| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496 |
- <?xml version="1.0" encoding="UTF-8"?>
- <!-- Reviewed: no -->
- <sect1 id="zend.http.cookies">
- <title>Zend_Http_Cookie and Zend_Http_CookieJar</title>
- <sect2 id="zend.http.cookies.introduction">
- <title>Introduction</title>
- <para>
- <classname>Zend_Http_Cookie</classname>, as expected, is a class that represents an <acronym>HTTP</acronym>
- cookie. It provides methods for parsing <acronym>HTTP</acronym> response strings,
- collecting cookies, and easily accessing their properties. It also
- allows checking if a cookie matches against a specific scenario, IE
- a request <acronym>URL</acronym>, expiration time, secure connection, etc.
- </para>
- <para>
- <classname>Zend_Http_CookieJar</classname> is an object usually used by <classname>Zend_Http_Client</classname> to
- hold a set of <classname>Zend_Http_Cookie</classname> objects. The idea is that if a
- <classname>Zend_Http_CookieJar</classname> object is attached to a <classname>Zend_Http_Client</classname> object,
- all cookies going from and into the client through <acronym>HTTP</acronym> requests and
- responses will be stored by the CookieJar object. Then, when the client
- will send another request, it will first ask the CookieJar object for
- all cookies matching the request. These will be added to the request
- headers automatically. This is highly useful in cases where you need to
- maintain a user session over consecutive <acronym>HTTP</acronym> requests, automatically
- sending the session ID cookies when required. Additionally, the
- <classname>Zend_Http_CookieJar</classname> object can be serialized and stored in $_SESSION
- when needed.
- </para>
- </sect2>
- <sect2 id="zend.http.cookies.cookie.instantiating">
- <title>Instantiating Zend_Http_Cookie Objects</title>
- <para>
- Instantiating a Cookie object can be done in two ways:
- <itemizedlist>
- <listitem>
- <para>
- Through the constructor, using the following syntax:
- <code>new <classname>Zend_Http_Cookie</classname>(string $name, string $value, string $domain, [int $expires, [string $path, [boolean $secure]]]);</code>
- </para>
- <itemizedlist>
- <listitem>
- <para>
- <varname>$name</varname>: The name of the cookie (eg. 'PHPSESSID') (required)
- </para>
- </listitem>
- <listitem>
- <para>
- <varname>$value</varname>: The value of the cookie (required)
- </para>
- </listitem>
- <listitem>
- <para>
- <varname>$domain</varname>: The cookie's domain (eg. '.example.com') (required)
- </para>
- </listitem>
- <listitem>
- <para>
- <varname>$expires</varname>: Cookie expiration time, as UNIX time
- stamp (optional, defaults to <constant>NULL</constant>). If not set,
- cookie will be treated as a 'session cookie' with no expiration
- time.
- </para>
- </listitem>
- <listitem>
- <para>
- <varname>$path</varname>: Cookie path, eg. '/foo/bar/' (optional, defaults to '/')
- </para>
- </listitem>
- <listitem>
- <para>
- <varname>$secure</varname>: Boolean, Whether the cookie is to be
- sent over secure (HTTPS) connections only (optional, defaults to
- boolean <constant>FALSE</constant>)
- </para>
- </listitem>
- </itemizedlist>
- </listitem>
- <listitem>
- <para>
- By calling the fromString() static method, with a cookie string as represented in the
- 'Set-Cookie' <acronym>HTTP</acronym> response header or 'Cookie' <acronym>HTTP</acronym> request header. In this case, the
- cookie value must already be encoded. When the cookie string does not contain a 'domain'
- part, you must provide a reference <acronym>URI</acronym> according to which the cookie's domain and path
- will be set.
- </para>
- </listitem>
- </itemizedlist>
- <example id="zend.http.cookies.cookie.instantiating.example-1">
- <title>Instantiating a Zend_Http_Cookie object</title>
- <programlisting language="php"><![CDATA[
- // First, using the constructor. This cookie will expire in 2 hours
- $cookie = new Zend_Http_Cookie('foo',
- 'bar',
- '.example.com',
- time() + 7200,
- '/path');
- // You can also take the HTTP response Set-Cookie header and use it.
