Home > Articles > Security > Network Security

Setting Cookies with PHP

  • Print
  • + Share This
Using cookies, you can automatically log users into your Web site when they load a page, or you can store temporary information such as items in a shopping cart. Chris Cosentino walks you through setting and deleting cookies in this article.
This article is excerpted from the book Essential PHP for Web Professionals (Prentice Hall PTR, 2001), by Chris Cosentino.
Like this article? We recommend

Like this article? We recommend

Cookies can be a very useful tool for your Web site. Cookies allow you to do neat things, like automatically log a user into your site when he loads a page in his browser, or store temporary information about your user, such as what items he has in a shopping cart.

Cookies work by storing a small file on the user's browser. When the user accesses a page on your site, your PHP script can check to see if any cookies have been stored on the user's browser. Your script can detect only cookies that you have stored. You won't be able to read cookies set by other sites.

The information stored in these files are name-value pairs that PHP uses to associate variable names with their values.

Setting a cookie is simple. You only need to enter the name of the variable that you want to store and its value. The textbook definition of the setcookie() function is:

setcookie( name, value, expiration );

It's important to note that you need to set your cookies before you send any text to the browser. If you attempt to set the cookie after you send text to the browser ( such as the <html> tag), an error appears, warning that the cookie was not set.

The setcookie() function comes in two basic flavors:

  • Session cookies—Temporary cookies that expire when the browser is closed.

  • Persistent cookies—Cookies that expire after a certain amount of time

Session Cookies: Cookies That Expire When the Browser Is Closed

Session cookies are stored on the user's browser until they close the browser. Once the browser is closed, the cookie is erased.

To create a session cookie, you simply call the setcookie() function in your script and provide it with a variable name and a value. You do not provide it with an expiration time. Here's an example:

setcookie("username", "chris");
//equivalent to $username = chris

After the cookie is set, you can use the name of the cookie as a variable in any page on your site. The variable is available up until the user closes the browser.

The script cookie1.php is a simple script that asks a user for his first name and then stores the first name to a cookie on the user's browser. The cookie will remain there until the user closes the browser. Once the user provides his first name from this page, the variable $f_name is available from any PHP script on your site.


Create the following script in a text editor and name it cookie1.php. This script does two things. It asks the user for his first name and sets a cookie that contains the user's first name, and it prints out a customized message to the user if the cookie has already been set.

The first thing you need to do is determine whether you have the information you need to store the cookie. In this example, you want to store the user's first name, so you check to see if the $f_name variable is set. If the $f_name variable is set (from the form that appears later in the script), then you know that you can set the cookie to the value of $f_name. If $f_name has not been set, then do nothing:

if(isset($f_name)) { 

Next, you create a page as you normally would:

<title>The Cookie Script</title>

At this point in the script, you check to see (again) if the $f_name variable has been set. If it has, then you print out a personalized message to the user:

if(isset($f_name)) {
  <h3>Welcome <? print $f_name ?>!

If the $f_name variable has not been set, then you want to ask the user for this information using a standard form:

} else {
  <form action="cookie1.php" method="POST">
  Please tell us your first name: <input type="text"   name="f_name">
  <input type="submit" name="submit" value="Submit">

Finally, you end the page as you normally would:

  • + Share This
  • 🔖 Save To Your Account