These are some of the main reasons that other approaches have been developed to maintain more information about clients on the server or maybe even on the client's machine.  Three of the main ways to maintain more persistent information about a client are

• cookies
  • actually stored in a common location with other cookies on the client's machine
  • distinct upper limits to the quantity of such information that is allowed
  • organized by the URL of the web server
    • URL of the web server must match this in order to access the information
• session variables
  • last only for the duration of a session/interaction between a client and web server
    • might be used for a shopping basket
• databases
  • much more involved information such as things like
    • shipping address
    • billing address
    • completed orders
    • also can be used for a shopping basket
      • the way I have done shopping basket some information about it is put into particular tables in a database - other information is maintained in session variables that will go away when the session ends
    • user profile

We are now moving into a part of the course where we will work with these approaches.  Our introduction to cookies and session variables will be quite quick, though we will make use of them quite a bit in later developments.  Our introduction to databases will be much more involved.

Cookies.  These are much maligned little critters and to be quite honest, even with as much a I know about them I still don't like there to be much information in them.  Usually, cookies are going to be used for the simplest of things such as

• maintaining a shopper id so that the server can pull up your profile automatically or help you pull it up
  • I don't like to do even this much in case someone else can gain access to my client computer
• maintain your name or username for when you revisit a site
• maintain other little things appropriately

There is an upper limit placed on the amount of cookies a site can store on a client's computer of around 4KB of information.  Each web browser can remember only around 20 cookies from any one server.  Thus this information must be quite limited.

It is also the case that the only information that can be maintained in a cookie is information that you give to the server.  So, all in all, they are unlikely to be the threat that some imagine.  But I do not think you want to be storing remote passwords and usernames in them, which many people have no problem doing!

Another thing that ends up being rather humorous is that unless the programmer knows to set the expiration date appropriately, any cookies will automatically expire at the end of a session.

The following is the function generally used to set a cookie.

• setcookie('cookie_name', 'value', expiration, 'path', 'domain', secure)
  • cookie_name designates how this particular cookie will be named and accessed
  • value designates what you want the cookie to be
  • the expiration, set in seconds, needs to be set in order to ensure the cookie won't expire at the end of the session
    • it is usually done with something like time( ) + additional_seconds
  • the path is used to limit the cookie to be accessible to a certain path within the website
  • the domain is used to the limit the cookie to be accessible only on a particular domain
  • the secure is used to make certain the cookie is only sent over secure HTTPS connections
    • 1 indicates a secure connection must be used
    • 0 indicates it doesn't require a secure connection
      • 0 is the default

Since expiration and secure are integers they are not placed in quotes.

To access a particular cookie you would use the following.

• $_COOKIE['cookie_name']
  • this is an array of the cookies that exist for a particular location on the web server

We will now make use of these in a couple examples.  First we will modify our sticky registration page to take what was written to the form and set cookies if everything passes our input validation tests.  You should call this page register_sticky_cookies.php.

// check for entries in the form
// check for the name
if (strlen($_REQUEST['txt_name']) > 0)
{

$txt_name =true;
$name = $_REQUEST['txt_name'];

}
else
{

$txt_name = false;
echo '<br>You forgot to enter your name';

}
// check for the email address
if (strlen($_REQUEST['txt_email']) > 0)
{

$txt_email =true;
$email = $_REQUEST['txt_email'];

}
else
{

$txt_email = false;
echo '<br>You forgot to enter your e-mail address';

}
// check for the password
// confirm that the first entry
// matches the confirmation entry
if (strlen($_REQUEST['txt_password1']) > 0)
{

if($_REQUEST['txt_password1'] == $_REQUEST['txt_password2'])
{

$txt_password = true;
$password = $_REQUEST['txt_password1'];

}
else
{

echo '<br>You password entry doesn\'t match the confirmation password';

}

}
else
{

$txt_password = false;
echo '<br>You forgot to enter your password';

}
// taking actions based on the form entries
if ($txt_name && $txt_email && $txt_password)
{

// register the user
echo '<br>You are now registered';
// setting the cookies based on appropriate user inputs
setcookie('name', $name, time( )+36000, '/', '', 0);
setcookie('email', $email, time( )+3600, '/', '', 0);
setcookie('password', $password, time( )+360);

}
else
{

echo '<P>Given the above feedback you should<BR>go back and complete the form</P>';

}

}
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method = "post">
<table width=500>
<tr>
<td align=center colspan=2><h2>Please enter all of the following information</h2></td>
</tr>
<tr>
<td align=right><b>Name: </b></td>
<td><input type="text" name="txt_name", size=20,
value = "<?php if (isset($_REQUEST['txt_name'])) echo $_REQUEST['txt_name']; ?>"></td>
</tr>
<tr>
<td align=right><b>EMail Address: </b></td>
<td><input type="text" name="txt_email", size=40
value = "<?php if (isset($_REQUEST['txt_email'])) echo $_REQUEST['txt_email']; ?>"></td>
</tr>
<tr>
<td align=right><b>Password: </b></td>
<td><input type="password" name="txt_password1", size=20></td>
</tr>
<tr>
<td align=right><b>Confirm Password: </b></td>
<td><input type="password" name="txt_password2", size=20></td>
</tr>
<tr>
<td align=center colspan=2><input type="submit" name="cmd_submit" value = "Submit Information"></td>
</tr>
</table>
</form>
</body>
</html>

After inputting appropriate values you should see a form like the following.

Now we want to access the cookies and display them.  We will do this in a form that lacks a submit button.  You should call this file display_cookies.php.

Look at the following list of a portion of my Internet Explorer cookies.