setcookie(Visitor, date("F jS - g:i a"), $Month);
?>

2. Retrieving a Cookie

When a user returns to your site, you’ll have to program the site to retrieve the cookie and identify the user. This can be accomplished through either a background code or through a visible message:

<?php
if(isset($_COOKIE[‘Visitor’]))
{
echo "Welcome, $user <br>;
}
else
{
echo "Thanks for visiting, please register an account.";
}
?>

The order of the code matters here since you should retrieve the cookie before setting it, since this will update the settings properly and ensure the previous cookie is not overwritten before calling it. When a user needs to log out (especially for public settings), it’s important to ensure the cookie is deleted so their session is protected by setting a cookie which expires in the past (we use 5 seconds in the example, but any integer value beyond 1 is fine.) This is important to ensure private details from users are protected.

3. Deleting a Cookie

To delete a cookie, simply set its expiration date in the past :

<?php
$past = time() - 5;
setcookie(Visitor, date("F jS - g:i a"), $past);
?>

External Links

• Encrypted Session Cookies in PHP
• PHP Session Sharing Among Subdomains