start learning
Image 1

PHP Sessions

In the context of web development, cookies are small pieces of data that a web server sends to a user's browser for storage. The browser then sends these cookies back to the server with every subsequent request, allowing the server to recognize the user, track their session, or store other relevant information. Cookies are commonly used for various purposes, such as session management, personalization, and tracking user behavior.

Here's a basic overview of working with cookies in PHP :

Setting Cookies

You can set cookies in PHP using the setcookie() function. The basic syntax is as follows:

setcookie(name, value, expire, path, domain, secure, httponly);
  • name: The name of the cookie.
  • value: The value to be stored.
  • expire: The expiration time of the cookie (in seconds). If set to 0, the cookie will expire when the browser is closed.
  • path: The path on the server for which the cookie is available.
  • domain: The domain for which the cookie is available.
  • secure: If set to true, the cookie will only be sent over secure HTTPS connections.
  • httponly: If set to true, the cookie will be accessible only through HTTP and not through JavaScript.
Example :

// Set a cookie named "user" with the value "John Doe" that expires in 1 hour
setcookie("user", "John Doe", time() + 3600, "/");

Retrieving Cookies

You can retrieve the value of a cookie using the $_COOKIE superglobal array.

Example :
// Check if the "user" cookie is set
if (isset($_COOKIE["user"])) {
    $username = $_COOKIE["user"];
    echo "Welcome back, $username!";
} else {
    echo "Welcome, new user!";

Deleting Cookies

To delete a cookie, you can use the setcookie() function with an expiration time in the past.

Example :

// Delete the "user" cookie
setcookie("user", "", time() - 3600, "/");

Cookies in PHP can be used for various purposes, beyond simple user authentication. Here are some additional methods and techniques for using cookies in PHP:

Session Management

Cookies are commonly used to manage user sessions. When a user logs in, you can set a session ID as a cookie, and then use this ID to identify the user on subsequent requests.

Example :
// Set a session ID cookie when the user logs in
function loginUser($username, $password) {
    // Validate credentials (not shown for simplicity)
    // Set a session ID cookie
    $sessionId = generateSessionId();
    setcookie('session_id', $sessionId, time() + (24 * 60 * 60), '/');
    // Store session data on the server
    $_SESSION['username'] = $username;
    // Other session data...

    echo "Welcome, $username!";

// Function to generate a random session ID
function generateSessionId() {
    return bin2hex(random_bytes(16));

Remember Me Functionality

You can implement "Remember Me" functionality by setting a long-term cookie that stores user credentials. This allows users to stay logged in even after closing the browser.

Example :
 // Implement "Remember Me" functionality 
function  rememberUser($username, $password)  {
     // Validate credentials (not shown for simplicity) 
     // Set a long-term cookie with user credentials 
     setcookie ('remember_me', base64_encode("$username:$password"), time() + (30 * 24 * 60 * 60), '/');
     echo  "You will be remembered!";

 // Check if the "remember_me" cookie is set 
if (isset( $_COOKIE ['remember_me'])) {
    list( $username ,  $password ) = explode(':', base64_decode($_COOKIE['remember_me']));
     // Validate credentials (not shown for simplicity) 
     echo  "Welcome back, $username!";

Tracking User Preferences

Cookies can be used to store user preferences, such as theme choices, language preferences, or other customizable settings.

Example :
 // Set a cookie for user's preferred theme 
function   setThemePreference($theme)  {
      setcookie ('theme', $theme, time() + (30 * 24 * 60 * 60), '/');

 // Check for the "theme" cookie 
if (isset(  $_COOKIE ['theme'])) {
      $userTheme  =   $_COOKIE ['theme'];
      echo  "Your preferred theme is $userTheme.";

Cookie Security

It's important to consider security when working with cookies. Set the secure and httponly flags appropriately. Additionally, you may want to encrypt sensitive information stored in cookies or use techniques like HMAC (Hash-based Message Authentication Code) to ensure the integrity of the cookie data.

Example :
 // Set a secure and HTTP-only cookie with encrypted data 
 $secureData  = encryptData ($sensitiveData) ;
 setcookie ('secure_cookie', $secureData, time() + (24 * 60 * 60), '/', '', true, true);

 // Function to encrypt data (using openssl_encrypt for example) 
function  encryptData($data)  {
     $key  = 'your_secret_key';
     $cipher  = 'AES-256-CBC';
     $iv  = random_bytes(16);

     $encryptedData  =  openssl_encrypt($data, $cipher, $key, 0, $iv) ;
    return  base64_encode($iv . $encryptedData) ;

Keep in mind that cookies are stored on the user's device and can be manipulated, so they should not be relied upon for sensitive information. For more secure applications, consider using sessions and server-side storage.