PHP Cookies

In PHP Cookies are a mechanism for storing data in the remote browser to monitor or identify users who return to the website. This is precisely the definition given to us on php.net.

But what does this mean? When we say “remote browser,” we are referring to the user’s browser that accesses our website.

When it says “monitor or identify users who return to the site,” we must take into account not to directly include the username or password. Please, exercise caution; if necessary, include the username or user ID with some level of security.

Remember that we are dealing with sensitive data of other individuals many times.

Let’s assume that we include the encrypted user and ID 2728_ripolCasc393 in some way, but please do not set data without purpose.

$_COOKIE

We’ve already seen what $_COOKIE was before in predefined variables, but it’s good to revisit this topic because it’s an array that contains our HTTP cookies. Let’s put it this way, although it may not be entirely accurate, PHP fetches the user’s browser cookies into this associative array.

Here is the example of $_COOKIE provided by php.net.

Please keep in mind “htmlspecialchars” when working with the cookie before using “echo” to display it on the screen. This is to prevent a cookie set with malicious intent. You might be thinking, “But I’m the one setting the cookie, why would I want to convert special characters to HTML entities?”

The truth is, the cookie is stored in the user’s browser, and who’s to say that a malicious user of our website won’t try to take advantage of this?

However, in this post, we’re talking about setting a cookie and determining if a cookie is set.

To check if a cookie is set, we can use “isset,” for example:

if(isset($_COOKIE['nombre_de_cookie'])){
//code ...
}
//code..

How to set cookies in PHP?

To set a cookie, you can use 2 functions: setcookie or setrawcookie. These functions allow you to establish a cookie. What’s the difference between them?

setrawcookie does not perform URL encoding of the cookie’s value. This means, for example, that spaces will not become %20, and other symbols will not be converted to % followed by their hexadecimal representation, etc.

setcookie

setcookie(
    string $name,
    string $value = "",
    int $expires = 0,
    string $path = "",
    string $domain = "",
    bool $secure = false,
    bool $httponly = false
): bool

setrawcookie

setrawcookie(
    string $name,
    string $value = ?,
    int $expires_or_options = 0,
    string $path = ?,
    string $domain = ?,
    bool $secure = false,
    bool $httponly = false
): bool

As we can see, the parameters for both functions are the same since the functions perform the same action.

Parameters:

• $name – the name of the cookie.
• $value – the value we want to assign to it.
• $expire – the time when the cookie expires. Keep in mind that this value is a timestamp, so you should use the time() + (number of seconds you want the cookie to last) function. For example, if you want it to last for x days, it would be time() + 60 * 60 * 24 * x seconds.
• $path – the server’s path where the cookie will be available. For example, if our domain is blastcoding.com and our path is “programas,” the cookie will only be accessible at blastcoding.com/programas/.
• $domain – the domain or subdomain where the cookie will be available. Keep in mind that its children domains will also have access to this cookie.
• $secure – indicates whether the cookie should be transmitted over a secure connection. Its value should be boolean, with a default of false. However, I would recommend setting it to true if you are using cookies, as Google is increasingly requiring SSL for websites. Make sure your website supports SSL.
• $httponly – When set to true, the cookie will only be accessible via the HTTP protocol.

Return:

The return value for both functions is boolean. It returns true if the function can run successfully and false if there is any output before the function is executed.