问题
While learning the concept of Cookies in PHP, I come across the following statement from w3schools PHP Tutorial:
The value of the cookie is automatically URLencoded when sending the cookie, and automatically decoded when received (to prevent URLencoding, use
setrawcookie()instead)
I did not get the meaning of this statement. I have following doubts regarding the above statement :
- From where the cookie is being sent to whom and at where the cookie is being received from whom?
- What actually does happen by means of "Value of the cookie is automatically URLencoded when sending the cookie, and automatically decoded when received"?
- What role does
setrawcookie()play? I mean what does it actually do?
Following is the code I tried for understanding the concept of cookie :
<?php
$cookie_name = "user";
$cookie_value = "John Doe";
setcookie($cookie_name, $cookie_value, time() + (86400 * 30), "/");
<?php
if(!isset($_COOKIE[$cookie_name])) {
echo "Cookie named '" . $cookie_name . "' is not set!";
} else {
echo "Cookie '" . $cookie_name . "' is set!<br>";
echo "Value is: " . $_COOKIE[$cookie_name];
}
Would someone please clear my queries with reference to the above code?
回答1:
Http cookies are headers that are transferred between the client (the browser), and the webserver.
When you use setcookie, what you are doing is instructing the PHP interpreter to inject a header in its response with this format:
Set-Cookie:name=value
That cookie will be stored by the browser, and returned by it in future requests (to the same host) in the Cookies request header like this:
Cookie:name=value;cookie2=value;cookie3=value
Normally, when transferring this you should urlencode any special characters. Let's say that I wan to specify a cookie named "operator" with a value of ">", then I should emit this header:
Set-Cookie:operator=%3E
When it says that the value is automatically urlencoded, is saying that you don't have to worry about that. You can simply do:
setcookie('operator', ">");
And PHP will handle the urlencoding directly, producing the correct header.
On the server side, you'll receive cookies in the $_COOKIES superglobal, and in the same way that happens with $_GET and $_POST, values will be automatically urldecoded for you. So if the client returns the previously set cookie %3E, you'll see: > in your code.
If you use your browser inspector, you can see the relevant headers on any request-response. E.g.:
request (returning cookie)
response (setting cookie)
setrawcookie, does the same, but you have to urlencode on your own. From the docs:
setrawcookie() is exactly the same as setcookie() except that the cookie value will not be automatically urlencoded when sent to the browser.
More likely than not, you won't have any reason to ever use setrawcookie directly.
回答2:
From where the cookie is being sent to whom and at where the cookie is being received from whom?
Initially the cookie will be sent from the server to the browser. In every subsequent request, the browser will send it back to the server.
What actually does happen by means of "Value of the cookie is automatically URLencoded when sending the cookie, and automatically decoded when received"?
There are limits on what characters can appear in a cookie. URL encoding converts those characters to a different representation to make them valid.
You don't need to do that yourself because the PHP setcookie method will do it for you, and the $_COOKIE variable will contain the decoded versions by the time your code interacts with it.
What role does setrawcookie() play? I mean what it actually does?
It lets you set a cookie without that encoding (so you have to encode it manually). You should probably never need to use it.
来源:https://stackoverflow.com/questions/41780170/what-does-the-value-of-the-cookie-is-automatically-urlencoded-when-sending-the