JavaScript Editor Javascript source editor     Web programming 

Team LiB
Previous Section Next Section

Setting a Cookie with PHP

You can set a cookie in a PHP script in two ways. First, you could use the header() function to set the Set-Cookie header. The header() function requires a string that will then be included in the header section of the server response. Because headers are sent automatically for you, header() must be called before any output at all is sent to the browser:

header ("Set-Cookie: vegetable=artichoke; expires=Thu, 26-Aug-04 14:39:58 GMT;

Although not difficult, this method of setting a cookie would require you to build a function to construct the header string. While formatting the date as in this example, and URL-encoding the name/value pair would not be a particularly arduous task, it would be a repetitive one because PHP provides a function that does just thatsetcookie().

The setcookie() function does what the name suggestsit outputs a Set-Cookie header. For this reason, it should be called before any other content is sent to the browser. The function accepts the cookie name, cookie value, expiration date in Unix epoch format, path, domain, and integer that should be set to 1 if the cookie is only to be sent over a secure connection. All arguments to this function are optional apart from the first (cookie name) parameter.

Listing 11.1 uses setcookie() to set a cookie.

Listing 11.1. Setting and Printing a Cookie Value
1: <?php
2: setcookie("vegetable", "artichoke", time()+3600, "/", "", 0);
4: if (isset($_COOKIE[vegetable])) {
5:   echo "<p>Hello again, your chosen vegetable is $_COOKIE[vegetable].</p>";
6: } else {
7:   echo "<p>Hello you. This may be your first visit.</p>";
8: }
9: ?>

Even though we set the cookie (line 2) when the script is run for the first time, the $_COOKIE[vegetable] variable will not be created at this point. Because a cookie is read only when the browser sends it to the server, we won't be able to read it until the user revisits a page within this domain.

We set the cookie name to "vegetable" on line 2 and the cookie value to "artichoke". We use the time() function to get the current time stamp and add 3600 to it (there are 3,600 seconds in an hour). This total represents our expiration date. We define a path of "/", which means that a cookie should be sent for any page within our server environment. We set the domain argument to "" (you should make the change relevant to your own domain or use localhost), which means that a cookie will be sent to any server in that group. Finally, we pass 0 to setcookie(), signaling that cookies can be sent in an insecure environment.

Passing setcookie() an empty string ("") for string arguments or 0 for integer fields will cause these arguments to be skipped.

By the Way

With using a dynamically created expiration time in a cookie, as in the preceding example, note the expiration time is created by adding a certain number of seconds to the current system time of the machine running Apache and PHP. If this system clock is not accurate, it is possible that it may send an expiration time in the cookie, which has already passed.

For more information on using cookies, and the setcookie() funciton in particular, see the PHP manual entry at

Deleting a Cookie

Officially, to delete a cookie, you should call setcookie() with the name argument only:


This approach does not always work well, however, and should not be relied on. It is safest to set the cookie with a date you are sure has already expired:

setcookie("vegetable", "", time()-60, "/", "", 0);

You should also ensure that you pass setcookie() the same path, domain, and secure parameters as you did when originally setting the cookie.

    Team LiB
    Previous Section Next Section

    JavaScript Editor Javascript source editor     Web programming