- // This cookie is similar to the previous one, only it will not expire, and
- // will only be sent over secure connections
- $cookie = Zend_Http_Cookie::fromString('foo=bar; domain=.example.com; ' .
- 'path=/path; secure');
- // If the cookie's domain is not set, you have to manually specify it
- $cookie = Zend_Http_Cookie::fromString('foo=bar; secure;',
- 'http://www.example.com/path');
- ]]></programlisting>
- </example>
- <note>
- <para>
- When instantiating a cookie object using the <classname>Zend_Http_Cookie</classname>::fromString() method, the
- cookie value is expected to be <acronym>URL</acronym> encoded, as cookie strings should be. However, when
- using the constructor, the cookie value string is expected to be the real, decoded value.
- </para>
- </note>
- </para>
- <para>
- A cookie object can be transferred back into a string, using the __toString() magic method.
- This method will produce a HTTP request "Cookie" header string, showing the cookie's name
- and value, and terminated by a semicolon (';').
- The value will be URL encoded, as expected in a Cookie header:
- <example id="zend.http.cookies.cookie.instantiating.example-2">
- <title>Stringifying a Zend_Http_Cookie object</title>
- <programlisting language="php"><![CDATA[
- // Create a new cookie
- $cookie = new Zend_Http_Cookie('foo',
- 'two words',
- '.example.com',
- time() + 7200,
- '/path');
- // Will print out 'foo=two+words;' :
- echo $cookie->__toString();
- // This is actually the same:
- echo (string) $cookie;
- // In PHP 5.2 and higher, this also works:
- echo $cookie;
- ]]></programlisting>
- </example>
- </para>
- </sect2>
- <sect2 id="zend.http.cookies.cookie.accessors">
- <title>Zend_Http_Cookie getter methods</title>
- <para>
- Once a <classname>Zend_Http_Cookie</classname> object is instantiated, it provides several getter methods to get
- the different properties of the <acronym>HTTP</acronym> cookie:
- <itemizedlist>
- <listitem>
- <para>
- <code>string getName()</code>: Get the name of the cookie
- </para>
- </listitem>
- <listitem>
- <para>
- <code>string getValue()</code>: Get the real, decoded value of the cookie
- </para>
- </listitem>
- <listitem>
- <para>
- <code>string getDomain()</code>: Get the cookie's domain
- </para>
- </listitem>
- <listitem>
- <para>
- <code>string getPath()</code>: Get the cookie's path, which defaults to '/'
- </para>
- </listitem>
- <listitem>
- <para>
- <code>int getExpiryTime()</code>: Get the cookie's expiration time, as UNIX
- time stamp. If the cookie has no expiration time set, will return
- <constant>NULL</constant>.
- </para>
- </listitem>
- </itemizedlist>
- </para>
- <para>
- Additionally, several boolean tester methods are provided:
- <itemizedlist>
- <listitem>
- <para>
- <code>boolean isSecure()</code>: Check whether the cookie is set to be sent
- over secure connections only. Generally speaking, if
- <constant>TRUE</constant> the cookie should only be sent over
- <acronym>HTTPS</acronym>.
- </para>
- </listitem>
- <listitem>
- <para>
- <code>boolean isExpired(int $time = null)</code>: Check whether the cookie
- is expired or not. If the cookie has no expiration time, will always return
- <constant>TRUE</constant>. If $time is provided, it will override the
- current time stamp as the time to check the cookie against.
- </para>
- </listitem>
- <listitem>
- <para>
- <code>boolean isSessionCookie()</code>: Check whether the cookie is a "session cookie" - that
- is a cookie with no expiration time, which is meant to expire when the session ends.
