How do you create and use cookies in PHP? with example

Cookies are small text files that are stored on a user’s computer by a web server, which can be later retrieved by the server. Cookies can be used to store information such as user preferences, login credentials, and shopping cart contents.

In PHP, cookies can be created and accessed using the setcookie() function. The setcookie() function takes several parameters, including the name of the cookie, the value of the cookie, and the expiry date of the cookie.

For example, to create a cookie called “username” with the value “JohnDoe” that expires in one day:

Copy codesetcookie("username", "JohnDoe", time() + (86400 * 30), "/"); 

The first parameter is the name of the cookie, the second is the value, the third is the expiration time, and the fourth is the path on the server in which the cookie will be available on.

To access the value of a cookie, you can use the $_COOKIE superglobal array in PHP. For example, to get the value of the “username” cookie:

Copy codeif(isset($_COOKIE["username"])){
    $username = $_COOKIE["username"];
    echo "Welcome back, ".$username;
} else {
    echo "Cookie not set";
}

To delete a cookie, you can use the setcookie() function again with the cookie’s name and an expiry date in the past. For example:

Copy codesetcookie("username", "", time() - 3600); 

This will set the cookie’s expiry time to a time in the past, effectively deleting the cookie.

In summary, cookies are small text files that can be used to store information on a user’s computer, which can be later retrieved by the server. In PHP, cookies can be created and accessed using the setcookie() function, which takes several parameters including the name, value, and expiry date of the cookie. Cookies can be accessed using the $_COOKIE superglobal array in PHP, and deleted by using the setcookie() function again with the cookie’s name and an expiry date in the past.

Additionally, when creating a cookie, you can also specify the domain and path for which the cookie is valid, as well as whether or not the cookie should be sent over a secure connection (HTTPS) using the optional parameters for setcookie():

Copy codesetcookie(
    "username", 
    "JohnDoe", 
    time() + (86400 * 30), 
    "/", 
    "example.com", 
    true, 
    true
);

The fifth parameter is the domain for which the cookie is valid, the sixth is whether or not the cookie should be sent over a secure connection and the seventh is whether or not the cookie can only be accessed via HTTP (if set to true).

It’s important to validate user input before creating cookies to prevent any security issues such as cross-site scripting (XSS) attacks. You can use PHP’s built-in functions such as filter_var() or preg_match() to validate the input, or you can use a PHP validation library like Respect\Validation or Valitron.

It’s also a good practice to use the httponly flag when creating cookies which makes it not accessible from JavaScript, which can help prevent cross-site scripting (XSS) attacks.

In summary, when creating cookies in PHP, you can use the setcookie() function and specify the name, value, expiry date, path, domain, whether or not the cookie should be sent over a secure connection and whether or not the cookie can only be accessed via HTTP. It is important to validate user input before creating cookies and use the httponly flag to prevent cross-site scripting (XSS) attacks.

Leave a Reply

Your email address will not be published. Required fields are marked *