Using Cookies in PHP

By: Chris Bowyer, Published: 2003-04-25, Parent Category: PHP

So, how do we read from a cookie? Well, at times, you can simply reference the name of the cookie as a variable - in this case, $user. However, I consider it good practice to specifically grab the value of the cookie and assign it an appropriate variable - this is useful if you wish to use one name for the actual cookie, but access it's value from a variable of a different name. For example:

$user = $HTTP_COOKIE_VARS["user"];

Simple, isn't it? We're using a simple assignment operation to grab the value of the "user" cookie and give it a name we can use within our script: $user. You can easily replace $user with $username, $userid, or $purplebanana - whatever you want.

Now, there will likely come a time where you will want to allow your users to logout of whatever system you choose to build with your newfound cookie knowledge. This is almost just as easy as setting a cookie:

setcookie ("user", "", time()-604800);

This is pretty simple: we have to specify the name of the cookie, as expected. We do not need to specify any value for the second argument, as is indicated by the two double-quotes without anything in-between. After this, we have the usual number of seconds used to set the cookie's expiration date, with one crucial difference: can you guess what?

If you noticed the "minus" sign, negating the number after it, then congratulations, you get a cookie. Any cookie set for an expiration date that is in the past is discarded. So, technically, we're using the "setcookie" function, but not to set a cookie. Maybe a tad confusing, but not a big deal.

As for the number of seconds: we could, if we wanted to, set it to "-1", and it would probably work just as well. However, due to possible variances between computer times, dates, and even time zones, you might as well set it the number of seconds in a week. That way, you avoid any possible risks, and the extra work is almost non-existent.

A word of warning before I depart: you should always set, delete, and declare cookie variables before producing any output on your page - even whitespace. For example, the below code would produce an error (I've specified the value of the cookie with a string of text rather than a variable this time, to combine two examples into one):

echo("Welcome to my page...the setcookie command below will not work.") setcookie ("user", "Bob123", time()+604800); // Would expire in a week, except it doesn't work

However, this next block of code would work just fine:

setcookie ("user", "Bob123", time()+604800); /* Isn't that better? */ echo("Welcome to my page...a cookie has been created on your computer.<p>" . "Don't worry, I don't know your address, or your name.")

This applies to almost all references to cookies - so make sure nothing has been printed to a webpage in any way whatsoever before reading from, setting, tossing (just kidding), and deleting your cookies. This includes echo commands, print commands, printf commands, sprintf commands, or HTML.

Congratulations if you've made it this far (you didn't skip right to the end, did you? This isn't a whodunit...it'll do you no good!), you now know how to set cookies, read from them, and delete them.

For more information on creating cookies in PHP, visit PHP.net's Official Manual: PHP: Manual: setcookie - that should keep you busy for awhile.

« Cookie Introduction


This article was written by Chris Bowyer. Chris Bowyer is a web developer and radio producer and runs Movie Forums.