PHP setcookie() Function: Everything You Need to Know

As a PHP developer, you may need to set cookies to store information on the client side. The setcookie() function is a built-in PHP function that handles this. In this article, we will cover its modern syntax, usage, and how to read or delete cookies.

What is the setcookie() Function?

The setcookie() function is a PHP built-in function that allows you to set a cookie on the client side.

How to Use the setcookie() Function

Using the setcookie() function is straightforward. The array-based options syntax was introduced in PHP 7.3. In PHP 8.1, the legacy seven-parameter positional syntax was deprecated. Here is the modern syntax:

The PHP syntax of setcookie() Function

setcookie($name, $value, $options);

The $options parameter is an associative array that accepts the following keys:

• expires: The expiration time of the cookie (Unix timestamp).
• path: The path on the server in which the cookie will be available.
• domain: The domain on which the cookie will be available.
• secure: Whether the cookie should be transmitted over HTTPS only.
• httponly: Whether the cookie should be accessible only through HTTP.
• samesite: Restricts the cookie to same-site requests. Accepts 'Strict', 'Lax', or 'None'.

Here is an example of how to use the setcookie() function to set a cookie:

How to Use the setcookie() Function?

<‌?php

$options = [
    'expires'  => time() + (86400 * 30), // 30 days
    'path'     => '/',
    'domain'   => '.example.com',
    'secure'   => true,
    'httponly' => true,
    'samesite' => 'Lax'
];
setcookie('username', 'john', $options);

In this example, we use the setcookie() function to set a cookie named username with the value john. We also specify the expiration time as 30 days from the current time, the path on the server as /, the domain as .example.com, and set the secure, httponly, and samesite flags to ensure the cookie is only transmitted over HTTPS, is not accessible through client-side scripting, and is restricted to same-site requests, respectively.

Reading Cookies

Cookies set with setcookie() are automatically available in the $_COOKIE superglobal array on subsequent page requests. You can check for their existence and read their values like this:

if (isset($_COOKIE['username'])) {
    echo "Welcome, " . htmlspecialchars($_COOKIE['username']);
}

Deleting Cookies

To delete a cookie, you must set its expiration time to a past timestamp. The value can be left empty or set to null.

setcookie('username', '', [
    'expires' => time() - 3600,
    'path'    => '/',
]);

Important Notes

• Return Value: setcookie() returns true on success and false on failure (including when headers are already sent).
• Headers Already Sent: Cookies must be set before any output is sent to the browser (including HTML, whitespace, or echo). Otherwise, PHP will throw a "Headers already sent" warning.
• Automatic Encoding: setcookie() automatically URL-encodes cookie values, so manual encoding is usually unnecessary.

Conclusion

The setcookie() function is a useful tool for setting cookies in your PHP web application. By understanding the modern syntax and usage of the function, you can easily manage client-side data. We hope this article has been informative and useful in understanding how to set, read, and delete cookies in PHP.

Practice

What factors can affect a setcookie function in PHP?

The setcookie function must be called before the header() functionThe setcookie function does not care about the browser capabilitiesThe path parameter can affect the availability of the cookieThe setcookie function can be used after the HTML is sent to the browserThe domain parameter can affect which host to send the cookie to