How is proper way to store an array in a cookie? in PHP Code example:
$number_ticket=2;
$info[7][5]=1;
$info[8][5]=1;
php
arrays
security
cookies
Answers
1
The isRecursiveArray(array) method below detects circular/recursive arrays. It keeps track of which arrays have been visited by temporarily adding an element containing a known object reference to the end of the array.
If you want help writing the serialization method, please update your topic question and provide a sample serialization format in your question.
function removeLastElementIfSame(array & $array, $reference) {
if(end($array) === $reference) {
unset($array[key($array)]);
}
}
function isRecursiveArrayIteration(array & $array, $reference) {
$last_element = end($array);
if($reference === $last_element) {
return true;
}
$array[] = $reference;
foreach($array as &$element) {
if(is_array($element)) {
if(isRecursiveArrayIteration($element, $reference)) {
removeLastElementIfSame($array, $reference);
return true;
}
}
}
removeLastElementIfSame($array, $reference);
return false;
}
function isRecursiveArray(array $array) {
$some_reference = new stdclass();
return isRecursiveArrayIteration($array, $some_reference);
}
$array = array('a','b','c');
var_dump(isRecursiveArray($array));
print_r($array);
$array = array('a','b','c');
$array[] = $array;
var_dump(isRecursiveArray($array));
print_r($array);
$array = array('a','b','c');
$array[] = &$array;
var_dump(isRecursiveArray($array));
print_r($array);
$array = array('a','b','c');
$array[] = &$array;
$array = array($array);
var_dump(isRecursiveArray($array));
print_r($array);
Thursday, September 1, 2022
1
How about generating a unique ID, storing it in a cookie, and storing your serialized array and the ID in database?
Example:
// ------------ STORING TO COOKIE AND DATABASE ------------ //
$id = uniqid();
setcookie("id", $id, time()+60*60*24); // 1 day
$serialized = serialize($array);
mysql_query("INSERT INTO yourTable (id, array) VALUES ('$id', '$serialized')");
// ------------ SELECTING FROM DATABASE ------------ //
if(!isset($_COOKIE['id'])) die();
$id = mysql_real_escape_string($_COOKIE['id']);
$result = mysql_query("SELECT array FROM yourTable WHERE id = $id LIMIT 1");
if(!is_resource($result)) die();
$serialized = mysql_result($result, 0);
$array = unserialize($serialized);
Tuesday, October 11, 2022
1
First, make sure you are using https and not http. This will keep your traffic from getting sniffed and exploited.
Secondly, generate as random a value as possible to use as a token in the cookie. This is how many of the big sites do their user tracking. Have a map of token to user on the server side that tracks the identities. Remember: Anything that comes from the client is untrusted and could be tampered with.
Third, use an HMAC to make tampering much more difficult. You don't want users being able to brute force other tokens.
EDIT:
You may find these other SO questions/answers helpful as you build this system:
Long details about creating and using tokens (doesn't necessarily have to be a REST service to be applicable): REST Web Service authentication token implementation
Creating good tokens (don't use microtime): Is using microtime() to generate password-reset tokens bad practice
Wednesday, September 7, 2022
Only authorized users can answer the search term. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :
php
arrays
security
cookies
Serialize data:
Then unserialize data:
After data, $info and $data will have the same content.