Blog

In this article, we’ll learn about PHP Cookies.

In today’s interconnected digital world, creating delightful and personalized user experiences is key to captivating visitors on your website.

One magical ingredient that empowers web developers in achieving this is PHP cookies.

These tiny treats hold the power to remember user preferences, track sessions, and make browsing seamless.

We’ll explore their functionality, learn how to implement them, and discover best practices to create a friendlier online experience. Get ready to savor the sweetness!

What are PHP Cookies?

Cookies are small text files that are stored on a user’s computer by a website in order to remember certain information about the user.

In PHP, cookies are a simple way to store data on the client side and can be used to persist information across pages or even across visits to a website.

Each time the same computer requests a page with a browser, the cookie is sent back to the server too.

PHP Cookies are used to store information about users, visited pages, poll results and etc.

The main purpose of cookies is to identify users and possibly prepare customized Web pages for them.

PHP Cookies are used only to store small amounts of data.

Websites can read the values from the cookies and use the information as desired.

In addition to the information, it stores, each cookie has a set of attributes that helps ensure the browser sends the correct cookie when a request to a server is made.

Even though PHP cookies are not harmful some people do not permit cookies due to concerns about their privacy. In this case, you have to use Sessions.

From preferences and login status to browsing history, PHP cookies empower developers to offer tailored experiences that cater to individual users’ needs.

How PHP Cookies Work

1. User visits a website
2. Server sends a cookie via HTTP headers
3. Browser stores the cookie
4. On next request, browser sends cookie back to server

How To Create Cookies?

To create a cookie in PHP, you can use the setcookie() function. The function takes the following parameters:

• The name of the cookie
• The value of the cookie
• The expiration time of the cookie (in seconds)
• The path on the server in which the cookie will be available
• The domain that the cookie is available to
• A flag indicating whether the cookie should be sent over a secure connection (HTTPS)

In the example below, we will create a cookie named “myCookie” and assign the value “PHP Tutorial” to it.

We also specify that the cookie should expire after one hour and that the cookie is available for all pages within a Tutorials directory.

<?php
setcookie("myCookie", "PHP Tutorial", time()+3600, "/tutorials");
?>

There’s one important item to mention about using cookies. Because of the way cookies work within HTTP, it’s important that you send all cookies before any output from your script.

This requires that you place calls to this function before any output, including tags as well as any whitespace. If you don’t, PHP will give you a warning and your cookies will not be sent.

How to Retrieve a Cookie?

Now the cookie is set and we need to retrieve the information.

As mentioned above the name of each cookie sent by your server accessed with the superglobal array $_COOKIE.

In the example below we retrieve the value of the cookie and print out its value on the screen.

<?php
echo "The cookie value is ".$_COOKIE['myCookie'];
?>

This would show up on the page as: “myCookie value is PHP Tutorial”.

How to Delete a Cookie?

By default, the cookies are set to be deleted when the browser is closed.

We can override that default by setting a time for the cookie’s expiration but there may be occasions when you need to delete a cookie before the user closes his browser and before its expiration time arrives.

To do so, you should assure that the expiration date is in the past. The example below demonstrates how to do it (setting expiration time 1 minute ago):

<?php
setcookie("myCookie", "", time()-60);
?>

<?php
setcookie("user", "Umang", [
    'expires' => time() + 3600,
    'path' => '/',
    'secure' => true,       // Only HTTPS
    'httponly' => true,     // No JS access
    'samesite' => 'Strict'  // CSRF protection
]);
?>

<?php
if(isset($_POST['theme'])) {
    setcookie("theme", $_POST['theme'], time() + (86400 * 30), "/");
}

$theme = $_COOKIE['theme'] ?? 'light';
?>

<body class="<?php echo $theme; ?>">

Conclusion