PHP how to stringify array and store in cookie

Question

I got an array like this

$value = {array('id'=>$id, 'email'=>$email, 'token'=>$token)}

I want to stringify the array then encode then store it in cookie "login". How do you do that ? Also please tell me how to decode and read the stored value.

Edit:

I've been trying serialize/unserialize, but it didn't work as expected. for example,

$value = serialize(array('id'=>33, 'email'=>'big@gmail.com', 'token'=>'e9aa0966773d68e0fbf9cb21fc2877b4'));

echo $value; //a:3:{s:2:"id";i:33;s:5:"email";s:20:"big@gmail.com";s:5:"token";s:32:"e9aa0966773d68e0fbf9cb21fc2877b4";}

But when the value go to cookie, it looks like this

a%3A3%3A%7Bs%3A2%3A%22id%22%3Bs%3A1%3A%226%22%3Bs%3A5%3A%22email%22%3Bs%3A20%3A%22craigcosmo%40gmail.com%22%3Bs%3A5%3A%22token%22%3Bs%3A32%3A%22e9aa0966773d68e0fbf9cb21fc2877b4%22%3B%7D

Answer 1

json_encode/json_decode

$_COOKIE['login'] = json_encode($array);
$array = json_decode($_COOKIE['login']);

Can also use serialize/unserialize:

$_COOKIE['login'] = serialize($array);
$array = unserialize($_COOKIE['login']);

Perhaps.

---

UPDATE

With this code:

<html><body><pre><?php
  $array = Array(
    'id'  => 1234,
    'email' => 'example@example.com',
    'token' => base64_encode('abcDEF1234')
  );
  
  echo "Var Dump (initial):\r\n";
  var_dump($array);
  
  $serialized = serialize($array);
  echo "Serialized:\r\n".$serialized."\r\n";
  
  $unserialized = unserialize($serialized);
  echo "Unserialized:\r\n".$unserailized."\r\n";
  var_dump($unserialized);
?></pre></body></html>

You would generate the following:

Var Dump (initial):
array(3) {
  ["id"]=>
  int(1234)
  ["email"]=>
  string(19) "example@example.com"
  ["token"]=>
  string(16) "YWJjREVGMTIzNA=="
}
Serialized:
a:3:{s:2:"id";i:1234;s:5:"email";s:19:"example@example.com";s:5:"token";s:16:"YWJjREVGMTIzNA==";}
Unserialized:

array(3) {
  ["id"]=>
  int(1234)
  ["email"]=>
  string(19) "example@example.com"
  ["token"]=>
  string(16) "YWJjREVGMTIzNA=="
}

---

EDIT2

You're seeing the encoded value based on how the HTTP protocol transfers cookies. There are two headers in a cookie transfer: Set-Cookie & Cookie. One is server->client, other other is client->server, respectfully.

When PHP sets the cookie (using setcookie e.g.) PHP is really just short-handing the following:

setcookie('login',$serialized);

which, in PHP translates to:

header('Set-Cookie: login='.urlencode($serialized).'; '
      .'expires=Wed, 12-Jan-2011 13:15:00 GMT; '
      .'path=/; domain=.mydomain.com');

If you had characters like : or a SPACE, the browser wouldn't know where the cookie's properties began and ended.

Answer 2

NEVER EVER USE serialize with User input! serialize calls __wakeup and is a big security vulnerability, because you can execute code on the server. (Now the rules before you break 'em)

there is a serialize/unserialize function to convert an array to a string and back.

Edit: When you store a string to cookie (setcookie), php needs to do a url encode on the string. This prevents any characters in the string saved to cookie interfering with any other headers. When the page is loaded next, php gets the cookie and automatically does a url decode on the cookie value to return it to it's previous value. As far as what is stored in the cookie, this shouldn't matter within php because php will do the url encode/decode automatically. Now if you are getting the cookie in another language such as javascript, then yes, you will get the raw string back. In this case you can use something like decodeURI in JS to get the original value back.