Using cookies to identify and track visitors - PHP

When your browser pulls a webpage from the Internet, it compares the domain name of the webpage to the domain names in its cookie list. If there's a domain name match, then the browser sends the matching cookie(s) to the server. The server then can create a custom webpage using data from that cookie.

<?php 
setcookie("CookieID", $USERID);
?>
<HTML>
<BODY>
</BODY>
</HTML>

The setcookie function takes up to six arguments, separated by commas:

1. The cookie name, a string, e.g., "CookieID". Semi-colons, commas, and white spaces are not allowed. The cookie name is required (all other arguments are optional). If only the cookie name is included, and no other arguments, the cookie will be deleted.
2. The cookie value or contents, a string, e.g. $USERID. To skip, use an empty string (""). Slashes apparently are not allowed.
3. The time the cookie expires, an integer. If this is omitted (or filled with a zero) the cookie will expire when the session ends. The time can be an absolute time, in the format DD-Mon-YY HH:MM:SS, e.g., "Wed, 24-Nov-99 08:26:00". Or, more usefully, the date can be in relative time. This is done with the UNIX time() or mktime functions. For example, time()+3600 makes the cookie expire in one hour. Some older browsers don't handle cookies properly if the time argument is omitted.
4. The UNIX directory path. This is used to identify cookies beyond the domain name identification. The path "/" is the same as omitting this argument — except that some browsers don't handle cookies correctly if the path is not set, so use the slash instead of omitting this argument. Note that Netscape's cookie specification puts domain before path, but PHP puts path before domain.
5. The domain name of the server, for matching cookies. If omitted, the domain name is taken from the webpage the cookie is sent from. Note that you must put a period (.) before the domain name, e.g., ".friendshipcenter.com". Cookies are rejected unless they have at least two periods (for the domains com, edu, net, org, gov, mil, and int; all other domains require at least three periods).
6. secure is set by an integer. 1 means that the cookie can only be sent via a secure network. 0 (or omitting this argument) allows the cookie to go over unsecured networks.

To see a cookie, print the variable:

print $CookieID;

Cookies are stored in the array HTTP_COOKIE_VARS. You can print a cookie's value with:

print $HTTP_COOKIE_VARS[CookieID];

But first, let's look at AUTO_INCREMENT. MySQL can be set to assign a number to each new record, starting with "1". The next inserted record gets "2", the next is "3", etc. You can add such a column, in this case called USERID, with this bit of SQL:

ALTER TABLE dbname
ADD COLUMN USERID INT(11) NOT NULL PRIMARY KEY AUTO_INCREMENT;

To set a cookie in the visitor's browser after he or she inserts his name into your database, with the value of the cookie taken from the USERID, you could do this:

<?php 
mysql_connect (localhost, username, password);
mysql_select_db (dbname);
mysql_query ("INSERT INTO tablename (first_name, last_name) 
VALUES ('$first_name', '$last_name')
");
setcookie("CookieID", mysql_insert_id(), time()+94608000, "/"); 
/* expires in 3 years */
?>

Try it out and then look at your browser's cookie list. You should see "CookieID" listed. Use your terminal emulator to view the contents of your MySQL table and see that the USERID of the last submission is the same as the value of the cookie listed in your browser.

First, let's create a webpage that displays the visitor's cookie:

<?php
print $CookieID;
?>

Now let's make cookiepage.php welcome me by name:

<?php
mysql_connect (localhost, username, password);
mysql_select_db (dbname);
$selectresult = mysql_query ("SELECT * FROM tablename
WHERE USERID = '$CookieID'
");
$row = mysql_fetch_array($selectresult);
echo "Welcome ", $row[first_name], "!";
?>