Cookies in PHP

PHP cookie is a small piece of information that is stored at the client's browser. It is used to recognize the user Cookie is created at the server-side and saved to the client browser. Each time when a client sends a request to the server, the cookie is embedded with the request. In such a way, the cookie can be received at the server-side. In short, the cookie can be created, sent, and received at the server end.

A cookie is a small file with the maximum size of 4KB that the web server stores on the client computer

A cookie can only be read from the domain that it has been issued from Cookies are usually set in an HTTP header but JavaScript can also set a cookie directly on a browser.

Use of Cookies in PHP :

A cookie is a small piece of information stored in the client's browser. It is a technique used to identify a user using the information stored in their browser (if already visited that website)


When user requests for a page on a Web site data in the cookies which belong to the same site are sent to the server automatically within the request.

The expiration period of the cookies can be set, it can be set to seconds, minutes, hours, days, or for a year, it can also be set a cookie to expire once browser applications are closed.

it more secure than the query string.

It is very much preferable to store non-critical user data on an ongoing basis.

Tracking the pages visited by a user.


Personalizing the user experience - this is achieved by allowing users to select their preferences. The page requested that follows is personalized based on the set preferences in the cookies.

Attributes of Cookies in PHP

name: The unique name is given to a particular cookie.

value: The value of the cookie.

expires: The time when a cookie will get expire. When it reaches its expiration period cookies are deleted from the browser automatically. If the value is set to zero, it will only last till the browser is running it gets deleted when the browser exits.

path: The path where the browser sends the cookies back to the server. If the path is specified, it will only send to the specified URL else if it is stored with "" the cookie will be available for all the URLs on the server.

Domain: The browser will send the cookie only for URLs within this specified domain. By default is the server hostname.

secure: If this field is set, the cookie will only be sent over an https connection. By default, it is set to false, which means it is okay to send the cookie over an insecure connection.

HttpOnly: This field, if present, tells the browser that it should only make the cookie assessable only to scripts that run on the Web server (that is, via HTTP). Attempts to access the cookie through JavaScript will be rejected.