Cookies in PHP (setcookie, $_COOKIE)

Photo by Mae Mu on Unsplash

Cookies in PHP (setcookie, $_COOKIE)

PHP Dec 25, 2022

If session data is stored for a rather limited time, then cookies (translated as "cookies") can be stored for years. Cookies are stored in the user's browser. Unfortunately, each cookie can only store up to 4 kilobytes of information, and the number of cookies is limited.

What are cookies for?

Cookies were invented as a solution. These are such records with a key-value type, such as an array in PHP, they are only stored in the browser of the site user. Cookies are stored separately for each site. Each time a user makes a request to a site, the browser checks for these records for that site. And if they are, then it sends them in the header of every request to this site.

Where do cookies come from

Cookies are created in the browser at the "request" of the server. At some point, we decide that we need to create a cookie with some value in the visitor's browser. To do this, the server needs to send a special header in the response to the client, which indicates which entry should be created in the browser for this site.

All this happens in the background and is not noticeable to the user. According to this principle, authorization works on any site. In the simplest case, after you have entered your username and password on the site, the server checks whether they are correct. And if so, then the server can ask the browser to store this data in a cookie and send it to it with each request.

That is, the server says something like: "Hey browser, create an entry for me with the key "login" and the value "admin", and another one with the key "password" and the value "123". After that, the browser, with any request to the server, starts sending additional data like:

login: admin
password: 123

After that, in other places on the site where authorization is needed, it will now be possible to check this data from the cookie without forcing the user to fill out the form again. And if they are correct login and password, then give the user access to something.

That is, for example, on a page with an authorization form with the correct login and password, we will set a cookie, and on other pages we will already check the data from the cookie sent by the client.

Creating cookies and working with them

In PHP, cookies are created and modified using the setcookie function . It takes three parameters: cookie name, value, expiration time (seconds after which the cookie will become invalid).

Here is an example of a cookie entry:

   setcookie('story', 'Lion, tiger on the roof', time() + 3600);

Try this code. And a cookie will be created in the browser with the key 'story' and the value 'Lion, tiger on the roof' and a lifetime that ends in an hour (3600 seconds). After one hour, the cookie information will be deleted.

To get the cookie value, you need to refer to the $_COOKIE array. It contains elements whose keys are cookie keys. To display the value from the previous example, you need to run the following code:

   echo $_COOKIE['story'];
You can't write a cookie value and get that value on one hit, on one page load. After setting the cookie value, you need to reload the page to be able to read it.

You can edit cookies directly in your browser using developer tools.

Deleting cookies

To delete cookies, you need to set their lifetime to the current second or less. Then the browser will automatically delete the cookies. Let's demonstrate this:

   setcookie('story', '', time());

In this example, we also set an empty string to the value of the cookie with the key 'story`


Anurag Deep

Logical by Mind, Creative by Heart