- </para>
- </listitem>
- </itemizedlist>
- </para>
- <para>
- <example id="zend.http.cookies.cookie.accessors.example-1">
- <title>Using getter methods with Zend_Http_Cookie</title>
- <programlisting language="php"><![CDATA[
- // First, create the cookie
- $cookie =
- Zend_Http_Cookie::fromString('foo=two+words; ' +
- 'domain=.example.com; ' +
- 'path=/somedir; ' +
- 'secure; ' +
- 'expires=Wednesday, 28-Feb-05 20:41:22 UTC');
- echo $cookie->getName(); // Will echo 'foo'
- echo $cookie->getValue(); // will echo 'two words'
- echo $cookie->getDomain(); // Will echo '.example.com'
- echo $cookie->getPath(); // Will echo '/'
- echo date('Y-m-d', $cookie->getExpiryTime());
- // Will echo '2005-02-28'
- echo ($cookie->isExpired() ? 'Yes' : 'No');
- // Will echo 'Yes'
- echo ($cookie->isExpired(strtotime('2005-01-01') ? 'Yes' : 'No');
- // Will echo 'No'
- echo ($cookie->isSessionCookie() ? 'Yes' : 'No');
- // Will echo 'No'
- ]]></programlisting>
- </example>
- </para>
- </sect2>
- <sect2 id="zend.http.cookies.cookie.matching">
- <title>Zend_Http_Cookie: Matching against a scenario</title>
- <para>
- The only real logic contained in a <classname>Zend_Http_Cookie</classname> object, is in the match() method.
- This method is used to test a cookie against a given <acronym>HTTP</acronym> request scenario, in order
- to tell whether the cookie should be sent in this request or not. The method has
- the following syntax and parameters:
- <code>boolean Zend_Http_Cookie->match(mixed $uri, [boolean $matchSessionCookies, [int $now]]);</code>
- <itemizedlist>
- <listitem>
- <para>
- <code>mixed $uri</code>: A <classname>Zend_Uri_Http</classname> object with a domain name and path to be checked.
- Optionally, a string representing a valid <acronym>HTTP</acronym> <acronym>URL</acronym> can be passed instead. The cookie will
- match if the <acronym>URL</acronym>'s scheme (HTTP or <acronym>HTTPS</acronym>), domain and path all match.
- </para>
- </listitem>
- <listitem>
- <para>
- <code>boolean $matchSessionCookies</code>: Whether session cookies should be
- matched or not. Defaults to <constant>TRUE</constant>. If set to
- <constant>FALSE</constant>, cookies with no expiration time will never
- match.
- </para>
- </listitem>
- <listitem>
- <para>
- <code>int $now</code>: Time (represented as UNIX time stamp) to check a cookie against
- for expiration. If not specified, will default to the current time.
- </para>
- </listitem>
- </itemizedlist>
- <example id="zend.http.cookies.cookie.matching.example-1">
- <title>Matching cookies</title>
- <programlisting language="php"><![CDATA[
- // Create the cookie object - first, a secure session cookie
- $cookie = Zend_Http_Cookie::fromString('foo=two+words; ' +
- 'domain=.example.com; ' +
- 'path=/somedir; ' +
- 'secure;');
- $cookie->match('https://www.example.com/somedir/foo.php');
- // Will return true
- $cookie->match('http://www.example.com/somedir/foo.php');
- // Will return false, because the connection is not secure
- $cookie->match('https://otherexample.com/somedir/foo.php');
- // Will return false, because the domain is wrong
- $cookie->match('https://example.com/foo.php');
- // Will return false, because the path is wrong
- $cookie->match('https://www.example.com/somedir/foo.php', false);
- // Will return false, because session cookies are not matched
- $cookie->match('https://sub.domain.example.com/somedir/otherdir/foo.php');
- // Will return true
- // Create another cookie object - now, not secure, with expiration time
- // in two hours
- $cookie = Zend_Http_Cookie::fromString('foo=two+words; ' +
- 'domain=www.example.com; ' +
- 'expires='
- . date(DATE_COOKIE, time() + 7200));
- $cookie->match('http://www.example.com/');
- // Will return true
- $cookie->match('https://www.example.com/');
- // Will return true - non secure cookies can go over secure connections
- // as well!
