subject: What Are Cookies [print this page] A cookie is a small text file saved by web server on the visitor computer. In internet you often see a check box with text "remember me in this computer" below a login form. The method it uses to remember the user is to set cookie to the user computer. When browser requests the login page again it also sends the previously saved cookie too. Server reads that cookie and directly logs you into your account. This is a very common example of use of cookie. You can use cookies for any purpose, such as you can use them to pass variables among the pages. But remember that do not use cookie to store any sensitive information like credit card number, etc, because they are stored in user computer, not in your secured database.
In short purposes of the cookies are,
* Save important information about the user, e.g. user name, email address etc.
* Passing variables among the pages.
Properties of cookies
A cookie has the following properties.
Cookie domain:
Cookie domain is the domain name which creates the cookie. Two points you must remember about cookie domain that (i) you can't create a cookie with other domain name say www.google.com or www.microsoft.com; and (ii) domain name with or without www are considered as different domain. So you should put domain name ".yourdomain.com" such that cookie becomes available all sub domains under your domain with or without www.
Cookie name:
Cookie name is the name of the cookie by which it will be identified. You require this name identifier when you read or write to the cookie.
Cookie value:
This is the data which you store into a cookie.
Cookie expires:
Cookie expires is the date after which the cookie will be expired. The date format is DD-Mon-YYYY HH:MM:SS UTC. If you omit this argument cookie will be expired after current session.
Cookie path:
Cookie path is the path in which the cookie will be available. If path='/' then cookie will be global cookie within this domain. If you do not mention path then by default it will be the path of the current page creating cookie, i.e. if I create cookie from page http://ramui.com/articles/php-cookie.html without mentioning the path, cookie will be available under path ramui.com/articles/ and all of its sub-directory. Here path = '/articles/'.
Secure:
Secure flag indicates that the cookie should only be transmitted over a secure HTTPS (SSL) connection from the client.
httponly:
It is a Boolean property when TRUE the cookie will be made accessible only through the HTTP protocol. This means that the cookie won't be accessible by scripting languages, such as JavaScript. This setting can effectively help to reduce identity theft through XSS attacks (although it is not supported by all browsers).
