Cookies are a long standing method of storing information so it can be used again on a per user basis. Prior to database and server based sessions becoming popular cookies saw use in more complex ways. There are still a component of sessions and used on most web sites, from shopping carts to web mail. In PHP it isn’t hard to get started with cookies.

setcookie("UserInfo", "3644 Alder St", time() + 3600, "/~phppro/", "iodigitalsec.com");

That example shows an example of setting the cookie UserInfo to a street address.

bool setcookie(string $name , string $value , int $expire, string $path, string $domain)

Those are the parameters in a simplified version, and some of the parameters have default values, meaning you can leave them out and use the function with less parameters. The last thing you need before you can get started is to know where you can and cannot use the function. Unlike most php functions setcookie() sets special headers. These must be sent with the other headers as normal, so as stated in the PHP manual: “This requires that you place calls to this function prior to any output, includingandtags as well as any whitespace.”

In the parameters above, name is the name of the cookie. If a cookie with that name exists then you are changing it, including the expiration time, so be careful not to set an existing cookie name unless desired. If you don’t know what cookies might have been set, using something like your script name may help make the names unique, ie. ‘sitelook_user’ not just ‘user’.

value is the actual information, in text format only, that the cookie is being set to. Numbers should automatically be converted to strings, but be careful with some types of data. Floats may get very long so use a rounding function on them first if you wish to keep thing as efficient as possible. Finally, boolean values should not be used, the manual says boolean false will delete the cookie.

expire is 3rd, and sets the Unix timestamp for when you want the cookie to disappear. One reason there are time limits is so users are automatically logged out after a certain period. Another reason is just to clean up data since it’s presumed old cookies will not be used again. If it is set to 0, or left out of the function, the cookie will expire at the end of the session / when the browser closes. There is a little more to this parameter that will be explained later in the article.

path is often just ‘/’ because that means the cookie is present anywhere in the current domain. It can be set to other paths in the domain to restrict it.

To set domain so the cookie is available on all subdomains set it to ‘.domain.com’ where domain.com is the current domain. Often the parameter is left out of the function and that will make the cookie limited to the current domain and subdomain.

(The PHP manual also lists the parameters secure and httponly after those, I am leaving them out for brevity.)

setcookie("UserInfo", "3644 Alder St", time() + 3600, "/~phppro/", "iodigitalsec.com");

that is the first example again, now once that was called on a page and the page is done you can access the user’s cookies like this:

echo $_COOKIE["UserInfo"];

$_COOKIE is an array and a superglobal, so it can be used almost anywhere.

To delete cookies, it is suggested that you set their expire time in the past. The PHP manual also says that they must be deleted with the same parameters with which they were created:

setcookie("UserInfo", "", time() - 3600, "/~phppro/", "iodigitalsec.com");

The UserInfo cookie was set to expire an hour in the past, it will be removed as soon as the browser reads the instruction and does the removal.