Posted by Gordon Burditt on 02/09/07 00:38

>This next part is purely for discussion. The example that my boss
>points to is that once a cookie is set, you close the browser. Open
>the browser back up, and the browser reads the cookie from somewhere.

Browsers have means of saving their state. This is private to the
browser. There may not be any public interface for it. It might
be in files, in the registry, or whatever. Saved state likely
includes cookies, browser history, what page(s) you had open last
time so you can restore them this time, anything you can set on
preferences pages, and cached content.

>There must be a seperate "method" for reading a cookie. You don't have

Yes, but it probably isn't a public API. And it WILL vary by
browser. And sooner or later it may change in the next version of
whatever browser you're using.

There's nothing preventing a browser from using anti-tamper techniques
on whereever it stores the cookies. You might still be able to
delete all the cookies, but not add or change them. I don't know
why a browser would bother with this, but some author might.

>to set the cookie everytime, just the first time. It isn't always "set
>cookie"/"read cookie;" sometimes it is just "read cookie." So let's
>skip over the initial setting of a cookie. How does the PHP form read
>the cookie on subsequent trips?

A *form* is written in HTML (although the HTML may be generated by
PHP code). It does not read cookies. The PHP page to which the
form is submitted gets the cookie via the HTTP protocol and puts
it in $_COOKIE[], where the PHP code can get at it.

>I read up a little on Firefox, and I
>do see where Firefox stores all the cookies and passes the cookies
>along automatically, so there doesn't seem to be a way to control
>this. I haven't been able to find out where the cookies are stored or
>in what format.

I recommend you give up trying and use a reasonably browser-independent
approach to set cookies.

>My boss swears they were able to manually create a cookie previously
>and have PHP read it, he just doesn't remember how they did it. (When
>I say manually create a cookie, I mean create a text document on your
>computer named something like printer.txt and type: printer=1 into it.
>Then create a PHP script that opens that file on your computer and
>reads it.)

A PHP script does not open files on the client machine.

>I did this previously with JavaScript, which I understand
>is a client side language, and PHP is server side.

If Javascript has an operation to set cookies, that was probably
what was used.

[Back to original message]