PHP Cookies: How to Set Cookies &

Get Cookies
Written by David Walsh on October 2, 2007 · 40 Comments

Cookies don't have to be an essential part of a website but can provide some of the "little things"
that can set your website apart from the rest. Cookies are small tidbits of information that you
save on the client's computer so that you can access them next time they visit the website.
Session ID's are also usually held in cookies.

So what are the most popular uses of cookies? They are:

 To store username/password information so that the user doesn't have to log in every time
they visit the website ("remember me" sign ins).
 To simply remember the user's name.
 To keep track of a user's progress during a specified process.
 To remember a user's theme.

Setting the Cookie

$first_name = 'David';
setcookie('first_name',$first_name,time() + (86400 * 7)); // 86400 = 1 day

Above, we set the user's first name equal to 'David' (this data would actually come from a form
or database but for the sake of the example we'll use my name). Then, we set a cookie with the
key of "first_name" with the value 'David', and program it to expire 7 days from now.

Getting the Cookie Values

echo 'Hello '.($_COOKIE['first_name']!='' ? $_COOKIE['first_name'] : 'Guest');

Above, we check to see if the cookie with 'first_name' as the key still exists. If so, we use their
name; if not, we call them "Guest". Basic cookies are that easy!

PHP cookies can be set with more specific directives, including path, domain, secure, and
httponly.
setcookie('first_name',$first_name,time() + (86400*
7),'/~sugar/','davidwalsh.name',true,true);

This cookie is the same as above, but we're also telling the cookie to be applied towards the
"~sugar" directory on the "davidwalsh.name" domain. It is for use only on an SSL connection
and it may not be used by JavaScript.

Some other things to know about cookies:

 Although you set an expiration on the cookie, a user can delete cookies at any time.
 Cookies can only be accessed by the browser that set them (Firefox and IE don't share
them)
 A user can turn cookies off in their browser.
 Never assume a cookie exists.

Download the tools to develop apps and games for Windows Phone.

 Post a comment
 Email Article
 Print Article
 Share Articles

PHP Tutorial: Cookies

You are probably familiar with cookies from your time with our HTML tutorials (or from your
experience with HTML), but just to recap, cookies are pieces of data that are stored as simple
little text files in the site visitor's computer, and allow the site server to keep track of what a
visitor is doing during their visit (or even across multiple visits.) Some people think of cookies
as bad or evil things, because they are sometimes used by advertisers to track an individual's
browsing habits. Any decent anti-spyware program can prevent that kind of thing, however, and
cookies are a useful and necessary mechanism for such things as personalized sites (where you
first log in, and are then presented your personalized version of the site), shopping carts and the
like.

Creating a Cookie

PHP provides full support for cookies. Creating a cookie is a simple matter, but there is an
important timing consideration to remember. If you are going to send a cookie down to the
user's system, you must send it down before you send anything else; before any part of the page
itself is sent, even before a blank line! A cookie is sent by using the setcookie( ) function.
Here's an example:
<?php
setcookie ("cookiename", "This text will be in the cookie");
?>
<html>
<head> ....... etc.

Here you can see a cookie being sent with the name "cookiename" and containing the value
"This text will be in the cookie". Also, you can see that it is sent before ANY of the HTML code
on the page itself is sent. You can send more than one cookie, if you need to, by using more
setcookie( ) function calls, but remember that the protocol has a limit of twenty cookies from one
site to a single user.

Reading a cookie

When a user visits a PHP page that could read a cookie that is present in the user's computer at
the time they call for the page, PHP automatically reads the cookie into a variable named the
same as the cookie, but prefixed with a $ sign. (Note that for this reason you should follow PHP
variable naming conventions when creating your cookies - no spaces, for example!) So, to read
our cookie, we would simply reference it's variable name like this:

<?php
print "our cookie says $cookiename";
?>

This would show up on the page as:

our cookie says This text will be in the cookie

Simple enough!

Deleting a cookie

When cookies are created, they are set by default to be deleted when the user closes their
browser. You can override that default by setting a time for the cookie's expiration like this:

<?php
setcookie ("cookiename", "This text will be in the cookie", time( ) + 3600);
?>
<html>
<head> ....... etc

The addition of the time( ) parameter followed by a plus sign and a number of seconds sets the
amount of time from now at which point the cookie is to expire. In our example, the cookie will
expire one hour from now.
There may be occasions when you need to delete a cookie before the user closes their browser,
and before its expiration time arrives. To do so, you would use the setcookie( ) function with the
appropriate name for the cookie and with a time( ) parameter with a negative number, like this:

<?php
setcookie ("cookiename", "", time( ) - 1);
?>