You want to set a cookie so that your web site can recognize subsequent requests from the same web browser.
Call setcookie( ) with a cookie name and value, as in Example 8-1.
Setting a cookie
Cookies are sent with the HTTP headers, so if you're not using output buffering, setcookie( ) must be called before any output is generated.
Pass additional arguments to setcookie( ) to control cookie behavior. The third argument to setcookie( ) is an expiration time, expressed as an epoch timestamp. For example, the cookie set in Example 8-2 expires at noon GMT on December 3, 2004.
Setting an expiring cookie
If the third argument to setcookie( ) is missing (or empty), the cookie expires when the browser is closed. Also, many systems can't handle a cookie expiration time greater than 2147483647, because that's the largest epoch timestamp that fits in a 32-bit integer, as discussed in the introduction to Chapter 3.
The fourth argument to setcookie( ) is a path. The cookie is sent back to the server only when pages whose path begin with the specified string are requested. For example, the cookie set in Example 8-3 is sent back only to pages whose path begins with /products/.
Setting a cookie with a path restriction
The page that's setting the cookie in Example 8-3 doesn't have to have a URL whose path component begins with /products/, but the cookie is sent back only to pages that do.
The fifth argument to setcookie( ) is a domain. The cookie is sent back to the server only when pages whose hostname ends with the specified domain are requested. For example, the first cookie in Example 8-4 is sent back to all hosts in the example.com domain, but the second cookie is sent only with requests to the host jeannie.example.com.
Setting a cookie with a domain restriction
If the first cookie's domain was just example.com instead of .example.com, it would be sent only to the single host example.com (and not www.example.com or jeannie.example.com). If a domain is not specified when setcookie( ) is called, then the browser sends back the cookie only with requests to the same hostname as the request in which the cookie was set.
The last optional argument to setcookie( ) is a flag that, if set to true, instructs the browser only to send the cookie over an SSL connection. This can be useful if the cookie contains sensitive information, but remember that the data in the cookie is stored as unencrypted plain text on the user's computer.
Different browsers handle cookies in slightly different ways, especially with regard to how strictly they match path and domain strings and how they determine priority between different cookies of the same name. The setcookie( ) page of the online manual has helpful clarifications of these differences.
8.1.4. See Also
Recipe 8.2 shows how to read cookie values; Recipe 8.3 shows how to delete cookies; Recipe 8.12 explains output buffering; documentation on setcookie( ) at http://www.php.net/setcookie; an expanded cookie specification is detailed in RFC 2965 at http://www.faqs.org/rfcs/rfc2965.html.