PrestaShop uses cookies encrypted with Rijndael or Blowfish to store all session information for customers and employees. Separate cookies for each customer and employee are stored in the user's browser cache. PrestaShop uses classes/Cookie.php to read and write its cookies.
The customer cookie is read on line 94 (in PrestaShop v1.4.2) of init.php and the employee cookie is read on line 32 of /admin/init.php. To access the cookie from inside PrestaShop, add global $cookie; (or add $cookie to the list of global variables) to the top of the function in a class or at the top of a non-class file. A variable in the cookie can then be accessed or changed using $cookie->variable. To access the cookie from outside of PrestaShop, use code like the following:
include_once('path_to_prestashop/config/config.inc.php');
include_once('path_to_prestashop/config/settings.inc.php');
include_once('path_to_prestashop/classes/Cookie.php');
$cookie = new Cookie('ps'); |
Change 'ps' to 'psAdmin' to read the employee cookie.
The following table contains the public variables in PrestaShop's customer cookie, which are related to the current visitor on your website:
Variable | Description |
|---|---|
date_add | The date and time the cookie was created (in YYYY-MM-DD HH:MM:SS format). |
id_lang | The ID of the selected language. |
id_currency | The ID of the selected currency. |
last_visited_category | The ID of the last visited category of product listings. |
ajax_blockcart_display | Whether the cart block is "expanded" or "collapsed". |
Viewed | The IDs of recently viewed products as a comma-separated list. |
id_wishlist | The ID of the current wishlist displayed in the wishlist block. |
checkedTOS | Whether the "Terms of service" checkbox has been ticked (1 if it has and 0 if it hasn't) |
id_guest | The guest ID of the visitor when not logged in. |
id_connections | The connection ID of the visitor's current session. |
id_customer | The customer ID of the visitor when logged in. |
customer_lastname | The last name of the customer. |
customer_firstname | The first name of the customer. |
logged | Whether the customer is logged in. |
passwd | The MD5 hash of the _COOKIE_KEY_ in config/settings.inc.php and the password the customer used to log in. |
The email address that the customer used to log in. | |
id_cart | The ID of the current cart displayed in the cart block. |
checksum | The Blowfish checksum used to determine whether the cookie has been modified by a third party. |
There are also variables for product customisation. For example, pictures_1 contains the filenames of the images the customer has uploaded to product 1 (in the upload directory) and textfields_1 contains the text the customer has uploaded to product 1. Use the following code to get the customisation files and textfields of product 1:
$files = $cookie->getFamily('pictures_1');
$textFields = $cookie->getFamily('textFields_1');
|
The following table contains the public variables in PrestaShop's employee cookie, which relates to the employee who is currently logged in to the Back Office:
Variable | Description |
|---|---|
date_add | The date and time the cookie was created (in YYYY-MM-DD HH:MM:SS format). |
id_lang | The ID of the selected language. |
id_employee | The ID of the employee. |
lastname | The last name of the employee. |
firstname | The first name of the employee. |
The email address the employee used to log in. | |
profile | The ID of the profile that determines which tabs the employee can access. |
passwd | The MD5 hash of the _COOKIE_KEY_ in config/settings.inc.php and the password the employee used to log in. |
checksum | The Blowfish checksum used to determine whether the cookie has been modified by a third party. |
There are also pagination and filter variables stored in the employee cookie so that the state of the tables is saved. For example, the order_pagination variable stores how many orders are displayed per page and orderFilter_id_order stores the filter applied to the id_order column of the orders table.
These private cookie variables cannot be accessed directly like the public variables above.
Variable | Description |
|---|---|
_name | The unique name of the cookie (the MD5 hash of "ps" for customer cookie or "psAdmin" for employee cookie and _COOKIE_KEY_ in config/settings.inc.php). |
_expire | The expiry date of the cookie. It can be changed using the setExpire function in classes/Cookie.php. By default, PrestaShop cookies expire after 1728000 seconds (or 20 days). This can be changed on line 65 (in PrestaShop v1.4.2) of classes/Cookie.php. |
_domain | The domain name of the website where the cookie was created. For example, yoursite.com. |
_path | The path of the website where the cookie was created. For example, /prestashop/. |
_bf | The Blowfish instance used to encrypt and decrypt the cookie. |
_key | The encrypted cookie key that is used by Blowfish to decrypt the cookie. |
_iv | The encrypted cookie iv that is used by Blowfish to decrypt the cookie. |