Conceptual Explanation

As indicated already, cookies are small files associated with each browser, holding information written by a Web site. A cookie holds:

  • The name of the Web site and two additional fields (path and domain) indicating the extent of this Web site, specifically what files might have access to the cookies

  • A flag indicating if the cookie is only to be sent over secured lines

  • An expiration time

  • The name of the cookie

  • The value of the cookie

A cookie is intended to be read by the same site that created it. However, the mechanism provides for refining or expanding the specification of the site. If the site holding the Web page setting the cookie is, you can specify a path so that only Web pages from within that path can read the cookie. Since the author shares this Web site with all her students, the specification /jeanine/ would mean that only pages from the jeanine folder and its subfolders could access the cookie, not any of the students who are assigned other folders; for example, There also is a mechanism for expanding the access. Suppose there is another server machine named The cookie setting functions and methods provide a way to specify a domain. The domain setting would allow Web pages contained in to access the cookie.

The expiration time is to be expressed in the number of seconds from January 1, 1970. The functions and methods described later provide this information.

The value of the cookie can be a simple text string or an array of information.

Examining Cookies

To demystify cookies, try the following:

Click on Search in Windows XP or its equivalent on your platform. Type cookies* into the place for the name as shown in Figure 13.1.

click to expand
Figure 13.1: Search window.

The result will be similar to what is shown in Figure 13.2.

click to expand
Figure 13.2: Results of search.

Clicking on the Cookies folder, you will see something similar to the screen shown in Figure 13.3.

click to expand
Figure 13.3: Internet Explorer Cookies folder. Web browser 2003 Microsoft Corp.

Internet Explorer keeps each cookie as a distinct file. You can see an indication of the Web sites that produced the cookies in the terms following the @ sign. Click on one.

Keep in mind that these files are not intended for humans to read, but you can get a sense of what the cookie files contain. After you create cookies, you can use this same procedure to see what you have created.

If you use Netscape, the screen shot shown in Figure 13.4 shows how to find the Cookie Manager under Tools.

click to expand
Figure 13.4: Netscape Tools drop-down menu showing Cookie Manager. Web browser 2003 Netscape.

The screen shot shown in Figure 13.5 indicates the cookies managed by Netscape on this computer. The particular cookie shown was created using one of the scripts described later in this section.

click to expand
Figure 13.5: Cookie Manager in Netscape.

Cookie Mechanics

Setting cookies involves the intricacies of the Web protocols. However, in this as in everything else, the middleware software of PHP and ASP masks the complexity. One issue is critical, however. The cookie information is transferred from server to client computer using what is called the HTTP header. This means that it must be sent before anything else is sent to the client. In the Examples section, you will see a common error in which this was not done.

The PHP and ASP procedures for setting cookies resemble the PHP and ASP procedures for everything else. The PHP system uses the function setcookie to create a cookie. This function has optional parameters for setting the expiration, path, domain, and security flag. To access a cookie, you only need to refer to it by name preceded by a dollar sign. You remove a cookie by setting the expiration time to a time in the past. In some circumstances, setting a cookie to the empty string would be an appropriate act.

The ASP system uses the cookies collection of the Response object to create a cookie, and the cookies collection of the Request object to set a cookie. A collection is sometimes called an associative array. Elements in the array are cited by name. Setting the expiration time, path, domain, or security flag requires setting properties of the cookie element. To set the expiration time, you need to convert the time as produced by the JavaScript functions to the variant datatype expected by ASP. The method getVarDate() performs this operation.


Both PHP and ASP provide a specialized mechanism for session information. This is information maintained for each visitor while the visitor is viewing Web sites on a single server. This information will not persist after the browser is closed. The PHP and ASP statements perform the same function of storing information, but in distinct ways. Using PHP, sessions are started (and restarted). In PHP, specific variables are registered as session variables. The ASP system has a Session object, which has a Contents collection. It holds key and value pairs. Using ASP, you store a value under a specific name, also known as the key, in the Session.Contents collection. In both PHP and ASP systems, the information is kept on the server computer. However, to distinguish one user’s session information from another, a session identifier is generated and stored as a cookie if the browser has been set up to accept cookies. If that is not the case—that is, if the browser is not accepting cookies—the PHP system uses the query string to pass on the session identifier. If your code includes certain tricks such as redirection using the header function, you will need to make an adjustment. The ASP system does not have a similar fallback mechanism. If the user does not want to have cookies, the ASP session system will not work.

The PHP terminology for sessions can be misleading. The command:


will do one of two things. If no session exists for this visitor for this server, PHP will start a session, generating the session ID to be stored in a cookie or passed along as part of the query string in the links on the page. However, if a session does exist, the session_start function restores the values of any variables registered as session variables. The function:


registers the variable named $cart to be a session variable. This involves saving this information on the server computer for use by code in any Web page associated with the session id. You then use $cart as you would any other variable. Session variables can be arrays or objects and can be quite large.

The command:


will free the space used to store the variable called $cart. Since session variables do take up space, it might be appropriate to do this.

If the PHP system determines that cookies are disabled, it creates a constant, SID, holding the session identifier in the format of a query string. The PHP system does the job of passing along this identifier when any links are made from one Web page on the server to another on the same server.

Another mechanism exists for jumps from one page to another, called re-direction. The command:

    header("Location: next.php");

causes another Web page to be sent to the browser without the person at the client computer needing to click on a link. This often is used to signal a change of Web sites or when checking passwords. A problem arises of how to make use of re-direction compatible with sessions when the browser has disabled cookies. This solution is to put the session identifier in the header statement. The PHP constant SID is available for this purpose. This can be used to pass along the session ID information in situations such as the following:

    header("Location:next.php?=" . SID);

Again, the PHP system will take care of the normal hyperlinks from Web page to Web page on a server site.

The ASP system Session object has properties in addition to the Content collection. These include SessionId, holding the generated session ID, and Timeout. The Timeout can be reset.

The Session object also has a StaticObjects collection for all objects created by <object> tags (e.g., Micromedia Flash movies).

In PHP, you store information by registering a variable of a certain name as a session variable, and use the variable as you would any other variable. In ASP, you define a member of the Contents collection:

    Session.Contents("mycart") = cart;

Here, the example uses “mycart” just to emphasize that it can be a different name. Because Contents is the default collection, you can also use:

    Session("mycart") = cart;

Your code reads session information by accessing the collection. Assuming that cart was itself an array, then:

    len = Session("mycart").length;     for (i=0; i<len; i++) {       Response.Write(Session("mycart")[i] + "<br>");     }

would display the elements of what was the array cart one item to a line.

You will need to check the server settings for both PHP and ASP to confirm that you can use sessions.

Creating Database Web Applications with PHP and ASP
Creating Database Web Applications with PHP and ASP (Charles River Media Internet & Web Design)
ISBN: 1584502649
EAN: 2147483647
Year: 2005
Pages: 125
Authors: Jeanine Meyer © 2008-2017.
If you may any questions please contact us: