Chapter 9 – Cookies, Sessions, FTP,
Email and More
spring into PHP 5
by Steven Holzner
Slides were developed by
College of Information Science
PHP Sending Email
• The PHP installation has to include some
specifications for how to send email, in
particular the PHP initialization file must
specify the connections to the email system.
• At RU, this has been done.
• To send email in a PHP script use the mail
Mail(string to, string subject, string message,
[,string additional_headers [,
This sends an email to the email address in to,
with subject subject and message message.
You can also set additional mail headers and
parameters to mail.
$result = mail(email@example.com, “Web
**message is retrieved from html form
PHP Email w/Headers (mailinput.php)
• Additional email headers like the following
may be specified.
cc (“carbon copy”)
bcc (“blind carbon copy”)
These are set with the additional_headers
$headers .= “cc:” . $_REQUEST[“cc”] . “\r\n”;
$headers .= “bcc:” . $_REQUEST[“bcc”] .
$result = mail(“firstname.lastname@example.org”,
• Can also send email with attachments.
• Cookies hold text that you can store on the
user’s computer and retrieve later. They are
set using the setcookie function.
name - cookie name
value - value to be stored on the client
expire - time the cookie expires, set with
PHP time function (1/1/70)
path - path on the server on which the
cookie will be available
domain - domain for which the cookie is
secure - indicates that the cookie should
only be transmitted via https.
• Cookies are part of the HTTP headers sent to
the browser, and so they must be sent before
any other output from the PHP script. Calls to
this function must occur before any other
output from your script. This means calls to
setcookie must occur before any other output
including <html> and <head> tags. If some
output exists before calling this function,
setcookie may fail and return FALSE.
setcookie(“message”, “No worries.”);
• After a cookie is set, it won't be visible to
scripts until the next time a page is loaded.
The cookie is sent from the server machine,
so it won't be sent from the client to the server
until the next time a request is sent by the
client. Cookies are sent in the HTTP headers
to the server from the client, then only if the
request is for a page from the same domain
that the cookie came from.
After cookies are set, they can be accessed on
the next page load with $_COOKIE array. Say
a previous page set a cookie named message.
Then it will be in the global array $_COOKIE.
So, in the PHP script we have only to access
the $_COOKIE array, however, we should
check to see the cookie exists.
• Cookie names can also be set as array names
and will be available to your PHP scripts as
arrays. For example:
After these cookies have been set, they could
be read after the next request like this:
foreach ($_COOKIE['cookie'] as $data)
echo "$value <br />";
Cookie Expiration Time
• You can also specify how long the cookie
should exist on the user's machine. The
cookie will be deleted when the user ends the
current browser session (which usually means
closing all browser windows). So, normally
we'll want to specify how long a cookie should
last by giving a value for the expire parameter.
Normally, we use the time function which
returns current time, then add the number of
seconds we want the cookie to last.
setcookie("mycookie", $value, time() + 3600);
How long will this cookie last?
• Delete a Cookie
just set the cookie's value to "" and call
setcookie with the same parameters as the
cookie was set with. When the value
argument is set to an empty string, and all
other arguments match a previous call, then
the cookie will be deleted from the user's
• When clients are working with various pages
in your web application, all the data in the
various pages is reset to its original values
when those pages are loaded. That means all
the data is reinitialized between accesses.
There are times when you want to retain data
from a single client longer. To do this you can
Sessions are designed to hold data on the
server. Each user is given a cookie with his or
her session ID, which means that PHP will be
able to reinstate all the data in each user's
session automatically, even over multiple
page accesses. If the user has cookies turned
off, PHP can encode the session ID in the
PHP Sessions (cont.)
• Using sessions, you can store and retrieve
data by name. To work with a session, you
start by calling session_start. To store data in
the session, you use the $_SESSION array.
$_SESSION['color'] = "blue";
in a separate page you might:
$color = $_SESSION['color'];
Session behavior is affected by many settings
when PHP is installed. For example, session
variable life is limited to the number of
minutes specified for session.cache_expire,
which can only be set during the PHP install.
All data for a particular session will be stored
in a file in the directory specified by the
session.save_path item in the php.ini file. A
file for each session will be created.