1 <?xml version="1.0" encoding="UTF-8"?>
3 <sect1 id="zend.http.cookies">
4 <title>Zend_Http_Cookie and Zend_Http_CookieJar</title>
6 <sect2 id="zend.http.cookies.introduction">
7 <title>Introduction</title>
10 <classname>Zend_Http_Cookie</classname>, as expected, is a class that represents an
11 <acronym>HTTP</acronym> cookie. It provides methods for parsing <acronym>HTTP</acronym>
12 response strings, collecting cookies, and easily accessing their properties. It also
13 allows checking if a cookie matches against a specific scenario, IE
14 a request <acronym>URL</acronym>, expiration time, secure connection, etc.
18 <classname>Zend_Http_CookieJar</classname> is an object usually used by
19 <classname>Zend_Http_Client</classname> to hold a set of
20 <classname>Zend_Http_Cookie</classname> objects. The idea is that if a
21 <classname>Zend_Http_CookieJar</classname> object is attached to a
22 <classname>Zend_Http_Client</classname> object, all cookies going from and into the
23 client through <acronym>HTTP</acronym> requests and responses will be stored by the
24 CookieJar object. Then, when the client will send another request, it will first ask the
25 CookieJar object for all cookies matching the request. These will be added to the
26 request headers automatically. This is highly useful in cases where you need to
27 maintain a user session over consecutive <acronym>HTTP</acronym> requests, automatically
28 sending the session ID cookies when required. Additionally, the
29 <classname>Zend_Http_CookieJar</classname> object can be serialized and stored in
30 $_SESSION when needed.
34 <sect2 id="zend.http.cookies.cookie.instantiating">
35 <title>Instantiating Zend_Http_Cookie Objects</title>
38 Instantiating a Cookie object can be done in two ways:
43 Through the constructor, using the following syntax:
44 <code>new <classname>Zend_Http_Cookie</classname>(string $name, string
45 $value, string $domain, [int $expires, [string $path, [boolean
52 <varname>$name</varname>: The name of the cookie (eg. 'PHPSESSID')
59 <varname>$value</varname>: The value of the cookie (required)
65 <varname>$domain</varname>: The cookie's domain (eg. '.example.com')
72 <varname>$expires</varname>: Cookie expiration time, as UNIX time
73 stamp (optional, defaults to <constant>NULL</constant>). If not set,
74 cookie will be treated as a 'session cookie' with no expiration
81 <varname>$path</varname>: Cookie path, eg. '/foo/bar/' (optional,
88 <varname>$secure</varname>: Boolean, Whether the cookie is to be
89 sent over secure (HTTPS) connections only (optional, defaults to
90 boolean <constant>FALSE</constant>)
98 By calling the fromString($cookieStr, [$refUri, [$encodeValue]]) static
99 method, with a cookie string as represented in the 'Set-Cookie
100 ' <acronym>HTTP</acronym> response header or 'Cookie' <acronym>HTTP</acronym>
101 request header. In this case, the cookie value must already be encoded. When
102 the cookie string does not contain a 'domain' part, you must provide a
103 reference <acronym>URI</acronym> according to which the cookie's domain and
108 The <code>fromString</code> method accepts the following parameters:
114 <varname>$cookieStr</varname>: a cookie string as represented in the
115 'Set-Cookie' <acronym>HTTP</acronym> response header or 'Cookie'
116 <acronym>HTTP</acronym> request header (required)
122 <varname>$refUri</varname>: a reference <acronym>URI</acronym>
123 according to which the cookie's domain and path will be set.
124 (optional, defaults to parsing the value from the $cookieStr)
130 <varname>$encodeValue</varname>: If the value should be passed
131 through urldecode. Also effects the cookie's behavior when being
132 converted back to a cookie string. (optional, defaults to true)
139 <example id="zend.http.cookies.cookie.instantiating.example-1">
140 <title>Instantiating a Zend_Http_Cookie object</title>
142 <programlisting language="php"><![CDATA[
143 // First, using the constructor. This cookie will expire in 2 hours
144 $cookie = new Zend_Http_Cookie('foo',
150 // You can also take the HTTP response Set-Cookie header and use it.
151 // This cookie is similar to the previous one, only it will not expire, and
152 // will only be sent over secure connections
153 $cookie = Zend_Http_Cookie::fromString('foo=bar; domain=.example.com; ' .
