Become Zend Certified

Prepare for the ZCE exam using our quizzes (web or iPad/iPhone). More info...

When you're ready get 7.5% off your exam voucher using voucher CJQNOV23 at the Zend Store
Related Articles

PHP A to ZCE: Cookies

This article is part of the series “PHP A to Zend Certified Engineer”. In PHP A to ZCE, I will take you through 26 different yet equally important topics that will help you become a Zend Certified Engineer. Even if you're not interested in sitting the ZCE-PHP exam, these topics will elevate your understanding of PHP to a whole new level and allow you to become the guru in your company. Read more about PHP A to Zend Certified Engineer...

Cookies are used to store data on the computer of somebody who visits your web site. In this article I will show you how cookies work and how you can read and write cookies.

How Cookies Work

A cookie is made up of the following parts:

  • The name and value
  • Expiry timestamp (optional; if omitted the cookie stays alive until the browser is closed)
  • Domain and path (these are optional; if omitted defaults the current domain and path).

The process for writing and reading cookies is as follows:

  • A cookie is set in a client's browser in the HTTP response headers. This is achieved using the Set-Cookie header
  • The server sends one Set-Cookie header for every cookie to be set
  • When a browser subsequently requests a page it sends the Cookie header containing the name and value of all cookies previously set on the matching domain and path.

For instance, to set one cookie called foo with a value of bar another called c2 with a value of 123, the server includes the following header:

Listing 3 listing-3.txt
Set-Cookie: foo=bar; expires=Wed, 10-Nov-2010 04:29:35 GMT
Set-Cookie: c2=123; expires=Wed, 10-Nov-2010 04:29:35 GMT

Cookies are included in the request in name=val format, each of which is separated by a semi-colon. If the browser reloads the page that sets the above cookies, it will include the following header in the request:

Listing 4 listing-4.txt
Cookie: foo=bar; c2=123

Writing Cookies

  • The simplest way to set a cookie is to use the setcookie() function
  • You can also use setrawcookie() - This is identical except it will not automatically URL-encode the cookie value
  • Since cookies are set in the HTTP response headers, you must call setcookie() prior to any other page output
  • You can get around this restriction using output buffering (see ob_start()).

The setcookie() function definition is as follows. The function returns true is the header was set, false if not.

Listing 5 listing-5.txt
bool setcookie ( 
    string $name,
    string $value  = '', 
    int $expire    = 0, 
    string $path   = '', 
    string $domain = '',
    bool $secure   = false 
    bool $httponly = false 

Some notes about this function:

  • The only required parameter is $name
  • The $expiry parameter accepts a Unix timestamp (PHP will convert it into the correct format)
  • For instance, the expiry for a cookie that last one day would be time() + 86400.

Removing a Cookie

To remove a cookie, call setcookie() and set an expiry date in the past.

Listing 1 listing-1.php
    setcookie('ctr', '', time() - 86400);

Reading Cookies

  • Cookies can be read from the superglobal variable $_COOKIE
  • For instance, if you set a cookie called ctr, you can read the value from $_COOKIE['ctr'].
Important: If you set a cookie, it will not be available in $_COOKIE until the next request.

Sample Cookie Usage

The following script demonstrates how use a value stored in a cookie:

Listing 2 listing-2.php
    // check if the cookie is set
    if (isset($_COOKIE['ctr'])) {
        $ctr = $_COOKIE['ctr'];
    else {
        // cookie not set, initialize the value
        $ctr = 0;
    // increment the cookie value
    setcookie('ctr', $ctr + 1);
    // output the value - this must
    echo $ctr;

Further Reading

Other Options

PHP A to ZCE: Cookies