How to Use Cookies in PHP? (Create, Access, & Delete)

Cookies? Yeah, they are essential for web development. It allows websites to store data on a user’s computer. PHP makes it easy to employ cookies and take advantage of their limitless possibilities. Cookies are like tiny packs of info that websites send to users’ browsers, enabling them to remember preferences and track habits.

Moreover, cookies are helpful for implementing shopping carts and remembering login details. They enable users to stay logged in even after closing browsers. Plus, with secure encryption and proper cookie expiration times, privacy concerns are addressed.

PHP cookies allow for dynamic, interactive websites that cater to each user’s uniqueness. By using them, developers can make the most of their web projects. Let’s start exploring the captivating world of cookies and unlock their PHP application development.

What is Cookies in PHP?

Cookies in PHP play a crucial role in web development by enabling websites to store and retrieve information on a user’s device. These small pieces of data, sent from a web server and stored on the user’s browser, allow websites to remember user preferences, track sessions, and maintain state information.

In PHP, cookies can be customized to suit specific needs, thanks to key attributes that provide control over their behavior.

Key Cookie Attributes:

  • Expires: This attribute sets the expiration date and time for a cookie. After this point, the cookie becomes invalid and is automatically deleted by the browser. Cookies can be set to expire at a specific date or when the browser session ends.
  • Path: It defines the URL path for which the cookie is accessible. This attribute allows you to specify a directory or a part of the website where the cookie should be available. It helps in segmenting cookies for different purposes.
  • Domain: The “domain” attribute specifies the domain (e.g., for which the cookie is valid. This attribute is useful when you want a cookie to be accessible across subdomains, enabling seamless user experiences.
  • Secure: When this attribute is set to true, ensures that the cookie is only transmitted over secure (HTTPS) connections. It enhances the security of sensitive information stored in cookies.

Understanding these key cookie attributes in PHP is essential for creating effective web applications. By using these attributes strategically, you can tailor cookies to meet specific requirements, whether it’s providing a personalized user experience, managing user sessions, or enhancing security. To conduct such ideal practices in your PHP application you can also consider requesting personalized assistance by hiring dedicated PHP developers.

Setting Cookies in PHP

It is a fundamental aspect of web development, allowing you to store and retrieve user-specific information and preferences. By using cookies, you can create a more personalized and user-friendly web experience. In this section, we’ll delve into the practical steps of how to set cookies in PHP.

To set a cookie in PHP, you’ll typically use the setcookie() function. This function allows you to define the cookie’s name, value, and various attributes. Here’s a basic example:

setcookie("cookie_name", "cookie_value");

2. Using the setcookie() Function

The setcookie() function takes several parameters, including the cookie name, value, expiration time, path, domain, and security settings. You can specify these parameters to customize the behavior of your cookie.

As mentioned earlier, you can set attributes like “expires,” “path,” “domain,” and “secure” to control how the cookie behaves. For example, you can set a cookie to expire after a specific duration or ensure that it is only accessible on certain parts of your website.

4. Examples of Setting Cookies

Throughout your web development journey, you may need to set cookies for various purposes, such as tracking user preferences, managing user sessions, or improving site functionality.

5. Practices for Setting Cookies

To ensure a seamless and secure user experience, it’s essential to follow best practices when setting cookies. This includes setting appropriate expiration times, restricting cookies to specific paths, and using encryption for sensitive data.

Setting cookies in PHP opens up a world of possibilities for enhancing your website’s functionality and user experience. To assure the same and right code deployment you can hand over your application to a PHP development company offering web development services.

Whether you’re customizing content, maintaining user sessions, or improving security in your web development toolkit. In the following sections, we’ll explore examples and best practices to guide you in effectively utilizing cookies in PHP.

Steps for Setting Cookies in PHP

It includes an essential mechanism that enables web developers to store and manage user-specific data in a user’s browser, facilitating tailored browsing experiences and session management.

1. Using setcookie() Function

The setcookie() function in PHP facilitates the creation of cookies that are stored on a user’s browser, enabling the preservation of specific information for subsequent page visits.

  • The setcookie() function takes parameters to define the cookie properties such as name, value, expiration time, path, domain, and security.


setcookie("username", "JohnDoe", time() + 3600, "/"); 

This example sets a cookie named “username” with the value “JohnDoe” that expires in an hour, is accessible from the root directory, is associated with the domain “”, and is marked as secure.

Cookies in PHP require a name to identify the information and a value representing the data to be stored.

  • Choose a descriptive name for the cookie to identify its purpose.
  • Assign the specific value to be stored in the cookie.


setcookie("user_id", "12345", time() + (86400 * 30), "/"); 
  • This code sets a “user_id” cookie with the value “12345”, valid for 30 days and accessible from the root directory.

Defining the name and value of a cookie is fundamental to setting and identifying the information stored within it.

3. Setting Expiration Time

The expiration time defines the duration until the cookie becomes invalid.

  • Determine the duration until the cookie expires using the time() function to specify the expiration timestamp.
  • Cookies can either persist until the browser session ends or have a specific expiration time.


setcookie("session_token", "abc123", 0, "/");
  • This code sets a “session_token” cookie that expires when the browser is closed.

 Setting an expiration time allows for the management of how long the stored information remains valid.

