 Hey everybody, this is Brian and welcome to the 27th, wow, 27 tutorials on LAMP. Today we're going to be discussing cookies. What are cookies? No, cookies are not the yummy delicious cookies your grandma used to make. Cookies are actually a way of storing information on your end user's computer. Think about that. Why would you want to store something on someone else's computer? Well, the answer is very simply. If you want to track when they last logged in, their username, give them the ability to log in automatically, things of that nature. Maybe if you're a bank you want to record the last transaction ID in case you know their browser closes, you can just open right back up where you left off. You can pretty much anything you want inside of a cookie, within reason I should say. So now that we know what a cookie is, let's see how to work with a cookie. If you go to a php.net slash manual and look up cookies, you can see there is a way to set cookie and it must be called before any output is sent to the browser. That is very, very important. What that means is, let's jump over into our IDE here. Before anything is written to the browser, that's where you need to set cookie. The reason is very simple. It's just the way HTTP works. You have to set the cookie before anything's written to the browser. So that is right where we would want to set our cookie. Now once we've set the cookie, we have to read the cookie back. We do that through a special variable called dollar sign underscore cookie. Now if you're wondering what that is, it's just an array, see? We've worked with arrays in our previous tutorials. So let's go back and look at how to set a cookie. You see there's some parameters here. You have to give it a name and then optionally a value and expire time. Notice that it can equal zero. If it equals zero, that means it'll expire immediately when the session is over. A path, a domain, and if you just read up on these, the name is the name of the cookie. The value is the value you're storing inside of the name. You see how cookie, cookie name, that value will be contained within that array element. The expire time, the time the cookie expires. This is a Unix timestamp, so it's the number of seconds since epoch. In other words, you'll most likely set this with time. And their example is you could use time 60 plus 60 times 60 times 24 times 30 will set the cookie to expire in 30 days. If set to zero or omitted, the cookie will expire at the end of the session. The reason why cookies have to expire is because sometimes information gets old. And the users can go in and at any time clear cookies out of their cache. So cookies are not permanent things. The path is an interesting one. You can actually carve out your domain and say parts of it have cookies and parts of it don't. For example, if you set it to slash or root, then the cookie will be available within the entire domain. If it's set to slash foo slash, the cookie will only be available in the foo directory and all subdirectories, such as foobar, I like that foobar, get it? Anyways, such as foobar of the domain. The domain that would be like, you know, dub dub dub example dot com. Secure is a really good one to know. Basically, what's this saying is set to true, the cookie will only be set if a secure connection exists. Very very important if you're doing something like a banking system. HTTP only is true when the cookie is made acceptable through the HTTP protocol. That means the cookie won't be acceptable by script, excuse me, scripting languages such as JavaScript. Don't confuse PHP with JavaScript. Yes, PHP is a scripting language, but they're talking client side. So that is pretty much it for cookies. We're going to actually work with some examples here. And if you go out to w3schools.com, you can also see they have a fairly good write up on this. So we're just going to take this real quick here. And you see how we have our name, our value. And I'm going to actually change that. And then our expired time. And that's really all you need. Remember, if this is set to zero, which it's zero by default, it'll expire at the end of the session. One thing you should know is that the user's browser may not support cookies. And if it doesn't support cookies, well, you're going to have to find an alternate means of doing this. So we have just loaded a cookie onto the system. Now we're going to want to read that cookie back. That did not work as planned. That's because I got the wrong name in there. Sorry about that. Had me scratching my head for a second like, oh no, what have I done? OK, so you can see how you can set a value, or I'm sorry, a name, a value, an expired time. So let's set another one. The name of my cat, his name shakes, or Shakespeare actually. Let's do a little HTML goodness here. One of my former coworkers a long time ago used to call that buttery goodness. It always just cracked me up every time I heard that. And now you see that we have set the cookie. And the cookie contains two elements, user and cat. Notice how you can set an expired time for each element. Pretty interesting. So the other thing you would really need to know is what if you want to delete a cookie? For example, if you want to log a user out. Well, there's no real direct way of deleting a cookie. You simply set the expired time. For example, set cookie, name, value, time, and then minus 3,600 seconds, which basically be an hour. The expiration to one hour. That would be how you delete a cookie. And W3Schools does a pretty poor job here, in my opinion, of explaining what to do if a browser does not support cookies. They say, well, use a form. Well, there are other ways of handling. For example, in our next tutorial, we'll be discussing sessions. The difference between a cookie and a session is pretty simple. Cookies exist on your user's computer, and they can stay there for a certain amount of time. Whereas a session, that exists on the server itself. And the user never interacts with that, but here's the caveat. When the user closes the browser, the session closes with it. So your options are pretty limited. That is why, ta-da, you see down here, databases exist. Which we'll get to those in a few tutorials. Databases are for more long term storage. So just a quick review. Sessions would be immediate storage on the server itself. When the browser's closed, the session dies. These would be persistent storage on the user's computer, which may or may not exist at any given time, because the user can flush their cookies out. And then long term storage, databases, which exist on the server side. The user's never directly interact with that. Quick review on the code. You must do a set cookie before anything is written to the browser. And at any time, you can read the cookies back. One quick thing you should know. Let's actually go back here. Da-da-da-da-da-da-da. Ah, yes. You can set cookies using set cookie or set raw cookie. Now what's a raw cookie? Basically what you need to understand is that a cookie is encoded before it's sent to the browser. And then when it's read from the browser, because the browser posts it back in the background, it's decoded. Set raw cookie is exactly the same as set cookie, except that the cookie value will not be automatically early encoded when sent to the browser. So if you're having some real squirrely results, like if you're setting a value and it's coming back all garbled up, try set raw cookie. There are some times where you will need to do that. Well, that's all for this tutorial. Thank you for watching. I hope you found this educational and entertaining.