As a developer,you may have heard about cookie,but what excatly are they,when we can use them?I’ll tell you about that.After reading this toturial you will actually learn how to set cookie safely in your applacation.
At the begining,you might would like to know what you can do with cookies.
Nowadays,cookie is used widely,such as saving user setting like name,language,location or screen size ,you may want to sace the client’s preferred language to a cookie ,with these cookie you can know the user’s favrite choose for your site and do it when the action appear again.The widely use of cookie is the shopping cart,thanks to cookies people are able to keep items in their cart even they disconnecting from the shop.For a word,you can use cookies do what ever you would like them to do.
chapter one:cookies in PHP
There are seven params for this function when you try to set one.
$name:each cookie must has an unique name for browser keeping them apart
$value:the data you want the cookie to hold
$expire:the time signs when the cookie is available
$path:in which path the cookie can be use for the domain
$domain:excatly for this domain,you can use the domain,but if you set cookie for “www.test.com”,the cookie is also active for the subdomain of it,include the parent main domain “www.test.com”
$secure:you can make it “true” or “false”,it means whether you make the cookie available only for the https connection is established
$httponly:the same value “true” or “false”,to make the cookie available only for the http protocol(not for javascript)
Blow is an example of usage of cookie for PHP:

<?php
setcookie( 'clientname', 'Peter Griffin', time()+60*30, '/example/', 'test.test.com', false,true);
?>

The code make a cookie named clientname and the value is Peter Gfiffin,it will not be available after 60*30 seconds(30 minutes),the cookie is attach to domain “test.test.com”,you can use the cookie if a http protocol is established and it is just for http protocol,not javascript.
Awesome!
With my tutorial,you have learn how to make a cookie,next i will show you something important of cookie and then how to get the value of your cookie.
To prevent cookie hogging huge hardspace of the client,your cookie can’t be lager than 4096 bytes(4kb) and the number of each domain is also limited,that is twenty cookies.Another thing is you must avoid set the private features to the server automatically,for cookies are usually sent through a non-secure connection,so the content could easily be seen by any potential attackers.
How to get my cookie and to decide whether i have logined or not?
There is a evronment variable $_COOKIE[],it is an array,your total cookies will been put in it, so you can get any cookie like this:$_COOKIE['username'].
All you have seen above,is the basic use of cookie in php,next i will show you how to do with id in javascript.
Javascript doesn’t offer a nice solution of cookie like php,but it is still widely used in client-sides.As the snippet below:

//get current date
var expiredate = new Date();
//increase date by 5 hours
expiredate.setHours( expiredate.getHours() + 5);
document.cookie = 'cookiename=cookievalue; expires='  + expiredate.toUTCString() + 'path=/example/; domain=test.envato.com';

Have you noticed it a similar usage with php?
Yes,the syntax is quite similar with php.

var cookieName = 'testcookiename';
var textArray = document.cookie.split(';'); //put all the parts of the string in an array
for(var i = 0; i < textArray.length; i++){ // loop though all string pieces
var textPiece = textArray[i]; //contains 1 string piece
 //filter beginning spaces
while(textPiece(0)==' ') textPiece = textPiece.substring(1,textPiece.length);
//if the textpiece contains our cookies name
if (textPiece.indexOf(cookieName)== 0){
 //return whats after the cookies name
return textPiece.substring(cookieName.length,c.length);
}
}

O,no,it makes me headache to read cookie set by javascript!It is a bad experience!
Luckily guys,i have find two function to do it.

function writeCookie(cookieName, cookieValue, expireHours, path, domain){
var date =  new Date();
date.setHours(date.getHours + expireHours);
document.cookie = cookieName + '=' + cookieValue + '; expires=' + date + '; path=' + path + '; domain=' + domain;
}  

function readCookie(cookieName){
var textArray = document.cookie.split(';');
for(var i = 0; i < textArray.length; i++){
var textPiece = textArray[i];
while(textPiece(0)==' ') textPiece = textPiece.substring(1,textPiece.length);
if (textPiece.indexOf(cookieName)== 0) return textPiece.substring(cookieName.length,c.length);
}
}

Please do bear in mind that these snippets don’t contain any error checking.
Best practices
1.you should never leave sensitive data in cookie like the user’s personal infomation.
2.Always fileter strings and numbers from cookies.An attacker could write malicious data to cookie in order to do something you don’t want your service to do.
3.Try to estimate how long the cookie should be valid,and set the expiration date accordingly.
4.Always set the secure and httponly to meet your application demands. If your application doesn’t edit the cookies with JavaScript, enable httponly. If you always have an HTTPS connection, enable secure. This improves the data’s integrity and confidentiality.

This toturial is mostly modified form nettut,which i offen find news toturial to study,i like nettut,it is very useful.
I hope this toturial will meet your need for a chance.