154 'path=/path; secure');
156 // If the cookie's domain is not set, you have to manually specify it
157 $cookie = Zend_Http_Cookie::fromString('foo=bar; secure;',
158 'http://www.example.com/path');
164 When instantiating a cookie object using the
165 <classname>Zend_Http_Cookie</classname>::fromString() method, the cookie value
166 is expected to be <acronym>URL</acronym> encoded, as cookie strings should be.
167 However, when using the constructor, the cookie value string is expected to be
168 the real, decoded value.
174 A cookie object can be transferred back into a string, using the __toString() magic
175 method. This method will produce a <acronym>HTTP</acronym> request "Cookie" header
176 string, showing the cookie's name and value, and terminated by a semicolon (';').
177 The value will be URL encoded, as expected in a Cookie header:
178 <example id="zend.http.cookies.cookie.instantiating.example-2">
179 <title>Stringifying a Zend_Http_Cookie object</title>
181 <programlisting language="php"><![CDATA[
182 // Create a new cookie
183 $cookie = new Zend_Http_Cookie('foo',
189 // Will print out 'foo=two+words;' :
190 echo $cookie->__toString();
192 // This is actually the same:
193 echo (string) $cookie;
195 // In PHP 5.2 and higher, this also works:
202 <sect2 id="zend.http.cookies.cookie.accessors">
203 <title>Zend_Http_Cookie getter methods</title>
206 Once a <classname>Zend_Http_Cookie</classname> object is instantiated, it provides
207 several getter methods to get the different properties of the <acronym>HTTP</acronym>
213 <code>string getName()</code>: Get the name of the cookie
219 <code>string getValue()</code>: Get the real, decoded value of the cookie
225 <code>string getDomain()</code>: Get the cookie's domain
231 <code>string getPath()</code>: Get the cookie's path, which defaults to '/'
237 <code>int getExpiryTime()</code>: Get the cookie's expiration time, as UNIX
238 time stamp. If the cookie has no expiration time set, will return
239 <constant>NULL</constant>.
246 Additionally, several boolean tester methods are provided:
251 <code>boolean isSecure()</code>: Check whether the cookie is set to be sent
252 over secure connections only. Generally speaking, if
253 <constant>TRUE</constant> the cookie should only be sent over
254 <acronym>HTTPS</acronym>.
260 <code>boolean isExpired(int $time = null)</code>: Check whether the cookie
261 is expired or not. If the cookie has no expiration time, will always return
262 <constant>TRUE</constant>. If $time is provided, it will override the
263 current time stamp as the time to check the cookie against.
269 <code>boolean isSessionCookie()</code>: Check whether the cookie is a
270 "session cookie" - that is a cookie with no expiration time, which is meant
271 to expire when the session ends.
278 <example id="zend.http.cookies.cookie.accessors.example-1">
279 <title>Using getter methods with Zend_Http_Cookie</title>
281 <programlisting language="php"><![CDATA[
282 // First, create the cookie
284 Zend_Http_Cookie::fromString('foo=two+words; ' +
285 'domain=.example.com; ' +
288 'expires=Wednesday, 28-Feb-05 20:41:22 UTC');
290 echo $cookie->getName(); // Will echo 'foo'
291 echo $cookie->getValue(); // will echo 'two words'
292 echo $cookie->getDomain(); // Will echo '.example.com'
293 echo $cookie->getPath(); // Will echo '/'
295 echo date('Y-m-d', $cookie->getExpiryTime());
296 // Will echo '2005-02-28'
298 echo ($cookie->isExpired() ? 'Yes' : 'No');
301 echo ($cookie->isExpired(strtotime('2005-01-01') ? 'Yes' : 'No');
304 echo ($cookie->isSessionCookie() ? 'Yes' : 'No');
311 <sect2 id="zend.http.cookies.cookie.matching">
312 <title>Zend_Http_Cookie: Matching against a scenario</title>
315 The only real logic contained in a <classname>Zend_Http_Cookie</classname> object, is in
316 the match() method. This method is used to test a cookie against a given
317 <acronym>HTTP</acronym> request scenario, in order to tell whether the cookie should be
318 sent in this request or not. The method has the following syntax and parameters:
319 <code>boolean Zend_Http_Cookie->match(mixed $uri, [boolean $matchSessionCookies, [int
325 <code>mixed $uri</code>: A <classname>Zend_Uri_Http</classname> object with
326 a domain name and path to be checked. Optionally, a string representing a
327 valid <acronym>HTTP</acronym> <acronym>URL</acronym> can be passed instead.
