PHP cookies
Last Updated on Mar 21, 2023
What are cookies?
Have you seen those messages “We use cookies on our website” and then you click on accept? Cookies are like files or better say content that the website/server would embed on your computer through your browser.
You can see all the cookies that all the websites have embedded on your computer.
on chorme: privacy & policy > cookies and other site data > see all
on firefox: setting > privacy policy > cookies and site data
Did you see them?
Today we are going to learn to put those data on a user’s computer. So let’s get started.
Working with Cookies
There are 4 aspects of working with cookies
- create
- update
- delete
- read
1. Create
To create a cookie, you can use the setcookie function
setcookie(name, value, expire, path, domain, secure, httponly);
Name and Value: Do you remember associative array? And we said we have key and we have value. Here is exactly like that. The name is like key/index. if the name is the key of our array, then the value is well, value!
Expires: how long to keep the cookie on the user’s computer? If you set it to 0 or leave it empty when the user closes the browser the cookie will be expired. we can use time functionto get the current time and add the number of seconds we want.
Path: where this cookie will be available. If you set it to / the whole domain can access this cookie but if you set it to /example only /example and all the subdirectories like /example/second can access the cookie and /another cannot access it
Domain: to which subdomains will your cookie be available. If you want it to be available to all the subdomains and the domain itself you can set it to domain name like example .com
Secure: true or false. If set true the cookie can be accessed only on https from the client-side.
Httponly: it will only be available when sending the request through http protocol and not any other protocol
setcookie function must appear BEFORE the <html> tag.
after setcookie your cookies will be available in the next request. so refresh the page and you can see the cookie
<?php
// set the cookie
setcookie('user', 'John Doe', time() + (86400 * 30), "/");
// it will be available in the next request
2. Update
If you want to update the cookie, just run the setcookie function again, and set the name of the cookie that exists there. It will overwrite it and update the cookie.
<?php
// set the cookie
setcookie('user', 'John Doe', time() + (86400 * 30), "/");
// later update it
setcookie('user', 'John Doe Updated', time() + (86400 * 30), "/");
3. Delete
If you want to delete the cookie use setcookie but set a time in the past for example time() - 60. It will expire/delete.
setcookie('user', '', time() - 3600, "/");
4. Read
You can get all the cookies from $_COOKIE variable.
$_COOKIE is one of the 'superglobal' variables in php. This means that it is available in all scopes throughout a script.
If you want to get the cookie first make sure it exists with the isset function
// set the cookie
setcookie('user', 'John Doe', time() + (86400 * 30), "/");
// this will be available on the next request
if(isset($_COOKIE['user'])){
// your code
}
Security
Cookies can be good to provide a very smooth and good user experience. But on the other hand insecure cookies can cause a lot of security issues.
- NEVER put any sensitive information as a cookie
- Almost always try to encrypt the cookies
- Don’t log the user in by checking their id that you set inside the cookie. This sentence might sound so obvious to you but it’s one of the weirdest vulnerabilities. Don’t do it. NEVER.
Conclusion
Now you know about cookies in PHP.
I recommend you to open a PHP files and try to define cookies. refresh the page and see if you can access them. see them in the browser's setting. update them and delete them. make sure to be aware of the security issues.
If you have any suggestions, questions, or opinions, please contact me. I’m looking forward to hearing from you!
Key takeaways
- cookies in PHP
- Create and Update and Delete and Read cookies
- Cookie security
