Using Cookies With PHP

Store Website Visitor Information With Cookies

businesswoman working at laptop
Blend Images - JGI/Jamie Grill/Brand X Pictures/Gettty Images

As a website developer, you can use PHP to set cookies that contain information about the visitors to your website. Cookies store information about a site visitor on the visitor's computer that can be accessed upon a return visit. One common use of cookies is to store an access token so the user doesn't need to log in each time he visits your website. Cookies can also store other information such as the user's name, the date of the last visit and shopping-cart contents.

Although cookies have been around for years and most people have them enabled, some users either do not accept them because of privacy concerns or automatically delete them when their browsing session closes. Because cookies can be removed by a user at any time and are stored in a plain-text format, don't use them to store anything sensitive.

How to Set a Cookie Using PHP

In PHP, the setcookie() function defines a cookie. It's sent along with the other HTTP headers and transmits before the body of the HTML is parsed.

A cookie follows the syntax:


where name​ denotes the name of the cookie and ​value​ describes the cookie's contents. ​For the setcookie() function, only the name​ parameter is required. All other parameters are optional. 

Example Cookie

​To set a cookie named "UserVisit" in the visitor's browser that sets the value to the current date, and further sets the expiration to be in 30 days (2592000 = 60 seconds * 60 mins * 24 hours * 30 days), use the following PHP code:

$Month = 2592000 + time();
//this adds 30 days to the current time
setcookie(UserVisit, date("F jS - g:i a"), $Month);

Cookies must be sent before any HTML is sent to the page or they do not work, so the setcookie() function must appear before the <html> tag.

How to Retrieve a Cookie using PHP

To retrieve a cookie from the user's computer upon the next visit, call it with the following code:

$last = $_COOKIE['UserVisit'];
echo "Welcome back! <br> You last visited on ". $last;
echo "Welcome to our site!";

This code first checks if the cookie exists. If it does, it welcomes the user back and announces when the user last visited. If the user is new, it prints a generic welcome message.

TIP: If you are calling a cookie on the same page you plan to set one, retrieve it before you overwrite it.

How to Destroy a Cookie

To destroy a cookie, use setcookie() again but set the expiration date to be in the past:

$past = time() - 10;
//this makes the time 10 seconds ago
setcookie(UserVisit, date("F jS - g:i a"), $past);

​Optional Parameters

In addition to value and expire, the setcookie() function supports several other optional parameters:

  • Path​ identifies the server path of the cookie. If you set it to "/" then the cookie will be available to the entire domain. By default, the cookie works in the directory it's set in, but you can force it to work in other directories by specifying them with this parameter. This function cascades, so all subdirectories within a specified directory will also have access to the cookie.
  • Domain​ ​identifies the specific domain that the cookie works in. To make the cookie work on all subdomains, specify the top-level domain explicitly (e.g., ""). If you set the domain to "" then the cookie is only available in the www subdomain.
  • Secure​ specifies whether the cookie should transmit over a secure connection. If this value is set to TRUE then the cookie will set only for HTTPS connections. The default value is FALSE.
  • Httponly​, when set to TRUE, will only allow the cookie to be accessed by the HTTP protocol. By default, the value is FALSE. The benefit of setting the cookie to TRUE is that scripting languages cannot access the cookie. 
mla apa chicago
Your Citation
Bradley, Angela. "Using Cookies With PHP." ThoughtCo, Aug. 26, 2020, Bradley, Angela. (2020, August 26). Using Cookies With PHP. Retrieved from Bradley, Angela. "Using Cookies With PHP." ThoughtCo. (accessed March 20, 2023).