328 The cookie will match if the <acronym>URL</acronym>'s scheme (HTTP or
329 <acronym>HTTPS</acronym>), domain and path all match.
335 <code>boolean $matchSessionCookies</code>: Whether session cookies should be
336 matched or not. Defaults to <constant>TRUE</constant>. If set to
337 <constant>FALSE</constant>, cookies with no expiration time will never
344 <code>int $now</code>: Time (represented as UNIX time stamp) to check a
345 cookie against for expiration. If not specified, will default to the current
351 <example id="zend.http.cookies.cookie.matching.example-1">
352 <title>Matching cookies</title>
354 <programlisting language="php"><![CDATA[
355 // Create the cookie object - first, a secure session cookie
356 $cookie = Zend_Http_Cookie::fromString('foo=two+words; ' +
357 'domain=.example.com; ' +
361 $cookie->match('https://www.example.com/somedir/foo.php');
364 $cookie->match('http://www.example.com/somedir/foo.php');
365 // Will return false, because the connection is not secure
367 $cookie->match('https://otherexample.com/somedir/foo.php');
368 // Will return false, because the domain is wrong
370 $cookie->match('https://example.com/foo.php');
371 // Will return false, because the path is wrong
373 $cookie->match('https://www.example.com/somedir/foo.php', false);
374 // Will return false, because session cookies are not matched
376 $cookie->match('https://sub.domain.example.com/somedir/otherdir/foo.php');
379 // Create another cookie object - now, not secure, with expiration time
381 $cookie = Zend_Http_Cookie::fromString('foo=two+words; ' +
382 'domain=www.example.com; ' +
384 . date(DATE_COOKIE, time() + 7200));
386 $cookie->match('http://www.example.com/');
389 $cookie->match('https://www.example.com/');
390 // Will return true - non secure cookies can go over secure connections
393 $cookie->match('http://subdomain.example.com/');
394 // Will return false, because the domain is wrong
396 $cookie->match('http://www.example.com/', true, time() + (3 * 3600));
397 // Will return false, because we added a time offset of +3 hours to
404 <sect2 id="zend.http.cookies.cookiejar">
405 <title>The Zend_Http_CookieJar Class: Instantiation</title>
408 In most cases, there is no need to directly instantiate a
409 <classname>Zend_Http_CookieJar</classname> object. If you want to attach a new cookie
410 jar to your <classname>Zend_Http_Client</classname> object, just call the
411 Zend_Http_Client->setCookieJar() method, and a new, empty cookie jar
412 will be attached to your client. You could later get this cookie jar
413 using Zend_Http_Client->getCookieJar().
417 If you still wish to manually instantiate a CookieJar object, you
418 can do so by calling "new Zend_Http_CookieJar()" directly - the
419 constructor method does not take any parameters. Another way to
420 instantiate a CookieJar object is to use the static Zend_Http_CookieJar::fromResponse()
421 method. This method takes two parameters: a <classname>Zend_Http_Response</classname>
422 object, and a reference <acronym>URI</acronym>, as either a string or a
423 <classname>Zend_Uri_Http</classname> object. This method will return a new
424 <classname>Zend_Http_CookieJar</classname> object, already containing the cookies set by
425 the passed <acronym>HTTP</acronym> response. The reference <acronym>URI</acronym> will
426 be used to set the cookie's domain and path, if they are not defined in the Set-Cookie
431 <sect2 id="zend.http.cookies.cookiejar.adding_cookies">
432 <title>Adding Cookies to a Zend_Http_CookieJar object</title>
435 Usually, the <classname>Zend_Http_Client</classname> object you attached your CookieJar
436 object to will automatically add cookies set by <acronym>HTTP</acronym> responses to
437 your jar. if you wish to manually add cookies to your jar, this can be done by using
443 <classname>Zend_Http_CookieJar->addCookie($cookie[, $ref_uri])</classname>:
444 Add a single cookie to the jar. $cookie can be either a
445 <classname>Zend_Http_Cookie</classname> object or a string, which will be
446 converted automatically into a Cookie object. If a string is provided, you
447 should also provide $ref_uri - which is a reference <acronym>URI</acronym>
448 either as a string or <classname>Zend_Uri_Http</classname> object, to use as
449 the cookie's default domain and path.
