Session handling in PHP using Cookies

What is a cookie?

Cookies are piece of information stored on user machine. This information is sent by the browser every time the browser connects to the web server. A typical cookie might contain the user name of a logged user, preferences of a user, previous visists of a user etc.Cookies help the web designers to keep track of specific user.

The scope of this tutorial about cookies is as described below.

• How to set cookie in PHP.
• How to retrieve cookie in PHP
• How to delete or destroy a PHP cookie.
• When should we use cookie.

To set a cookie in PHP, the inbuilt function setcookie() is used. This function defines the PHP cookie. This cookie is then sent as HTTP request header. The syntax of this PHP function is as given below.

setcookie("cookie_name","cookie_value","expiry_time");


The PHP Cookie also some other arguments alos. You can learn them at the official website of PHP.

Each of the above three argurments (parameters) are discussed below.

1. cookie_name - This is the name of the cookie to set. This is a mandatory parameter. You will refer the cookie with this name only.
2. cookie_value - This is the value of the cookie. It is optional. If this value is not specified, a null value is set. To access this value you need the cookie name.
3. expiry_time - This is an optional parameter. If this parameter is not specified, the cookie is valid only for the current browser session. At the end of the browser session, the cookie will be cleared. This value is given in the form Unix timestamp. So you should use the PHP inbuilt function time() to set this value. Also, this value is relative to client machine not the server.

Since the PHP cookie is sent as the HTTP header, It must be set before any output is sent.

Last but not least, PHP Cookies are sent by the server but they are created on the client machine by the browser only not the server.However, we often use the terms like "cookie set by server etc."


1. setcookie("user","john");
2. setcookie("user","john",time()+60*10);


The first PHP cookie example sets the cookie named user. This cookie will be deleted by the browser as soon as the current browsing session ends. That is the browser window is closed.

The first PHP cookie example sets the cookie named user. This cookie will be deleted by the browser as soon as the current browsing session ends. That is the browser window is closed.

The example 2 of setting cookie in PHP set the similar cookie, but this time this cookie will be persistent for 10 mins. Even if the user closes his browser, The browser will not delete the cookie this time, rather it will wait for exactly 10 minutes before clearing the cookie.

P.S. - You can see the usage of unset function in the arrays section.

The $_COOKIE[ ] Array

PHP provides inbuilt array $_COOKIE[] to access the cookies. These cookies are accessed by using their key names. The key names are specified as the name parameter of a setcookie() function. So, to retrieve a PHP cookie you simply have to use this array with appropriated key value. The example below retrieves the cookie set in the previous example.


$username = $_COOKIE["name"];


The $username will contain the value "john" after this statement is run.

The $_REQUEST[ ] Array

This array also, has access to the cookie set by the browser. The previous statement can be modified to access a cookie by using the $_REQUEST[] array as below.


$username = $_REQUEST["name"];

The $username will contain the value "john" after this statement is run.
The $_REQUEST[] array is also used to retrieve form data also. We will learn about the PHP $_REQUEST[] array in the coming pages. For now lets learn how to destroy a cookie

There is no separate function to destroy or unset a PHP cookie. Shocked? I also felt the same when I learnt this for the very first time. As we know that the cookies are created by browsers. Hence the onus to destroy a cookie also lies with the same browser. You only instruct the browser to delete the cookie by setting the time in the past. You do so by using the same old setcookie() function. The example below tells the browser to clear the cookie.

setcookie("name","",time()-60);


Notice that the cookie_name is the same as the name of cookie we want to clear.

As the cookies are placed on client side, cookies should be avoided when involving monetry transactions. Other sensitive information should also not be stored as cookies.

However you can use cookies for normal login systems etc. Cookies are supported over SSL connections also, so there is no problem even if you plan to use cookies. In fact one of other parameters of PHP cookie is specific to this purpose only.

That all for now about cookie. May be I will write a separate article or add a separate page about the Advanced concepts in PHP cookies sometime in future. The tutorial itself has crossed the limit, so We will directly do a project all about cookies in the project section of this PHP tutorial instead of doing examples.