PHP Cookie

Summary: this tutorial introduces you cookie concept and shows you how to maintain web application’s state between web browser’s requests using PHP cookie.

Introduction to cookies

A cookie is a piece of information stored in user’s web browser in text format. A cookie is stored as one or more name-value pairs that may be encrypted for privacy and security purposes. Cookies are also known as web cookies, HTTP cookies or browser cookies.

The web server sends the cookie to the web browser as a part of HTTP header. Whenever the browser requests a page from the web server, the cookie is sent back to the web server in the request so that the website can read information in it and perform necessary tasks such as personalization based on user preferences.

A cookie allows you to store up to 4KB of data, which is a very small amount. A cookie lasts for a fixed period of time. You can set the expired time of  a cookie from few seconds to as long as you want. Especially, you can set cookie expired whenever the web browser is closed.

Most modern web browsers allow users to choose whether to accept cookies so you should not completely rely on it for storing critical data. In addition, the modern web browsers allow you to store at least 20 cookies per unique domain. Check it out the rfc2109 for more information how the cookie should be implemented.

Setting PHP cookie

PHP makes it easy to work with cookie using the setcookie() function. The setcookie() function allows you to sent HTTP header to create a cookie on the web browser. The following explains the setcookie() function in more detail:

The arguments in the setcookie() function:

  • $name: the name of the cookie
  • $value: the value of the cookie. It can be any scalar value such as string or integer.
  • $expire: the time the cookie expires. If $expire is not set, the cookie will expire when the user closes the web browser.
  • $path: the path on the web server for which the cookie will be returned.
  • $domain: the domain where cookie will return.
  • $secure: true to indicate that the cookie is sent over secured HTTP (HTTPS). The default value is false.

Let’s take a look at an example of setting a cookie in PHP.

Notice that the cookie must be sent before any output of the script.

Reading PHP cookie

Once a cookie has been set, you can read its value using the $_COOKIE superglobal array. Before reading cookie’s value, you should check whether the cookie is available using the isset() function. The following example demonstrates how to read the cookie that we have set in the example above:

Deleting PHP cookie

If you no longer want to the cookie that you have set, you can force the browser to delete it. However, there is no function in PHP that allows you to delete a cookie directly. Fortunately, you can delete a cookie using the setcookie() function by:

  • Set cookie’s value argument to blank.
  • Set time to expired argument a value that is in the past.

Notice that the setcookie() function does not remove the corresponding cookie that you have to delete in the $_COOKIE array. However, in the subsequent visits, the web browser does not send the cookie along with HTTP header and the corresponding $_COOKIE element is not created.

The following example deletes the user cookie by resetting it value to blank and time to expire to the past:

Putting it all together

In the following example, we are using a cookie to display the page view of a web page, once the number of page views reaches 10, we reset it.

How PHP cookie works

In this tutorial, we have shown you how to use PHP cookie to maintain web application’s state between web browser’s requests.

  • Was this tutorial helpful ?
  • YesNo