A cookie is a small piece of data sent from a website and stored on the user's computer by the user's web browser while the user is browsing.
Here are the parameters involving cookies:
| Parameter | Details |
|---|---|
name |
The name of the cookie. This is also the key you can use to retrieve the value from the $_COOKIE super global. This is the only required parameter. |
value |
The value to store in the cookie. This data is accessible to the browser so don't store anything sensitive here. |
expire |
A Unix timestamp representing when the cookie should expire. If set to zero the cookie will expire at the end of the session. If set to a number less than the current Unix timestamp the cookie will expire immediately. |
path |
The scope of the cookie. If set to / the cookie will be available within the entire domain. If set to /somepath/ then the cookie will only be available in that path and descendants of that path. Defaults to the current path of the file that the cookie is being set in. |
domain |
The domain or subdomain the cookie is available on. If set to the bare domain (e.g. jobtensor.com) then the cookie will be available to that domain and all subdomains. If set to a subdomain (e.g. jobs.jobtensor.com) then the cookie will be available only on that subdomain, and all subsubdomains. |
secure |
When set to true the cookie will only be set if a secure HTTPS connection exists between the client and the server. |
httponly |
Specifies that the cookie should only be made available through the HTTP/S protocol and should not be available to client side scripting languages like JavaScript. Only available in PHP 5.2 or later. |
Modifying a Cookie
A cookie can be set or modified using the following syntax:
setcookie(name, value, expire, path, domain, secure, httponly);
Note that:
- Cookies are part of the HTTP header, so
setcookie()must be called before any output is sent to the browser. - When modifying a cookie make sure the path and domain parameters of
setcookie()matches the existing cookie or a new cookie will be created instead. - The value portion of the cookie will automatically be urlencoded when you send the cookie, and when it is received, it is automatically decoded and assigned to a variable by the same name as the cookie name.
Here is an example of setting a cookie.
<?php
setcookie("user", "Mark", time() + 86400, "/"); // check syntax for function params
The example above:
- Creates a cookie with name
user - (Optional) Value of the cookie is
Mark - (Optional) Cookie will expire in 1 day (
86400 seconds) - (Optional) Cookie is available throughout the whole website
/ - (Optional) Cookie is only sent over
HTTPS - (Optional) Cookie is not accessible to scripting languages such as JavaScript
Checking if a Cookie is Set
The isset() function can be used upon the superglobal $_COOKIE variable to check if a cookie is set.
<?php
// PHP <7.0
if (isset($_COOKIE['user'])) {
echo 'User is ' . $_COOKIE['user'];}
else {
echo 'User is not logged in'; // false, cookie is not set
}
// PHP 7.0+
echo 'User is ' . $_COOKIE['user'] ?? 'User is not logged in';
Removing a Cookie
To remove a cookie, set the expiry timestamp to a time in the past. This triggers the browser's removal mechanism:
<?php
setcookie('user', '', time()-3600, '/');
Note: When deleting a cookie make sure the path and domain parameters of setcookie() matches the cookie
you're trying to delete or a new cookie, which expires immediately, will be created.
It is also a good practice to unset the $_COOKIE value in case the current page uses it:
unset($_COOKIE['user']);
Retrieving a Cookie
The value of a cookie can be retrieved using the global variable $_COOKIE.
<?php
echo $_COOKIE['user'];