PHP cookies

PHP cookies

Last Updated on Mar 21, 2023

What are cookies?

Have you seen those messages “We use cookies on our website” and then you click on accept? Cookies are like files or better say content that the website/server would embed on your computer through your browser.

You can see all the cookies that all the websites have embedded on your computer.

on chorme: privacy & policy > cookies and other site data > see all

on firefox: setting > privacy policy > cookies and site data

Did you see them?

Today we are going to learn to put those data on a user’s computer. So let’s get started.

Working with Cookies

There are 4 aspects of working with cookies

  1. create
  2. update
  3. delete
  4. read

1. Create

To create a cookie, you can use the setcookie function

setcookie(name, value, expire, path, domain, secure, httponly);

Name and Value: Do you remember associative array? And we said we have key and we have value. Here is exactly like that. The name is like key/index. if the name is the key of our array, then the value is well, value!

Expires: how long to keep the cookie on the user’s computer? If you set it to 0 or leave it empty when the user closes the browser the cookie will be expired. we can use time functionto get the current time and add the number of seconds we want.

Path: where this cookie will be available. If you set it to / the whole domain can access this cookie but if you set it to /example only /example and all the subdirectories like /example/second can access the cookie and /another cannot access it

Domain: to which subdomains will your cookie be available. If you want it to be available to all the subdomains and the domain itself you can set it to domain name like example .com

Secure: true or false. If set true the cookie can be accessed only on https from the client-side.

Httponly: it will only be available when sending the request through http protocol and not any other protocol


setcookie function must appear BEFORE the <html> tag.

after setcookie your cookies will be available in the next request. so refresh the page and you can see the cookie

// set the cookie
setcookie('user', 'John Doe', time() + (86400 * 30), "/");
// it will be available in the next request

2. Update

If you want to update the cookie, just run the setcookie function again, and set the name of the cookie that exists there. It will overwrite it and update the cookie.

// set the cookie
setcookie('user', 'John Doe', time() + (86400 * 30), "/");
// later update it
setcookie('user', 'John Doe Updated', time() + (86400 * 30), "/");

3. Delete

If you want to delete the cookie use setcookie but set a time in the past for example time() - 60. It will expire/delete.

setcookie('user', '', time() - 3600, "/");

4. Read

You can get all the cookies from $_COOKIE variable.

$_COOKIE is one of the 'superglobal' variables in php. This means that it is available in all scopes throughout a script.

If you want to get the cookie first make sure it exists with the isset function

// set the cookie
setcookie('user', 'John Doe', time() + (86400 * 30), "/");
// this will be available on the next request

    // your code


Cookies can be good to provide a very smooth and good user experience. But on the other hand insecure cookies can cause a lot of security issues.

  1. NEVER put any sensitive information as a cookie
  2. Almost always try to encrypt the cookies
  3. Don’t log the user in by checking their id that you set inside the cookie. This sentence might sound so obvious to you but it’s one of the weirdest vulnerabilities. Don’t do it. NEVER.


Now you know about cookies in PHP.

I recommend you to open a PHP files and try to define cookies. refresh the page and see if you can access them. see them in the browser's setting. update them and delete them. make sure to be aware of the security issues.

If you have any suggestions, questions, or opinions, please contact me. I’m looking forward to hearing from you!

Key takeaways

  • cookies in PHP
  • Create and Update and Delete and Read cookies
  • Cookie security

Category: programming

Tags: #php

Join the Newsletter

Subscribe to get my latest content by email.

I won't send you spam. Unsubscribe at any time.

Related Posts