Chapter 6: User Tracking and Session Management

You can't effectively track visitors on a Web site without a little intervention. Every Web server tracks basic accesses, meaning that for each "hit," it keeps a log of at least the date and time, the IP or domain name of the user making the request, and the name of the file that was sent. This type of log isn't very helpful when you want to track buying trends or user preferences, and it doesn't give you any real insight into your user base. The solution to this problem requires definite planning, but it is easy to implement using cookies or full-blown user sessions.


Cookies are little pieces of text that are sent to a user's browser along with the pretty pictures and well-worded content of a good Web site. They can help you create shopping carts, user communities, and personalized sites. For example, say you've planned to assign an identification variable to a user so that you can track what he does when he visits your site. First, the user logs in, and you send a cookie with variables designed to say, "This is Joe, and Joe is allowed to be here." While Joe is surfing around your site, you can say "Hello, Joe!" on each and every page. If Joe clicks through your catalog and chooses 14 different items to buy, you can keep track of these items and display them all in a bunch when Joe clicks on Checkout. But what happens when a user doesn't accept cookies? Are your well-laid plans all for naught? Will Joe ever get to buy those 14 items?

These sorts of identification cookies are valuable in e-commerce sites, when you're creating a shopping system that allows the user to store selected items until he's ready to pay for them. You can use cookies for all sorts of things, but because e-commerce sites are popular, we'll go with that example.

Setting Cookies

Before you go around setting cookies, determine how you will use them and at what point you will set them. Do you want to check for a cookie on every page of your site, and set one if it doesn't exist? How will you use the cookie data? Whatever cookies you decide to use, remember that you absolutely must set a cookie before sending any other content to the browser. If you remember this, you won't spend hours wondering why you're getting "Can't send additional information, header already sent" errors from your scripts.

PHP has a built-in function for setting cookies called setcookie(), which expects six arguments:

  • Name. Holds the name of the variable that will be kept in the $_COOKIE superglobal, and will be accessible by subsequent scripts.

  • Value. The value of the variable passed in the Name argument.

  • Expiration. Sets a specific time at which the cookie value will no longer be accessible. Cookies without a specific expiration time will expire when the Web browser closes.

  • Path. Determines for which directories the cookie is valid. If a single slash is in the path parameter, the cookie is valid for all files and directories on the Web server. If a specific directory is named, this cookie is valid only for pages within that directory.

  • Domain. Cookies are valid only for the host and domain that set them. If no domain is specified, the default value is the host name of the server that generated the cookie. The domain parameter must have at least two periods in the string in order to be valid.

  • Security. If the security parameter is 1, the cookie will only be transmitted via HTTPS, which is to say, over a secure Web server.

The following snippet of code shows how to set a cookie called id with a value of 55sds809892jjsj2. This particular cookie will expire in four hours (the current time plus 14,400 seconds), and it is valid for any page below the document root on the domain

 setcookie("id", "55sds809892jjsj2", time()+14400, "/" ,"", 0); 

Reading Cookies

There's an element to using cookies that most people forget about (until they spend a few hours trying to debug something that isn't even wrong), and that's the fact that when a Web browser accepts a cookie, you can't extract its value until the next HTTP request is made.

In other words, if you set a cookie called name with a value of Jane on page 1, you can't extract that value until the user reaches page 2 (or page 5 or page 28-just some other page that isn't the page on which the cookie is initially set).

When it is time to extract a value from a cookie, simply extract the value from the $_COOKIE superglobal. If you set a cookie like the one described above, where name is the name of the cookie, you would print the value like this:

 <? echo "$_COOKIE[name]"; ?> 

Hopefully, it would print the string "Jane" to the screen.

PHP Essentials
PHP Essentials, 2nd Edition
ISBN: 1931841349
EAN: 2147483647
Year: 2002
Pages: 74 © 2008-2017.
If you may any questions please contact us: