Download Article

Download this article or the entire “PHP A to Zend Certified Engineer” series with all listings and files.

: This article only:
$2.00 AUD
(Approx. $2.00 USD)

: “PHP A to Zend Certified Engineer” series:
$4.95 AUD
(Approx. $4.95 USD)

More information

PHP A to ZCE: Cookies

By Quentin Zervaas, 9 November 2010 PHP ZCE Download PDF

This article is part of the series “PHP A to Zend Certified Engineer”. In PHP A to ZCE, I will take you through 26 different yet equally important topics that will help you become a Zend Certified Engineer. Even if you're not interested in sitting the ZCE-PHP exam, these topics will elevate your understanding of PHP to a whole new level and allow you to become the guru in your company. Read more about PHP A to Zend Certified Engineer...

Cookies are used to store data on the computer of somebody who visits your web site. In this article I will show you how cookies work and how you can read and write cookies.

How Cookies Work

A cookie is made up of the following parts:

The name and value
Expiry timestamp (optional; if omitted the cookie stays alive until the browser is closed)
Domain and path (these are optional; if omitted defaults the current domain and path).

The process for writing and reading cookies is as follows:

A cookie is set in a client's browser in the HTTP response headers. This is achieved using the Set-Cookie header
The server sends one Set-Cookie header for every cookie to be set
When a browser subsequently requests a page it sends the Cookie header containing the name and value of all cookies previously set on the matching domain and path.

For instance, to set one cookie called foo with a value of bar another called c2 with a value of 123, the server includes the following header:

Listing 3 listing-3.txt

Set-Cookie: foo=bar; expires=Wed, 10-Nov-2010 04:29:35 GMT
Set-Cookie: c2=123; expires=Wed, 10-Nov-2010 04:29:35 GMT

Cookies are included in the request in name=val format, each of which is separated by a semi-colon. If the browser reloads the page that sets the above cookies, it will include the following header in the request:

Listing 4 listing-4.txt

Cookie: foo=bar; c2=123

Writing Cookies

The simplest way to set a cookie is to use the setcookie() function
You can also use setrawcookie() - This is identical except it will not automatically URL-encode the cookie value
Since cookies are set in the HTTP response headers, you must call setcookie() prior to any other page output
You can get around this restriction using output buffering (see ob_start()).

The setcookie() function definition is as follows. The function returns true is the header was set, false if not.

Listing 5 listing-5.txt

bool setcookie ( 
    string $name,
    string $value  = '', 
    int $expire    = 0, 
    string $path   = '', 
    string $domain = '',
    bool $secure   = false 
    bool $httponly = false 
)

Some notes about this function:

The only required parameter is $name
The $expiry parameter accepts a Unix timestamp (PHP will convert it into the correct format)
For instance, the expiry for a cookie that last one day would be time() + 86400.

Removing a Cookie

To remove a cookie, call setcookie() and set an expiry date in the past.

Listing 1 listing-1.php

<?php
    setcookie('ctr', '', time() - 86400);
?>

Reading Cookies

Cookies can be read from the superglobal variable $_COOKIE
For instance, if you set a cookie called ctr, you can read the value from $_COOKIE['ctr'].

Important: If you set a cookie, it will not be available in $_COOKIE until the next request.

Sample Cookie Usage

The following script demonstrates how use a value stored in a cookie:

Listing 2 listing-2.php

<?php
    // check if the cookie is set
    if (isset($_COOKIE['ctr'])) {
        $ctr = $_COOKIE['ctr'];
    }
    else {
        // cookie not set, initialize the value
        $ctr = 0;
    }
 
    // increment the cookie value
    setcookie('ctr', $ctr + 1);
 
    // output the value - this must
    echo $ctr;
?>