This course will be retired on June 1, 2025.
Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll
Start a free Courses trial
to watch this video
There are often times when we want to keep some information available for a longer period of time. We can do this by using cookies. A cookie is a piece of data sent from a website and stored on the user's computer by the user's web browser.
Setting a Cookie
Here is a list of available properties. View more on setcookie() documentation
name: The name of the cookie. You can store cookies as an array by adding square brackets to the end of the name.
// cookie values as array
setcookie('cookiename[]', 'value1');
setcookie('cookiename[]', 'value2');
value: The value of the cookie. This value is stored on the clients computer; do not store sensitive information.
// assuming the name is 'cookiename[]', retrieve array values
echo $_COOKIE['cookiename'][0];
echo $_COOKIE['cookiename'][1];
// will display
value1value2
expire (optional): default = 0
The time the cookie expires. This is a Unix timestamp, you'll most likely set this with the time() function plus the number of seconds before you want it to expire. If set to 0, or omitted, the cookie will expire at the end of the session (when the browser closes).
// set the cookie to expire in 30 days.
// 60 seconds, multiplied by 60 minutes, multiplied by 24 hours, multiplied by 30 days
setcookie('cookiename', 'value', time()+60*60*24*30);
//set the cookie to expire with session
setcookie('cookiename', 'value', 0);
path (optional): default = the current directory in which the cookie is being set.
The path on the server in which the cookie will be available on. If set to '/', the cookie will be available within the entire domain. If set to '/foo/', the cookie will only be available within the /foo/ directory and all sub-directories such as /foo/bar/ of domain.
domain (optional): default = works for all subdomains as well
The (sub)domain that the cookie is available to. Older browsers may require a leading . to match all subdomains.
// available to a single subdomain
setcookie('cookiename', 'value', 0, 'www.example.com');
// available to all subdomain
setcookie('cookiename', 'value', 0, '.example.com');
secure (optional): default = FALSE
Indicates that the cookie should only be transmitted over a secure HTTPS connection from the client. When set to TRUE, the cookie will only be set if a secure connection exists. On the server-side, it's on the programmer to send this kind of cookie only on secure connection (e.g. with respect to $_SERVER["HTTPS"]).
httponly (optional): default = FALSE
When TRUE the cookie will be made accessible only through the HTTP protocol. This means that the cookie won't be accessible by scripting languages, such as JavaScript. It has been suggested that this setting can effectively help to reduce identity theft through XSS attacks (although it is not supported by all browsers), but that claim is often disputed.
Related Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign upRelated Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign up
You need to sign up for Treehouse in order to download course files.
Sign upYou need to sign up for Treehouse in order to set up Workspace
Sign up