Best way To handle a Cookie

Question 1

should one use JavaScript or PHP to handle a cookie data?

To make this a little more general, let's call this "Client side" (which is almost exclusively JavaScript) and "Server side" (which can be PHP, JavaScript or any other language) code.

The short answer is that: It depends what you are doing with the cookie data.

Most of the time, dealing with cookies server side is simpler.

Sometimes, the information in the cookie needs to be secure, and you don't need to access it from client side code, so you'll set an http only flag on it so that if you suffer an XSS attack the damage is limited.

Sometimes you will want to avoid making a server round trip (to take a trivial example: You allow the user to pick different stylesheets for your website. You don't want to reload the entire page when their change their preference. You use client side code to change the stylesheet currently loaded, and client side code to store that preference in a cookie. In the future, when other pages are loaded, you can use server side code to set a different <link> element.)

Do you use javascript to get cookie and than pass it to PHP to do all the filtering ?

You might use client side code to set a cookie value, and then use server side code to read it. There is no point in using JavaScript to read it and then using some non-cookie based mechanism to send it to server side code. That just makes things complicated and more likely to go wrong.

Do you use PHP to do all of the stuff?

Only if all the stuff is better done with PHP

Which one of the above will improve performance or is there another way?

As is normal with questions of client side code vs server side code: If you aren't loading a new page anyway, then using client side code is usually faster.

Question 2

It depends on the type of application.

If your application is full request based with PHP as backend, then use can PHP tot extract cookies.

check this link http://www.w3schools.com/php/php_cookies.asp

Or, if you application follows REST architecture or you want send data to the backend using Ajax. Then use javascript/Jquery to get cookie value and send it to the backend server that is PHP or in any other language.

Check this link to know, how to access cookies using jquey.cookie.js plugin: https://github.com/carhartl/jquery-cookie

Question 3

In handling cookies, it does not really matter whether you use javascript or PHP, it just depends on when it is more beneficial to access/manipulate them. Server-side stuff always seems more secure, but cookies are always accessible, client or server-side, so it doesn't really matter. You can create a cookie in PHP like this:

setcookie($cookieName, $cookieValue, time() + 3600);

That sets a cookie for an hour, you can then access it through the $_COOKIE superglobal array with array notation, for example

$var = $_COOKIE[$cookieName];

However, keep in mind that this won't work if cookies aren't enabled in the browser, such as when someone uses incognito mode.

In javascript, you can set cookies like this:

document.cookie="cookiename=cookievalue";

However, cookies in javascript are all concatenated as one big string in document.cookie, so the way to break them up into a normal array is with the split function, for example:

  var arr = [];
  function getCookieArray() {
     var value = "; " + document.cookie;
     var parts = value.split("; " + name + "=");
     if (parts.length == 2) return parts.pop().split(";").shift();
  }

You can find more about that here http://www.w3schools.com/js/js_cookies.asp So, remember, that cookies are not for storing sensitive data. They're often used to store preferences, but never anything that people shouldn't be able to have access to.