On Mon, 17 Sep 2001, Jason Caldwell wrote:

> I've been reading the threads under SETCOOKIE (from php.net) -- some people
> are saying that setcookie doesn't seem to work for all browsers all of the
> time.  Then some others go into how it seems to actually be the TIME format
> (unix time vs. GMT time) --
> Should I just stick to the HEADER version instead of setcookie?

Take a look at the comment dates; the earliest ones date back to 1998,
which IIRC was around version 3.0.12 of PHP if not earlier.  Given PHPs
open source nature I'd imagine any wrong-doings of setcookie() have been
fixed but perhaps a PHP deveoper would be better able to comment on this.
I'd try it with setcookie() first, test it out with your target browsers
and only change to header() if needed.

> Also -- I'm not completely clear on how cookies work in the first place...
> Q1: When I set a cookie, is that cookie automatically called from *each*
> page on my website?  Or, do I need to add the HEADER to each page where I
> want to call the cookie?

Yes, the browser will shove back all cookies if they're viewable by that
script.  That's just how HTTP works, it shoves a request over with all
supporting data, awaits the request and kills the connection(^*).

> Q2: The 'Cookie Path' -- is this the PATH on my websever -- someone please
> explain what this is exactly, and how it works.

Yep, path on the webserver.  If you set a cookie with domain
www.yourdomain.com and path /scripts only request to
www.yourdomain..com/scripts and below will see it.

> Q3: The scenario I would like to use cookies in is to have users
> automatically be logged in when they come to my home page... so I will need
> to store the Username and Password in the cookie... should I store these in
> an Array, or can I create multiple cookies -- in other words, a cookie can
> only store one value, correct?  So, I can use Serialize / Unserialize to
> store Array information in my cookies?

Using serialize/unserialize isn't a bad idea, but neither is setting two
cookies in my opinion.  I'd say take your pick, choose whatever's most
comfortable for you.  I'd recommend only looking at the username/password
cookies if a PHP session hasn't been established though to save you from
takeing a quick query to your DB for every hit on each page though.

I'll skip the security mumbo-jumbo for now on passing stuff around in
plaintext because I'm not sure if that's really of any concern for your
project.  If it is, and you're clueless as to what I'm talking about, let
me know and I'll try and elaborte a bit more.

[*]  HTTP -used- to kill the connection after every request but now
sessions can be held open to save overhead.  The ramifications of this
change in design have absolutely no effect on application design though
because it's not guaranteed behavior.

Justin Buist
Trident Technology, Inc.
4700 60th St. SW, Suite 102
Grand Rapids, MI  49512
Ph. 616.554.2700
Fx. 616.554.3331
Mo. 616.291.2612

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to