PHP Cookies

PHP Cookies

A cookie is a small piece of data stored on the user's computer by the web browser. It is sent by the server to the client's browser and can be used to store information about the user, such as their preferences, login state, or shopping cart contents. Cookies are commonly used for tracking user sessions and persisting data across page requests.

PHP provides a simple way to work with cookies using the setcookie() function. Cookies are sent to the user's browser with the HTTP response, and they are automatically sent back to the server with each subsequent request.

1. Setting Cookies with PHP

To set a cookie in PHP, you use the setcookie() function. This function must be called before any output is sent to the browser (i.e., before echo or HTML content).

Syntax of setcookie():

setcookie(name, value, expire, path, domain, secure, httponly);

• name: The name of the cookie.
• value: The value of the cookie.
• expire: The expiration time of the cookie (in UNIX timestamp format). If not set, the cookie expires at the end of the session (when the browser is closed).
• path: The path where the cookie is available (default is / for the entire domain).
• domain: The domain where the cookie is available.
• secure: A boolean value indicating whether the cookie should only be sent over secure (HTTPS) connections.
• httponly: A boolean value indicating whether the cookie is accessible only via HTTP protocol (i.e., not accessible via JavaScript).

Example of setting a cookie:

// Set a cookie that expires in 1 hour
setcookie("user", "JohnDoe", time() + 3600, "/");
echo "Cookie has been set!";

• This sets a cookie named user with the value "JohnDoe", which will expire in 1 hour.
• The cookie will be available for the entire domain (/).

2. Checking if a Cookie Exists

You can check if a cookie is set by using the $_COOKIE superglobal array.

Example of checking for a cookie:

if (isset($_COOKIE["user"])) {
    echo "Welcome back, " . $_COOKIE["user"] . "!";
} else {
    echo "No user cookie found.";
}

• This code checks if the user cookie exists, and if it does, it displays a welcome message with the value of the cookie.

3. Modifying Cookies

You can modify a cookie by calling setcookie() again with the same name and a new value. The cookie will be updated with the new value and the same expiration time (or a new one).

Example of modifying a cookie:

// Modify the 'user' cookie value
setcookie("user", "JaneDoe", time() + 3600, "/");
echo "Cookie has been modified!";

• This modifies the user cookie to have the value "JaneDoe". The cookie's expiration time is still set to 1 hour from now.

4. Deleting Cookies

To delete a cookie, you can set its expiration time to a past time. This will cause the browser to remove the cookie.

Example of deleting a cookie:

// Delete the 'user' cookie
setcookie("user", "", time() - 3600, "/");
echo "Cookie has been deleted!";

• This sets the user cookie to an empty value and its expiration time to 1 hour ago, effectively deleting it from the user's browser.

5. Cookie Expiration Time

The expiration time of a cookie is specified as a Unix timestamp (the number of seconds since January 1, 1970). You can use the time() function to get the current timestamp and add the number of seconds for the expiration time.

Example of setting a cookie with a specific expiration time:

// Set a cookie that expires in 1 week (7 days * 24 hours * 60 minutes * 60 seconds)
setcookie("user", "JohnDoe", time() + (7 * 24 * 60 * 60), "/");
echo "Cookie will expire in 1 week!";

• This sets the user cookie with an expiration time of 1 week.

6. Secure Cookies (Using HTTPS)

If you want to ensure that the cookie is only sent over secure connections (HTTPS), you can set the secure parameter to true.

Example of setting a secure cookie:

// Set a secure cookie (only sent over HTTPS)
setcookie("user", "JohnDoe", time() + 3600, "/", "", true, true);

• The secure parameter ensures the cookie is only sent over HTTPS.
• The httponly parameter ensures the cookie is not accessible via JavaScript.

7. Accessing Cookies in PHP

You can access cookies in PHP using the $_COOKIE superglobal array. This array stores all the cookies sent by the client.

Example of accessing a cookie:

if (isset($_COOKIE["user"])) {
    echo "Hello, " . $_COOKIE["user"] . "!";
} else {
    echo "No cookie found.";
}

• This checks if the user cookie is set, and if it is, it displays the cookie value.

8. Cookie Path and Domain

• path: Defines the path for which the cookie is available. If set to /, the cookie will be available across the entire domain.
• domain: Defines the domain for which the cookie is valid. By default, it’s set to the domain of the current document.

Example of setting a cookie with a specific path:

// Cookie will only be available within the "/admin" directory
setcookie("user", "JohnDoe", time() + 3600, "/admin");

9. Limitations of Cookies

• Size Limit: Cookies can only hold a limited amount of data (about 4 KB).
• Security: Cookies are stored on the client-side, so they can be tampered with by the user. To store sensitive information, it's better to use sessions or encrypt the cookie value.

Example of Setting, Accessing, and Deleting Cookies

// Set a cookie
setcookie("user", "JohnDoe", time() + 3600, "/");

// Access the cookie
if (isset($_COOKIE["user"])) {
    echo "Welcome back, " . $_COOKIE["user"] . "!";
} else {
    echo "No user cookie found.";
}

// Modify the cookie
setcookie("user", "JaneDoe", time() + 3600, "/");

// Delete the cookie
setcookie("user", "", time() - 3600, "/");
echo "Cookie has been deleted!";

Conclusion

PHP cookies are a simple way to store and retrieve data on the client-side. They are commonly used for storing user preferences, session information, or tracking data between page requests. While cookies are useful, they have limitations in terms of size and security, so they should be used with care for sensitive data.