-
-
Notifications
You must be signed in to change notification settings - Fork 5
Cookies
Cookies are small values stored by the browser and sent back with later requests. They are useful for lightweight browser-side state such as preferences, one-off identifiers, and the session cookie used by server-side sessions.
In WebEngine, cookie handling is wrapped rather than spread through direct calls to $_COOKIE and setcookie(). The dedicated cookie package is documented at https://www.php.gt/docs/Cookie/.
The cookie abstraction makes it clearer when cookies are being read, set, or removed. From application code, that means cookie use can be kept explicit rather than handled in global state.
At a high level, cookie work usually falls into three jobs:
- reading a value that came from the browser
- setting a value that should be sent back in the response
- deleting a cookie that is no longer needed
Good uses for cookies include:
- user preferences such as theme choice
- remembered UI state
- non-sensitive identifiers
- the session cookie that links a browser to server-side session storage (handled automatically)
Warning
Never store sensitive application data in a cookie - use sessions instead, so sensitive information never leaves the server.
When setting cookies, think about expiry, path, scope, and whether the cookie should only be sent over HTTPS. Those are ordinary HTTP concerns, but they have a direct effect on how safely the browser handles the value.
In some countries, privacy law has led to widespread use of cookie banners. It is worth remembering that the real issue is not the existence of cookies as a browser feature, but how tracking technology is used.
Adding a banner does not make a privacy-invasive design harmless. In fact, constant banner prompts often train users to click through without reading. A more useful approach is to avoid unnecessary tracking in the first place and make sure the technologies used by the site match the privacy policy you are asking users to trust.
Cookies are the mechanism for remembering user sessions.
- File-based routing
- Page views
- Page logic
- Dynamic URIs
- Headers and footers
- Custom HTML components
- Page partials
- Binding data to the DOM
- DOM manipulation
- Hello You tutorial
- Todo list tutorial
- Address book tutorial WIP
- Blueprints
- Application architecture
- Coding styleguide WIP
- PHP environment setup WIP
- Web servers WIP
- Background cron tasks
- Database setup WIP
- Client-side compilation WIP
- Testing WebEngine applications WIP
- Production checklist WIP
- Security WIP