Remembering Non-Registered Visitors

Posted by martin on 4 Sep 2002.

Remember visitors' information entered on your site, using cookies, to save time if the same details are needed again.

You have a couple of forms on your site that require the same user information or a single form that is frequently resubmitted by visitors. You don't have the time to implement user registration and don't want to spend hours or days learning somebody else's code. You are not sure if people will sign-up at all. What you need is to "remember" non-registered visitors.

Why people may not register

• It takes time even if you only fill in a username and password
• Many services on the web require lots of information
• Some sites require additional action to activate your account

What are the benefits of "remembering" visitors

• People may opt to turn it off
• It can coexist with the same service for registered users
• Doesn't take much time to implement it
• Doesn't require a database

And the drawbacks

• Requires cookies, at least when you want it to permanent
• The same browser has to be used all times

What is required

A server-side scripting language such like PHP, ASP, JSP or anything as CGI that will both display the form and process the submitted values.

What exactly is it

It is a way to remember some information the visitor of your site entered either for the current session or for a specified amount of time with a cookie.

When the visitor submits the form the reusable information, which doesn't change when the same user fills the form another time, is saved. Depending on the implementation an option to permanently save the information as a cookie, or just to save it for the session, may be offered.

Example code

The provided the code is written in PHP, but as mentioned above it can be done in any server-side scripting language or CGI application.

define('COOKIE_REMEMBER', 'remember-me');

session_load_remembered();

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
 processData();
} else {
 displayForm();
}

Our cookie name is defined with a constant, easier to change if the name doesn't suit you. The first function call initializes the session variables from that cookie, if available.

Next we check if we should display the form or process the submitted one.

function session_load_remembered() {
 if (isset($_COOKIE[COOKIE_REMEMBER]) ) {
 // the order of name, email has to be the same as in the code to save the data
 list($_SESSION['name'], $_SESSION['email']) =
    @unserialize($_COOKIE[COOKIE_REMEMBER]);
 }
}

PHP's unserialize function takes a string representation of a PHP variable, array in our case, and returns the structure itself. We've suppressed error messages with the @ control operator because the cookie may have been modified by the user. The list language construct is used to set the values of our session variables at once.

I've used PHP 4.1 style superglobal $_COOKIE and $_SESSION arrays, if you want to use the code with an earlier version of PHP you need to modify the code to $HTTP_*_VARS and import it from the global namespace with a global declaration as in the example:

global $HTTP_COOKIE_VARS;

echo $HTTP_COOKIE_VARS[COOKIE_REMEMBER];

function displayForm($subject = '', $comment = '') {
 ?>
 <form method="post" action="<?php echo $_SERVER['PHP_SELF']?>"
 onsubmit="return true">
 <table border="0" cellspacing="5" cellpadding="0" summary="Comments form">

 <tr>
 <td>Name:</td>
 <td><input type="text" name="fullName" id="fullName"
   value="<?php echo $_SESSION['name']?>" /></td>
 </tr>

 <tr>
 <td>E-mail:</td>
 <td><input type="text" name="email" id="email"
   value="<?php echo $_SESSION['email']?>" /></td>
 </tr>

 <tr>
 <td>Subject:</td>
 <td><input type="text" name="subject" id="subject"
   value="<?php echo $subject?>" /></td>
 </tr>

 <tr>
 <td colspan="2">
 <input type="checkbox" name="remember" />
 Remember me
 </td>
 </tr>

 <tr>
 <td colspan="2">Comments:</td>
 </tr>

 <tr>
 <td colspan="2">
 <textarea id="comment" name="comment" rows="8" cols="40">
   <?php echo $comment?></textarea>
 </td>
 </tr>

 <tr>
 <td><input type="submit" value="Add comment" /></td>
 <td><input type="reset" value="Clear fields" /></td>
 </tr>

 </table>
 </form>
 <?php
}

This isn't perfect HTML, titles are one thing you should add to the code, and also wrap the text labels in HTML label elements. Other improvements can also be made, it's up to you.

The example PHP function displays a comments form. Note that we've set the default values of the name and email fields to our session variables that will hold the saved data. The other two default values for the subject and comment are just put in case server-side validation fails and we need to redisplay the form with the values filled in.

function processData() {
 // some validation
 // redisplay the form if it fails with a line like:
 // displayForm($_POST['subject'], $_POST['comment']);


 // if all is ok
 $_SESSION['name'] = $_POST['fullName'];
 $_SESSION['email'] = $_POST['email'];

 if (isset($_POST['remember']) ) {
   setcookie(COOKIE_REMEMBER, 
   serialize(array($_SESSION['name'], $_SESSION['email'])), time() + 31104000);
 }

 // add the info to database
}

This one handles the submitted data, validation needs to be put in place of course. If all data is correct we can save the data in the session, and if the user requested also set up a cookie that will remember the info for his/her next visit to the site.

Note: If you display user supplied information on your site you should always remove HTML code with strip_tags or use htmlspecialchars to escape it.

The POST variable remember will be set to on when the visitor checked the box, otherwise it will not be set at all. The code that sets the cookie will make it expire in one year.

If your website is accessed under a directory name you should add the next optional parameter to setcookie to that directory to prevent cookie leaks.

Comments