- $cookie->match('http://subdomain.example.com/');
- // Will return false, because the domain is wrong
- $cookie->match('http://www.example.com/', true, time() + (3 * 3600));
- // Will return false, because we added a time offset of +3 hours to
- // current time
- ]]></programlisting>
- </example>
- </para>
- </sect2>
- <sect2 id="zend.http.cookies.cookiejar">
- <title>The Zend_Http_CookieJar Class: Instantiation</title>
- <para>
- In most cases, there is no need to directly instantiate a
- <classname>Zend_Http_CookieJar</classname> object. If you want to attach a new cookie jar
- to your <classname>Zend_Http_Client</classname> object, just call the
- Zend_Http_Client->setCookieJar() method, and a new, empty cookie jar
- will be attached to your client. You could later get this cookie jar
- using Zend_Http_Client->getCookieJar().
- </para>
- <para>
- If you still wish to manually instantiate a CookieJar object, you
- can do so by calling "new Zend_Http_CookieJar()" directly - the
- constructor method does not take any parameters. Another way to
- instantiate a CookieJar object is to use the static Zend_Http_CookieJar::fromResponse()
- method. This method takes two parameters: a <classname>Zend_Http_Response</classname> object,
- and a reference <acronym>URI</acronym>, as either a string or a <classname>Zend_Uri_Http</classname> object.
- This method will return a new <classname>Zend_Http_CookieJar</classname> object, already
- containing the cookies set by the passed <acronym>HTTP</acronym> response. The reference
- <acronym>URI</acronym> will be used to set the cookie's domain and path, if they are
- not defined in the Set-Cookie headers.
- </para>
- </sect2>
- <sect2 id="zend.http.cookies.cookiejar.adding_cookies">
- <title>Adding Cookies to a Zend_Http_CookieJar object</title>
- <para>
- Usually, the <classname>Zend_Http_Client</classname> object you attached your CookieJar object
- to will automatically add cookies set by <acronym>HTTP</acronym> responses to your jar. If
- you wish to manually add cookies to your jar, this can be done by using
- two methods:
- <itemizedlist>
- <listitem>
- <para>
- <classname>Zend_Http_CookieJar->addCookie($cookie[, $ref_uri])</classname>: Add a
- single cookie to the jar. $cookie can be either a <classname>Zend_Http_Cookie</classname>
- object or a string, which will be converted automatically into a
- Cookie object. If a string is provided, you should also provide
- $ref_uri - which is a reference <acronym>URI</acronym> either as a string or
- <classname>Zend_Uri_Http</classname> object, to use as the cookie's default domain and path.
- </para>
- </listitem>
- <listitem>
- <para>
- <classname>Zend_Http_CookieJar->addCookiesFromResponse($response, $ref_uri)</classname>:
- Add all cookies set in a single <acronym>HTTP</acronym> response to the jar. $response is
- expected to be a <classname>Zend_Http_Response</classname> object with Set-Cookie headers. $ref_uri
- is the request <acronym>URI</acronym>, either as a string or a <classname>Zend_Uri_Http</classname> object, according
- to which the cookies' default domain and path will be set.
- </para>
- </listitem>
- </itemizedlist>
- </para>
- </sect2>
- <sect2 id="zend.http.cookies.cookiejar.getting_cookies">
- <title>Retrieving Cookies From a Zend_Http_CookieJar object</title>
- <para>
- Just like with adding cookies, there is usually no need to manually
- fetch cookies from a CookieJar object. Your <classname>Zend_Http_Client</classname> object
- will automatically fetch the cookies required for an <acronym>HTTP</acronym> request
- for you. However, you can still use 3 provided methods to fetch
- cookies from the jar object: <methodname>getCookie()</methodname>,
- <methodname>getAllCookies()</methodname>, and <methodname>getMatchingCookies()</methodname>.
