6

I am trying to store nested arrays in a cookie. I decided to store the array as a JSON string. However, I am getting this warning:

PHP Warning: Cookie values can not contain any of the following ',; \t\r\n\013\014' in foobar.php

Is there a recommended way of storing nested arrays in a cookie?

Galen
  • 29,976
  • 9
  • 71
  • 89
morpheous
  • 16,270
  • 32
  • 89
  • 120
  • Out of curiosity, why do you need to store that much data into a cookie? – Matteo Riva Apr 22 '10 at 16:22
  • A lot of assumptions going on here (judging from some of the answers/feedback) ... The fact that it is a nested array does not necessarily imply a lot of data. First of all, maximum nesting depth is likely to be <=3. Secondly, I am only storing object ids (integers). – morpheous Apr 22 '10 at 20:40

5 Answers5

3

You could use base64_encode() and base64_decode()

Note that according to the manual:

Base64-encoded data takes about 33% more space than the original data.

Tom Haigh
  • 57,217
  • 21
  • 114
  • 142
  • Keep in mind that javascript base64 decode is not entirely cross-browser http://stackoverflow.com/questions/2820249/base64-encoding-and-decoding-in-client-side-javascript – Timo Huovinen Sep 23 '13 at 12:49
2

If you have some other form of persistence available (db, sessions, memcache), I'd recommend storing the real data there. Then put a unique identifier in the cookie, which can be used to look up the desired data. It's just a lot cleaner and more secure.

grossvogel
  • 6,694
  • 1
  • 25
  • 36
2

Is there a recommended way of storing nested arrays in a cookie?

Yes - don't. Store it serverside using a session or other handle. Not only are there formatting and scope issues with storing data in cookies, there's also a file size limt.

C.

symcbean
  • 47,736
  • 6
  • 59
  • 94
1

I don't think that's a clean way to do it, but you could urlencode the json_encoded string to be able to store it in a cookie.

Edit: Tom Haigh way is certainly cleaner (using base64_encode).

p4bl0
  • 3,846
  • 1
  • 22
  • 21
  • This is a common approach. `rawurlencode` might be a better bet if you want to read the cookie from elsewhere, eg. JavaScript's `decodeURIComponent`. – bobince Apr 22 '10 at 16:07
0
$array = array();
$array[] = array(1,2,3);
$array[] = array('a','b','c');
setcookie("test",serialize($array));

Just serialize, works just fine.

You get that in your cookie:

'test' => string 'a:2:{i:0;a:3:{i:0;i:1;i:1;i:2;i:2;i:3;}i:1;a:3:{i:0;s:1:"a";i:1;s:1:"b";i:2;s:1:"c";}}' (length=86)
Mikushi
  • 3,311
  • 4
  • 19
  • 22
  • 3
    the danger of this is that you then are unserializing user-submitted data, which is potentially dangerous as by passing a different string people could instantiate arbitrary objects etc. – Tom Haigh Apr 22 '10 at 16:02
  • Totally agree with that. Not very secure, just depends what kind of data your storing in that cookie. If it's sensible, you can obfuscate/encrypt it with a private key. – Mikushi Apr 22 '10 at 16:05
  • 1
    Also that does appear to have loads of semicolons in, which would surely cause `Set-Cookie` to fail? – bobince Apr 22 '10 at 16:05
  • 1
    "just depends what kind of data your storing in that cookie". No - you miss my point. Regardless of what data is there you are unserializing user-submitted data, which can let people muck around with what variables/objects are being created in your php script – Tom Haigh Apr 22 '10 at 16:10
  • This is a very simple example, the developer should always validate user input, Cookie included. I was just answering the "how to put nested array in a cookie", after all, doing so it's just a bad practice anyway, you should reduce as much as possible the informations you're storing on the user computer, that's just not safe like you mention. – Mikushi Apr 22 '10 at 16:32