Chose Language:
Author: Admin/Publisher |finished | checked

PHP Cookies

Cookies are a mechanism for storing data in the remote browser to monitor or identify users who return to the website. This is precisely the definition given to us on

But what does this mean? When we say “remote browser,” we are referring to the user’s browser that accesses our website.

When it says “monitor or identify users who return to the site,” we must take into account not to directly include the username or password. Please, exercise caution; if necessary, include the username or user ID with some level of security.

Remember that we are dealing with sensitive data of other individuals many times.

Let’s assume that we include the encrypted user and ID 2728_ripolCasc393 in some way, but please do not set data without purpose.

Before we continue, I must clarify something: cookies are not related to the session expiration time. Session expiration times are set using session.gc_maxlifetime in the php.ini configuration file or through the ini_set() function in PHP code.


We’ve already seen what $_COOKIE was before in predefined variables, but it’s good to revisit this topic because it’s an array that contains our HTTP cookies. Let’s put it this way, although it may not be entirely accurate, PHP fetches the user’s browser cookies into this associative array.

Here is the example of $_COOKIE provided by

ejemplo de $_COOKIE en

Please keep in mind “htmlspecialchars” when working with the cookie before using “echo” to display it on the screen. This is to prevent a cookie set with malicious intent. You might be thinking, “But I’m the one setting the cookie, why would I want to convert special characters to HTML entities?”

The truth is, the cookie is stored in the user’s browser, and who’s to say that a malicious user of our website won’t try to take advantage of this?

However, in this post, we’re talking about setting a cookie and determining if a cookie is set.

To check if a cookie is set, we can use “isset,” for example:

chequear que la COOKIE existe
//code ...

How to set a cookie?

To set a cookie, you can use 2 functions: setcookie or setrawcookie. These functions allow you to establish a cookie. What’s the difference between them?

setrawcookie does not perform URL encoding of the cookie’s value. This means, for example, that spaces will not become %20, and other symbols will not be converted to % followed by their hexadecimal representation, etc.

Cookies are part of the HTTP header. Therefore, you should call these functions within the header before displaying anything on the screen or before HTML tags. You can use Output Control Functions (output buffer) to manage this process.


Description / Descripción
    string $name,
    string $value = "",
    int $expires = 0,
    string $path = "",
    string $domain = "",
    bool $secure = false,
    bool $httponly = false
): bool


Description / Descripción
    string $name,
    string $value = ?,
    int $expires_or_options = 0,
    string $path = ?,
    string $domain = ?,
    bool $secure = false,
    bool $httponly = false
): bool

As we can see, the parameters for both functions are the same since the functions perform the same action.


  • $name – the name of the cookie.
  • $value – the value we want to assign to it.
  • $expire – the time when the cookie expires. Keep in mind that this value is a timestamp, so you should use the time() + (number of seconds you want the cookie to last) function. For example, if you want it to last for x days, it would be time() + 60 * 60 * 24 * x seconds.
  • $path – the server’s path where the cookie will be available. For example, if our domain is and our path is “programas,” the cookie will only be accessible at
  • $domain – the domain or subdomain where the cookie will be available. Keep in mind that its children domains will also have access to this cookie.
  • $secure – indicates whether the cookie should be transmitted over a secure connection. Its value should be boolean, with a default of false. However, I would recommend setting it to true if you are using cookies, as Google is increasingly requiring SSL for websites. Make sure your website supports SSL.
  • $httponly – When set to true, the cookie will only be accessible via the HTTP protocol.


The return value for both functions is boolean. It returns true if the function can run successfully and false if there is any output before the function is executed.

Category: en-php
Something wrong? If you found an error or mistake in the content you can contact me on Twitter | @luisg2249_luis.
Last 4 post in same category