Naming cookies - best practices [closed]_问答_开发者

Naming cookies - best practices [closed]

开发者 https://www.devze.com 2022-12-17 17:26 出处：网络

Closed. This question is opinion-based. It is not currently accepting answers. 开发者_JAVA百科 Want to improve this question? Update the question so it can be answered with facts and citat

Closed. This question is opinion-based. It is not currently accepting answers.

开发者_JAVA百科

Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.

Closed 7 years ago.

Improve this question

What should cookie names look like?

Should they be:

lower_case
CamelCase
Underscore_Camel_Case
UPPER_CASE

Or should they be something else?

appname_meaningfulname

Keep in mind that this cookie is sent with every request, so imho, just use the smallest name you can, and document your code nicely.

It should be something that avoids naming conflicts with arbitrary _GET and _POST params you might be using, since _REQUEST wraps all three global arrays (!), with precedence depending on how your variables_order setting is set in php.ini. In other words, if you have a _COOKIE named "x" and a querystring param named "x", and you ask for $_REQUEST["x"], you get the cookie value when you might want/expect the GET param. This is especially problematic if your cookies are scoped to your website root "/", and not to the folder where they are consumed.

So I say, two best practices:

make sure you limit scope of your cookies to the path where they are read and written, (third argument of setcookie() method does this)
give your cookies some sort of cookie-specific naming convention. I suggest reverse website, like java namespaces, then ".".{appname}.".".{friendly cookie name camel cased} So, if your site is www.testsite.com, and your app is foo, and your variable is "bar bar bar bar bar barann", it would be "com.testsite.foo.barBarBarBarBarBarann"

I use whatever style the coding standards for the project call for.

Generally I prefer camelCase for naming schemes, but whichever one pays the bills is the one I'll go with.

Maybe you won't like my answer:

Don't use your own cookies but store data in server sessions. So you only need one cookie (to reference the session id) and how you name that plays no role.