PHP SETCOOKIE: Setting Cookies Through PHP Programming
The PHP SETCOOKIE function makes it easy to track users through their browser, creating persistent logins and tracking user engagement and activity.
Today, we’re going to take a deeper look into setting cookies with PHP, managing and maintaining those cookies, and even some cookie alternatives. All of this will be based on some preexisting knowledge of PHP.
What is a cookie?
Have you ever wondered how websites know who you are? It’s all about cookies. “Cookies” are small files on your computer that websites can read. They place those files to identify you — tracking you and your accounts through the internet.
Today, cookie use is actually a little controversial. To adhere to European laws, you need to ask whether you can place a cookie on a user device. Tracking cookies are increasingly being blocked on mobile devices like iOS and Android. Cookies are still very important, but you have to be careful about how you use them and when.
How do you use PHP SETCOOKIE?
On the surface, using PHP SETCOOKIE is very simple. Here’s the formula from the PHP manual:
setcookie($name, $value, $expires_or_options, $path, $domain, $secure, $http_only);
To set a cookie, you would usually use code like this:
setcookie("Hello_World", "Hello, World!", time()+86400, "/", "www.example.com", 1, 1);
Last Updated September 2024
PHP for Beginners: learn everything you need to become a professional PHP developer with practical exercises & projects. | By Edwin Diaz | 900,000+ Students, Coding Faculty Solutions
Explore CourseNow, let’s explain these parameters:
- $name is the internal reference name of the cookie. The above cookie would be referenced as $_COOKIE[‘Hello_World’];
- $value is the actual value of the cookie. The above cookie would return “Hello, World!” when you actually pull $_COOKIE[‘Hello_World’];
- $expires_or_options generally holds the expiration date and time. If this is set to 0 or an empty string, the cookie only persists until the browser is closed. In this, we’re setting it to time() (the current time) + 86,400 seconds (a day).
- $path is the path on the server that can access the cookie, which is almost always root.
- $domain is the domain that you’re setting the cookie on, in this case “www.example.com.”
- $secure is whether the cookie requires HTTPS to work (this should usually always be set to 1).
- $http_only is whether the cookie is only transferred through HTTP protocol, which also should usually be set to 1.
So, you need to use the setcookie name, value, expire path, and expire time to set the cookie properly. You can control things like the cookie’s name, value, expiration date, whether it will expire in 30 days or longer, and whether it needs a secure HTTPS connection. You can also secure HTTPONLY and SameSite by setting the domain and the path.
How do you access data on a cookie?
Once a cookie has been set, it still has to be accessed. The PHP super variable $_COOKIE is used to access the data as a global PHP array.
You don’t need to do anything special. You just need to access the variable that you’ve set through the same string name string that you set. The data can then be used and manipulated just like any other string, such as through PHP ECHO.
echo $_COOKIE["Hello_World"];
The above code will print out the contents of the Hello_World cookie.
Now, if the expiration date was 0 or omitted, and the user closed their browser, then the cookie won’t exist. And if it’s checking to see whether a secure connection exists, and one does not, the cookie will return blank. So, when you do access the data on a cookie, you should verify that you’re actually receiving that data.
if(!isset($_COOKIE["Hello_World"])) {
print("The cookie isn't set!");
}
You would use the above test to see whether the appropriate cookie is set.
What is SETCOOKIE used for? Primarily, PHP SETCOOKIE will be used to log someone into a website. Let’s look at a very rudimentary example:
$login_name = "Mary";
SETCOOKIE("login_name", "Mary");
print("Hello," . $_COOKIE["login_name"] . "!");
The above example sets the login name to Mary within a cookie and then pulls that login name. The $_COOKIE variable will be persistent throughout the website, so other pages would simply need to read:
if(isset($_COOKIE["login_name"])) {
print("You're logged in as:" . $_COOKIE["login_name"]);
}
Usually, you would be checking the login name and a login password against a database, with the login password being properly encrypted throughout. But regardless, a cookie sets a persistent variable that will exist across the website until it expires or is unset.
Top courses in PHP (programming language)
Working with multiple PHP cookies
Note that because $_COOKIE is a global array, you can set multiple cookies. Consider setting a cookie named “username” and a cookie named “password.” You would access these as follows:
$_COOKIE["username"];
$_COOKIE["password"];
Some sites prefer to keep all their information contained in a single cookie value and then later parsed. Other sites will use multiple cookies. It’s generally a good practice to use as few cookies as you can for your needs.
How do you unset a cookie?
In PHP, unsetting a cookie is actually a little counterintuitive. You might think that you do the following:
unset($_COOKIE["Hello_World"]);
But that actually doesn’t unset the cookie itself; it just deletes the global variable used to reference the cookie within that script.
To unset a cookie, you have to reset the cookie but with an expiration date that has already passed:
setcookie("Hello_World", null, time() - 1);
In the above PHP SETCOOKIE function, what we’re doing is setting the same cookie again. Now the value is null (because we don’t need the value to exist anymore) and the expiration time is set to TIME() (the time right now) minus one second. The cookie will be automatically deleted.
Alternatives to using PHP SETCOOKIE
It’s believed that the future might be a “cookie”-less world. Cookies have been used for the past few decades for persistent data and session control. But increasing privacy concerns have made cookies slightly defunct.
In PHP, it’s considered a better practice to use “sessions.” PHP sessions can fulfill the roles of cookies, but under more rigid (and therefore more secure) constraints.
There’s still a place for cookies, particularly for anonymous but persistent connections, user behavior tracking, and improving user engagement.
Learning more about PHP SETCOOKIE
SETCOOKIE is one of the most basic PHP functions. If you want to create a website that interacts with users, you will need to use either SETCOOKIE or learn how to use PHP sessions. But you’ll also need to learn the basics of proper user authentication and PHP form validation.
A PHP tutorial can tell you more about what you want to learn about PHP — especially about creating user sessions and user accounts. To continue learning PHP, consider taking a beginner’s course or try a bootcamp that takes you from A-Z.