What Cookies Are
Cookies are mechanisms generally supported by browsers (and php) to store data locally on a browser. While they cannot save
large amounts of data, they're useful because they are very versatile and can be used to store many different kinds of data. This includes
numerical data (passwords, credit card informations), time data (the number of times you have visited, the date of your initial visit) and much more.
While cookies are reliable and malware free, they come with the browser, so if the user switches to a new browser,
the data will not
transfer automatically. However, there are exceptions such as firefox, which asks you whether you want to transfer data from
your previous browser.
Cookies are now an invaluable part of modern net, as authentication cookies are often used to check whether a user is
logged in to a page and whether to send sensitive information or not. Without cookies, every time you go to a new page, you'd
be required to log in again!
While cookies are not able to carry viruses or malware, they are still quite dangerous, as tracking cookies can be used
to steal information from the user's browser such as histories and passwords. Cookies can also be stolen by hackers for the
information within them.
The information saved within cookies is now so sensitive that it is a big problem when it
falls into the hand of a hacker.
Types of Cookies
There are many type of cookies, but they mostly fall under two categories : Session Cookies and Persistent Cookies.
- Session Cookies
do not have a expiration or validity date, making them very temporary and are often deleted
when the browser closes or when the user leaves the website.
- Persistent Cookies
are more permanent and last until the expiration date is reached. This kind of cookie sends back data
every time the user visits the website until it expires. These types of cookies are sometimes called tracking cookies because they
can be used to store vital information and are not deleted quickly. They are also the more dangerous kind, but their uses
have become invaluable to our modern net surfing days as passwords and mini-game datas are saved using them.
How They're Made
Cookies are technically not made, but they are set and stored in the browser by the maker of a website. We use the php code of
setcookie() to define a cookie and its use. Cookies are restricted like headers and must be placed before all other outputs
including and
tags.
Cookies are separated into 6 different parameters: name, value, expire, path, domain, and secure. For the ease of examples, our
the cookie will be named ThisIsACookie.
- Name : the name of the cookie, it is inserted as a string. ex. "ThisIsACookie"
- Value : what the cookie stores, it is retrieved using $_COOKIE["ThisIsACookie"]
- Expire : The time the cookie passes before it expires, it is usually written using the time function + number of
seconds, if this part is not written or set as 0, the cookie is set as a session cookie and will expire
when the browser is closed.
Ex. time()+ 3600 <- this will set the cookie to expire in 1 hour, you can also write it in multiplying
form (such as time()+60*60*24*30), which will set the expiration to 30 days.
- Path : This sets where the cookie will stick to your browser, the default is the current directory of the cookie,
and "/" will set the cookie to be available on the entire domain.
Ex. /full will make the cookie available from the directory /full and any sub-directory it has.
- Domain : The domain the cookie will be available on, it works with the path to specify where the cookie will be stored
from. The domain is like "www.shodor.org" or "shodor.org".
The other two are both used for security reasons, they are both set as true or false.
- Secure : The cookie will only be sent when a secure HTTP server is found if this is set to true.
- Httponly : The cookie will only work under under HTTP protocol, no scripting will work when this is set to true, while
this is not supported by all browsers, it can be used to reduce identity theft through XSS attacks(Cross-site Scripting attack, which
like its name, require the execution of scripts).
How to use them
After a cookie is set with a value, the code $_COOKIE["ThisIsACookie"] can be used to retrieve the value stored
within a cookie.
How they're used
Cookies are often used to store passwords and other numerical datas, some of them may contain more than one as well.
Example of how they're coded
setcookie( "ThisIsACookie",$ValueHere,time()+60*60*24 ,"/","www.shodor.org",false,false)*
*Though most of the time, cookies only have the first part of the code, stopping at time.