455 <classname>Zend_Http_CookieJar->addCookiesFromResponse($response,
456 $ref_uri)</classname>: Add all cookies set in a single
457 <acronym>HTTP</acronym> response to the jar. $response is expected to be a
458 <classname>Zend_Http_Response</classname> object with Set-Cookie headers.
459 $ref_uri is the request <acronym>URI</acronym>, either as a string or a
460 <classname>Zend_Uri_Http</classname> object, according to which the cookies'
461 default domain and path will be set.
468 <sect2 id="zend.http.cookies.cookiejar.getting_cookies">
469 <title>Retrieving Cookies From a Zend_Http_CookieJar object</title>
472 Just like with adding cookies, there is usually no need to manually
473 fetch cookies from a CookieJar object. Your <classname>Zend_Http_Client</classname>
474 object will automatically fetch the cookies required for an <acronym>HTTP</acronym>
475 request for you. However, you can still use 3 provided methods to fetch
476 cookies from the jar object: <methodname>getCookie()</methodname>,
477 <methodname>getAllCookies()</methodname>, and
478 <methodname>getMatchingCookies()</methodname>. Additionnaly, iterating over the
479 CookieJar will let you retrieve all the <classname>Zend_Http_Cookie</classname> objects
484 It is important to note that each one of these methods takes a
485 special parameter, which sets the return type of the method. This
486 parameter can have 3 values:
491 <constant>Zend_Http_CookieJar::COOKIE_OBJECT</constant>: Return
492 a <classname>Zend_Http_Cookie</classname> object. If the method returns more
493 than one cookie, an array of objects will be returned.
499 <constant>Zend_Http_CookieJar::COOKIE_STRING_ARRAY</constant>: Return
500 cookies as strings, in a "foo=bar" format, suitable for sending
501 in a <acronym>HTTP</acronym> request "Cookie" header. If more than one
502 cookie is returned, an array of strings is returned.
508 <constant>Zend_Http_CookieJar::COOKIE_STRING_CONCAT</constant>: Similar to
509 COOKIE_STRING_ARRAY, but if more than one cookie is returned, this
510 method will concatenate all cookies into a single, long string
511 separated by semicolons (;), and return it. This is especially useful
512 if you want to directly send all matching cookies in a single
513 <acronym>HTTP</acronym> request "Cookie" header.
520 The structure of the different cookie-fetching methods is described below:
525 <classname>Zend_Http_CookieJar->getCookie($uri, $cookie_name[,
526 $ret_as])</classname>: Get a single cookie from the jar, according to
527 its <acronym>URI</acronym> (domain and path) and name. $uri is either a
528 string or a <classname>Zend_Uri_Http</classname> object representing the
529 <acronym>URI</acronym>. $cookie_name is a string identifying the cookie
530 name. $ret_as specifies the return type as described above. $ret_type is
531 optional, and defaults to COOKIE_OBJECT.
537 <classname>Zend_Http_CookieJar->getAllCookies($ret_as)</classname>: Get all
538 cookies from the jar. $ret_as specifies the return type as described
539 above. If not specified, $ret_type defaults to COOKIE_OBJECT.
545 <classname>Zend_Http_CookieJar->getMatchingCookies($uri[,
546 $matchSessionCookies[, $ret_as[, $now]]])</classname>: Get all cookies
547 from the jar that match a specified scenario, that is a
548 <acronym>URI</acronym> and expiration time.
553 <varname>$uri</varname> is either a
554 <classname>Zend_Uri_Http</classname> object or a string
555 specifying the connection type (secure or non-secure), domain
556 and path to match against.
562 <varname>$matchSessionCookies</varname> is a boolean telling
563 whether to match session cookies or not. Session cookies are
564 cookies that have no specified expiration time. Defaults to
565 <constant>TRUE</constant>.
571 <varname>$ret_as</varname> specifies the return type as
572 described above. If not specified, defaults to COOKIE_OBJECT.
578 <varname>$now</varname> is an integer representing the UNIX time
579 stamp to consider as "now" - that is any cookies who are set to
580 expire before this time will not be matched. If not specified,
581 defaults to the current time.
586 You can read more about cookie matching here:
587 <xref linkend="zend.http.cookies.cookie.matching" />.