PHP Cookie

What is a PHP Cookie?

The Cookie is a set of information saved by the website script on the user's computer. Cookie data is automatically sent to the server with the request's header whenever a user visits a page. The server sends data to the browser, and the browser saves them into a temporary file on the computer's hard disk. The data even persists when the user's computer is switched off. A cookie is ideal for storing small amounts of data on a user's computer. It is not for storing a large amount of user data or keeping sensitive information.

The cookie expiry date can be set so information will expire and not be available to the browser. A cookie can be a maximum size of 4kb, and most browsers save up to thirty cookies per website domain. It is advisable not to use a cookie for critical data or make a website functioning reply upon the Cookie. It is useful when it comes to saving the user's progress.

A Cookie works like this: -

  1. A user sends a request to a server.
  2. The server responds to the request with the Cookie for the user.
  3. The other page request from the user will return with a cookie.

Creating A Cookie with PHP: -

You can create a cookie with the setcookie() function in PHP. After creating a Cookie, you can access it using the $_COOKIE global variable. The setcookie() should be called before tag. The function has six parameters to accept.

Here is an example of the HTTP header containing a cookie.


setcookie("planet", "Earth");  





The Cookie's name is like a key of an associative array or HTML form's field name.


The value of the Cookie is like a value of an associative array or HTML form's field value.


After a specific period when a cookie expires, it is deleted from the browser. It is not sent back to the server. If the value is zero or blank, a cookie will be alive as long the browser is open and deleted once the browser is closed. The "expiry_time" specifies a future time in seconds since 00:00:00 GMT on 1st Jan 1970.


The path on the server to which the Cookie will be set. The Cookie will be available only to that path, not the whole website. The entire domain can access the Cookie if the path is set to /.


The browser only sends the Cookie to the specified domain.


The Cookie is only sent when there is a secure connection using HTTPS only.


The "httponly" prevents client-side scripts from accessing the data.

The "path" parameter specifies the directories for which the Cookie is valid.

The "domain" parameter specifies the domain name in large domains.

A cookie is only valid for the host and domain which created them.

The "secure" parameter needs to be set to 1 if you want the Cookie to be sent by secure transmission using HTTPS only.

Retrieving the Cookie:-

You can retrieve the value of a cookie using the $_COOKIE variable if a Cookie value is set using the setcookie() function.


setcookie("user", "John");  


The following example shows how to retrieve the value of this Cookie using the $_COOKIE variable.


     echo "Cookie Value is:" .$_COOKIE["user"];



Cookie Value is: John

Deleting A Cookie Using PHP:-

To delete a Cookie, you must set the expiration date of some past date. It can be done using the following code:-


setcookie ("CookieName", "", time() - 3600);// we have set the expiration date to one hour ago