PHP Cookies

         

PHP Sessions

What is a Cookie

A cookie is a small text file that lets you store a small amount of data (nearly 4KB) on the user's computer. They are typically used to keeping track of information such as username that the site can retrieve to personalize the page when users visits the website next time.

Tip: Each time the browser requests a page to the server, all the data in the cookie is automatically sent to the server within the request.

Setting a Cookie in PHP

The setcookie() the function is used to set a cookie in PHP. Make sure you call the setcookie() function before any output generated by your script otherwise cookie will not set. The basic syntax of this function can be given with:

setcookie(name, value, expire, path, domain, secure);

The parameters of the setcookie() the function has the following meanings:

Parameter	Description
name	The name of the cookie.
value	The value of the cookie. Do not store sensitive information since this value is stored on the user's computer.
expires	The expiry date in UNIX timestamp format. After this time cookie will become inaccessible. The default value is 0.
path	Specify the path on the server for which the cookie will be available. If set to /, the cookie will be available within the entire domain.
domain	Specify the domain for which the cookie is available to e.g www.example.com.
secure	This field, if present, indicates that the cookie should be sent only if a secure HTTPS connection exists.

Tip: If the expiration time of the cookie is set to 0, or omitted, the cookie will expire at the end of the session i.e. when the browser closes.

Here's an example that uses setcookie() function to create a cookie named username and assign the value value John Carter to it. It also specify that the cookie will expire after 30 days (30 days * 24 hours * 60 min * 60 sec).

<?php
// Setting a cookie
setcookie("username", "John Carter", time()+30*24*60*60);
?>

Note: All the arguments except the name are optional. You may also replace an argument with an empty string ("") in order to skip that argument, however, to skip the expire argument use a zero (0) instead since it is an integer.

Warning: Don't store sensitive data in cookies since it could potentially be manipulated by a malicious user. To store the sensitive data securely use sessions instead.

---

Accessing Cookies Values

The PHP $_COOKIE superglobal variable is used to retrieve a cookie value. It typically an associative array that contains a list of all the cookie values sent by the browser in the current request, keyed by cookie name. The individual cookie value can be accessed using standard array notation, for example, to display the username cookie set in the previous example, you could use the following code.

<?php
// Accessing an individual cookie value
echo $_COOKIE["username"];
?>

The PHP code in the above example produces the following output.

John Carter

It's a good practice to check whether a cookie is set or not before accessing its value. To do this you can use the PHP isset() function, like this:

<?php
// Verifying whether a cookie is set or not
if(isset($_COOKIE["username"])){
    echo "Hi " . $_COOKIE["username"];
} else{
    echo "Welcome Guest!";
}
?>

You can use the print_r() function like print_r($_COOKIE); to see the structure of this $_COOKIE an associative array, like you with other arrays.

---

Removing Cookies

You can delete a cookie by calling the same setcookie() function with the cookie name and any value (such as an empty string) however this time you need the set the expiration date in the past, as shown in the example below:

<?php
// Deleting a cookie
setcookie("username", "", time()-3600);
?>

Tip: You should pass exactly the same path, domain, and other arguments that you have used when you first created the cookie in order to ensure that the correct cookie is deleted.