Thursday, 13 October 2011

Prestashop cookie structure


PrestaShop uses cookies encrypted with Rijndael or Blowfish to store all session information for customers and employees.  Separate cookies for each customer and employee are stored in the user's browser cache.  PrestaShop uses classes/Cookie.php to read and write its cookies.
The customer cookie is read on line 94 (in PrestaShop v1.4.2) of init.php and the employee cookie is read on line 32 of admin/init.php.  To access the cookie from inside PrestaShop, add global $cookie; (or add $cookie to the list of global variables) to the top of the function in a class or at the top of a non-class file.  A variable in the cookie can then be accessed or changed using $cookie->variable.  To access the cookie from outside of PrestaShop, use code like the following:
include_once('path_to_prestashop/config/config.inc.php');include_once('path_to_prestashop/config/settings.inc.php');
include_once('path_to_prestashop/classes/Cookie.php');
$cookie = new Cookie('ps');
Change 'ps' to 'psAdmin' to read the employee cookie.

CUSTOMER COOKIE

The following table contains the public variables in PrestaShop's customer cookie, which are related to the current visitor on your website:
VariableDescription
date_addThe date and time the cookie was created (in YYYY-MM-DD HH:MM:SS format).
id_langThe ID of the selected language.
id_currencyThe ID of the selected currency.
last_visited_categoryThe ID of the last visited category of product listings.
ajax_blockcart_displayWhether the cart block is "expanded" or "collapsed".
viewedThe IDs of recently viewed products as a comma-separated list.
id_wishlistThe ID of the current wishlist displayed in the wishlist block.
checkedTOSWhether the "Terms of service" checkbox has been ticked (1 if it has and 0 if it hasn't)
id_guestThe guest ID of the visitor when not logged in.
id_connectionsThe connection ID of the visitor's current session.
id_customerThe customer ID of the visitor when logged in.
customer_lastnameThe last name of the customer. 
customer_firstnameThe first name of the customer.
loggedWhether the customer is logged in.
passwdThe MD5 hash of the _COOKIE_KEY_ in config/settings.inc.php and the password the customer used to log in.
emailThe email address that the customer used to log in.
id_cartThe ID of the current cart displayed in the cart block.
checksumThe Blowfish checksum used to determine whether the cookie has been modified by a third party.
The customer will be logged out and the cookie deleted if the checksum doesn't match.
There are also variables for product customisation.  For example, pictures_1 contains the filenames of the images the customer has uploaded to product 1 (in the upload directory) and textfields_1 contains the text the customer has uploaded to product 1.  Use the following code to get the customisation files and textfields of product 1:
$files = $cookie->getFamily('pictures_1');
$textFields = $cookie->getFamily('textFields_1');

EMPLOYEE COOKIE

The following table contains the public variables in PrestaShop's employee cookie, which relates to the employee who is currently logged in to the Back Office:
VariableDescription
date_addThe date and time the cookie was created (in YYYY-MM-DD HH:MM:SS format).
id_langThe ID of the selected language.
id_employeeThe ID of the employee.
lastnameThe last name of the employee.
firstnameThe first name of the employee.
emailThe email address the employee used to log in.
profileThe ID of the profile that determines which tabs the employee can access.
passwdThe MD5 hash of the _COOKIE_KEY_ in config/settings.inc.php and the password the employee used to log in.
checksumThe Blowfish checksum used to determine whether the cookie has been modified by a third party.
The customer will be logged out and the cookie deleted if the checksum doesn't match. 
There are also pagination and filter variables stored in the employee cookie so that the state of the tables is saved.  For example, the order_pagination variable stores how many orders are displayed per page and orderFilter_id_order stores the filter applied to the id_order column of the orders table.

PRIVATE VARIABLES

These private cookie variables cannot be accessed directly like the public variables above.
VariableDescription
_nameThe unique name of the cookie (the MD5 hash of "ps" for customer cookie or "psAdmin" for employee cookie and _COOKIE_KEY_ in config/settings.inc.php).
_expireThe expiry date of the cookie.  It can be changed using the setExpire function in classes/Cookie.php.  By default, PrestaShop cookies expire after 1728000 seconds (or 20 days).  This can be changed on line 65 (in PrestaShop v1.4.2) of classes/Cookie.php.
_domainThe domain name of the website where the cookie was created.  For example, yoursite.com.
_pathThe path of the website where the cookie was created.  For example, /prestashop/.
_bfThe Blowfish instance used to encrypt and decrypt the cookie.
_keyThe encrypted cookie key that is used by Blowfish to decrypt the cookie.
_ivThe encrypted cookie iv that is used by Blowfish to decrypt the cookie.