Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

PHP how to stringify array and store in cookie [duplicate]

Tags:

php

I got an array like this

$value = {array('id'=>$id, 'email'=>$email, 'token'=>$token)}

I want to stringify the array then encode then store it in cookie "login". How do you do that ? Also please tell me how to decode and read the stored value.

Edit:

I've been trying serialize/unserialize, but it didn't work as expected. for example,

$value = serialize(array('id'=>33, 'email'=>'[email protected]', 'token'=>'e9aa0966773d68e0fbf9cb21fc2877b4'));

echo $value; //a:3:{s:2:"id";i:33;s:5:"email";s:20:"[email protected]";s:5:"token";s:32:"e9aa0966773d68e0fbf9cb21fc2877b4";}

But when the value go to cookie, it looks like this

a%3A3%3A%7Bs%3A2%3A%22id%22%3Bs%3A1%3A%226%22%3Bs%3A5%3A%22email%22%3Bs%3A20%3A%22craigcosmo%40gmail.com%22%3Bs%3A5%3A%22token%22%3Bs%3A32%3A%22e9aa0966773d68e0fbf9cb21fc2877b4%22%3B%7D
like image 461
angry kiwi Avatar asked Jan 12 '11 17:01

angry kiwi


2 Answers

json_encode/json_decode

$_COOKIE['login'] = json_encode($array);
$array = json_decode($_COOKIE['login']);

Can also use serialize/unserialize:

$_COOKIE['login'] = serialize($array);
$array = unserialize($_COOKIE['login']);

Perhaps.


UPDATE

With this code:

<html><body><pre><?php
  $array = Array(
    'id'  => 1234,
    'email' => '[email protected]',
    'token' => base64_encode('abcDEF1234')
  );
  
  echo "Var Dump (initial):\r\n";
  var_dump($array);
  
  $serialized = serialize($array);
  echo "Serialized:\r\n".$serialized."\r\n";
  
  $unserialized = unserialize($serialized);
  echo "Unserialized:\r\n".$unserailized."\r\n";
  var_dump($unserialized);
?></pre></body></html>

You would generate the following:

Var Dump (initial):
array(3) {
  ["id"]=>
  int(1234)
  ["email"]=>
  string(19) "[email protected]"
  ["token"]=>
  string(16) "YWJjREVGMTIzNA=="
}
Serialized:
a:3:{s:2:"id";i:1234;s:5:"email";s:19:"[email protected]";s:5:"token";s:16:"YWJjREVGMTIzNA==";}
Unserialized:

array(3) {
  ["id"]=>
  int(1234)
  ["email"]=>
  string(19) "[email protected]"
  ["token"]=>
  string(16) "YWJjREVGMTIzNA=="
}

EDIT2

You're seeing the encoded value based on how the HTTP protocol transfers cookies. There are two headers in a cookie transfer: Set-Cookie & Cookie. One is server->client, other other is client->server, respectfully.

When PHP sets the cookie (using setcookie e.g.) PHP is really just short-handing the following:

setcookie('login',$serialized);

which, in PHP translates to:

header('Set-Cookie: login='.urlencode($serialized).'; '
      .'expires=Wed, 12-Jan-2011 13:15:00 GMT; '
      .'path=/; domain=.mydomain.com');

If you had characters like : or a SPACE, the browser wouldn't know where the cookie's properties began and ended.

like image 108
Brad Christie Avatar answered Nov 15 '22 17:11

Brad Christie


NEVER EVER USE serialize with User input! serialize calls __wakeup and is a big security vulnerability, because you can execute code on the server. (Now the rules before you break 'em)

there is a serialize/unserialize function to convert an array to a string and back.

Edit: When you store a string to cookie (setcookie), php needs to do a url encode on the string. This prevents any characters in the string saved to cookie interfering with any other headers. When the page is loaded next, php gets the cookie and automatically does a url decode on the cookie value to return it to it's previous value. As far as what is stored in the cookie, this shouldn't matter within php because php will do the url encode/decode automatically. Now if you are getting the cookie in another language such as javascript, then yes, you will get the raw string back. In this case you can use something like decodeURI in JS to get the original value back.

like image 31
Jonathan Kuhn Avatar answered Nov 15 '22 16:11

Jonathan Kuhn