- Additionnaly, iterating over the CookieJar will let you
- retrieve all the <classname>Zend_Http_Cookie</classname> objects from it.
- </para>
- <para>
- It is important to note that each one of these methods takes a
- special parameter, which sets the return type of the method. This
- parameter can have 3 values:
- <itemizedlist>
- <listitem>
- <para>
- <constant>Zend_Http_CookieJar::COOKIE_OBJECT</constant>: Return
- a <classname>Zend_Http_Cookie</classname> object. If the method returns more than
- one cookie, an array of objects will be returned.
- </para>
- </listitem>
- <listitem>
- <para>
- <constant>Zend_Http_CookieJar::COOKIE_STRING_ARRAY</constant>: Return
- cookies as strings, in a "foo=bar" format, suitable for sending
- in a <acronym>HTTP</acronym> request "Cookie" header. If more than one cookie is
- returned, an array of strings is returned.
- </para>
- </listitem>
- <listitem>
- <para>
- <constant>Zend_Http_CookieJar::COOKIE_STRING_CONCAT</constant>: Similar to
- COOKIE_STRING_ARRAY, but if more than one cookie is returned, this
- method will concatenate all cookies into a single, long string
- separated by semicolons (;), and return it. This is especially useful
- if you want to directly send all matching cookies in a single <acronym>HTTP</acronym>
- request "Cookie" header.
- </para>
- </listitem>
- </itemizedlist>
- </para>
- <para>
- The structure of the different cookie-fetching methods is described below:
- <itemizedlist>
- <listitem>
- <para>
- <classname>Zend_Http_CookieJar->getCookie($uri, $cookie_name[, $ret_as])</classname>:
- Get a single cookie from the jar, according to its <acronym>URI</acronym> (domain and path)
- and name. $uri is either a string or a <classname>Zend_Uri_Http</classname> object representing the
- <acronym>URI</acronym>. $cookie_name is a string identifying the cookie name. $ret_as
- specifies the return type as described above. $ret_type is optional, and
- defaults to COOKIE_OBJECT.
- </para>
- </listitem>
- <listitem>
- <para>
- <classname>Zend_Http_CookieJar->getAllCookies($ret_as)</classname>: Get all
- cookies from the jar. $ret_as specifies the return type as described
- above. If not specified, $ret_type defaults to COOKIE_OBJECT.
- </para>
- </listitem>
- <listitem>
- <para>
- <classname>Zend_Http_CookieJar->getMatchingCookies($uri[, $matchSessionCookies[, $ret_as[, $now]]])</classname>:
- Get all cookies from the jar that match a specified scenario, that is a <acronym>URI</acronym> and expiration time.
- <itemizedlist>
- <listitem>
- <para>
- <varname>$uri</varname> is either a <classname>Zend_Uri_Http</classname> object or a string specifying the
- connection type (secure or non-secure), domain and path to match against.
- </para>
- </listitem>
- <listitem>
- <para>
- <varname>$matchSessionCookies</varname> is a boolean telling whether
- to match session cookies or not. Session cookies are cookies that
- have no specified expiration time. Defaults to
- <constant>TRUE</constant>.
- </para>
- </listitem>
- <listitem>
- <para>
- <varname>$ret_as</varname> specifies the return type as described above. If not
- specified, defaults to COOKIE_OBJECT.
- </para>
- </listitem>
- <listitem>
- <para>
- <varname>$now</varname> is an integer representing the UNIX time stamp to consider
- as "now" - that is any cookies who are set to expire before this time will
- not be matched. If not specified, defaults to the current time.
- </para>
- </listitem>
- </itemizedlist>
- You can read more about cookie matching here:
- <xref linkend="zend.http.cookies.cookie.matching" />.
- </para>
- </listitem>
- </itemizedlist>
- </para>
- </sect2>
- </sect1>
- <!--
- vim:se ts=4 sw=4 et:
- -->
|
