PHP Cookie Basics

This page provides a basic overview of using cookies with PHP. Topics covered include:

Setting a Cookie

To set a cookie, use the setcookie() method. The basic format is:

setcookie(cookieName, cookieValue, cookieDate);

This is fairly straight forward. However, a example is in order:

setcookie('MyCookieVal', 'This is the cookie data stored in the browser', time()+60*60*24*1);

This creates a cookie named MyCookieVal in a browser with a value of This is the cookie data stored in the browser. The cookie will expire in 1 day based on the value calculated with the time() function.

For the application, a cookie that stores multiple values in a single cookie is needed. In addition, some of the parts of the cookie value needs to be encrypted using a hash. The hash stores an authentication value for site access. The example demonstrates this feature. The various parts of the cookie value are separated by commas. The hash value is created by combining one of the form fields along with a secret seed value and then generating a sha256 hash.

Note: MD5 and SHA1 have been determined to not to be secure. Read this Wikipedia page for more information.

Demo: cookie01.php - Source: cookie01.php

   1 <?php
   2 $secretSalt = "Test Value";
   3 
   4 if (isset($_POST['CookieForm'])){
   5   $hashVal = hash('sha256', $_POST['CookieValue1'].$secretSalt);
   6   
   7   setcookie('SampleCookie', $_POST['CookieValue1']. ',' .$_POST['CookieValue2'] . ',' . $hashVal, time()+60*60*24*1);
   8 
   9 }
  10 ?>
  11 <html>
  12 <head>
  13   <title>Set Cookie Form</title>
  14 </head>
  15 <body>
  16   <h2>Set Cookie Form</h2>
  17   <form action="<?php echo $_SERVER['SCRIPT_NAME'] ?>" method="post" id="CookieForm">
  18     <label>Cookie Value 1:</label>
  19     <input type="text" name="CookieValue1" maxlength="25" />
  20     <br/>
  21     <label>Cookie Value 2:</label>
  22     <input type="text" name="CookieValue2" maxlength="25" />
  23     <br/>
  24     <input type="submit" value="Send" />
  25     <input type="hidden" name="CookieForm" value="CookieForm" />
  26   </form>
  27   <h4>Cookie Values</h4>
  28   <p><a href="cookieRead01.php">View Cookie Values</a></p>
  29   <h4>Form Values</h4>  
  30   <p>
  31 <?php
  32 
  33 if (isset($_POST['CookieForm'])){
  34     foreach ($_POST as $key => $value){
  35       echo "$key ===> $value <br/>";
  36     }
  37 
  38 }
  39 ?>
  40   </p>
  41 </body>
  42 </html>

Reading a Cookie

Any cookies stored in the browser for your site are stored in the $_COOKIE array. The following example shows how the cookie is data is extracted and used. It also demonstrates how the SHA256 values are compared.

Demo: cookieRead01.php - Source: cookieRead01.php

   1 <?php
   2 $secretSalt = "Test Value";
   3 ?>
   4 <html>
   5 <head>
   6   <title>Display Cookie Page</title>
   7 </head>
   8 <body>
   9   <h2>Cookie Values</h2>
  10   <p>
  11 <?php
  12 
  13 if (isset($_COOKIE['SampleCookie'])){
  14   echo 'All of the text stored in SampleCookie: ' . $_COOKIE['SampleCookie'] . "<br/>";
  15 
  16   list($val1, $val2, $shaVal) = explode(',', $_COOKIE['SampleCookie']);
  17   echo "Cookie value 1: " . $val1 . "<br/>";
  18   echo "Cookie value 2: " . $val2 . "<br/>";
  19   echo "<br/><b>SHA256 Check</b><br/>";
  20   echo "From Cookie: " . $shaVal . "<br/>";
  21   echo "Check Value: " . hash('sha256', $val1 . $secretSalt);
  22 } else {
  23   echo '<p>Sample Cookie has not been set.</p>';
  24 }
  25 ?>
  26   </p>
  27 </body>
  28 </html>