4. Setting Path and Domain (Optional)

The path and domain parameters define the scope and accessibility of the cookie.

  • Specify the path and domain parameters to limit where the cookie is accessible.


setcookie("preferences", "settings", time() + 3600, "/settings/", "");
  • The “preferences” cookie is set to expire in an hour, limited to the “/settings/” directory and accessible across all subdomains of “”.

Setting the path and domain parameters defines the cookie’s scope, allowing selective access across different parts of a website.

5. Ensuring Security (Optional)

Setting cookies for secure transmission over HTTPS connections helps enhance data security.

  • For sensitive information, ensure the cookie is transmitted over secure connections by setting the security parameter to true.


setcookie("secure_cookie", "12345", time() + 3600, "/", "", true); 
  • The “secure_cookie” is set to be transmitted securely, lasting for an hour and available across the entire domain.
  • Ensuring security when transmitting cookies helps protect sensitive data and user privacy.

Setting cookies in PHP empowers developers to create personalized and interactive web experiences by storing and retrieving user-specific information across various browsing sessions. Adjusting the parameters in the setcookie() function allows for tailored and secure cookie management within web applications.

Retrieving Cookies in PHP

Retrieving cookies in PHP is an essential aspect of managing user-specific information within web applications. After cookies have been previously set and stored in a user’s browser, PHP enables developers to access and retrieve these cookies to personalize experiences, maintain sessions, and dynamically display content based on stored data.

Steps for Retrieving Cookies

Retrieving cookies in PHP is an essential process to access and utilize stored user data, allowing for personalized experiences and tailored functionalities within web applications.

The ‘$_COOKIE’ superglobal array in PHP stores all cookies sent from the client’s browser to the server. Accessing this array provides access to the stored cookie data.

  • Access the ‘$_COOKIE’ array to retrieve stored cookies.
  • Cookies are accessed using their unique names as keys within the ‘$_COOKIE’ array.


$username = $_COOKIE['username']; 

Utilizing the ‘$_COOKIE’ superglobal allows direct access to stored cookie information, enabling developers to personalize content and manage user preferences within their web applications effectively.

2. Accessing Specific Cookies

Retrieving specific cookies involves referencing their unique names within the ‘$_COOKIE’ superglobal array, enabling the extraction of particular user data.

  • Use the name of the desired cookie to access its stored value within ‘$_COOKIE’.
  • Check for the existence of a specific cookie before retrieving its value.


if (isset($_COOKIE['username'])) {
    $username = $_COOKIE['username'];
    // Further operations using $username

Accessing specific cookies allows developers to retrieve targeted user information, facilitating the customization of web experiences and the implementation of personalized features.

Prior to retrieving a specific cookie, it is advisable to verify its existence within the ‘$_COOKIE’ array to avoid potential errors.

  • Use isset() to check if a particular cookie exists in the ‘$_COOKIE’ array.
  • Validate the existence of cookies before accessing their values.


// Check if 'username' cookie exists
if (isset($_COOKIE['username'])) {
    $username = $_COOKIE['username'];
    echo "Welcome back, $username!";
    // Further operations using $username
} else {
    echo "Cookie 'username' not found or has expired.";
    // Perform alternative actions or set the cookie if not present

Verifying the existence of cookies helps in ensuring the availability of necessary user data, preventing errors and enabling smooth operations while retrieving stored information.

Upon retrieving the desired cookie, further processing of the obtained data is essential for applying tailored functionalities within PHP applications.

  • Utilize retrieved cookie data for customizing content, managing user preferences, or implementing application-specific features.
  • Process the retrieved cookie data as required by the application’s functionalities.


if (isset($_COOKIE['preferences'])) {
    $preferences = json_decode($_COOKIE['preferences'], true);
    // Process preferences (example: theme preferences)
    if (isset($preferences['theme'])) {
        $selectedTheme = $preferences['theme'];
        // Apply the selected theme to the user interface
        echo "Applying $selectedTheme theme.";
    // Other preference handling...
} else {
    echo "No stored preferences found.";
    // Implement default preferences or guide the user to set preferences

Processing retrieved cookie data allows developers to personalize the user experience, manage preferences, and implement dynamic functionalities based on the stored user data.

Retrieving and processing cookies in PHP empowers developers to create personalized and dynamic web applications, tailoring experiences and functionalities to suit individual user preferences.

Updating and Deleting Cookies in PHP

In web development, cookies play a crucial role in storing user-specific data and preferences. However, there are scenarios where you might need to update or delete cookies.

Updating cookies allows you to modify their values while deleting cookies removes them from the user’s browser. These actions are essential for maintaining data accuracy and ensuring user privacy.

Steps for Updating and Deleting Cookies in PHP

In PHP, cookies are utilized to store user-specific information. There are situations where you may need to update or delete cookies to maintain accurate data or enhance user privacy. These steps outline how to update and delete cookies while ensuring the necessary existence check.

1. Updating Cookies

Updating cookies is necessary when you need to change the values or attributes of a cookie while keeping it active.

  • To update a cookie, use the setcookie() function with the same name as the existing cookie.
  • Provide the new value and any modified attributes to overwrite the existing cookie.


// Updating the 'username' cookie with a new value
setcookie("username", "NewValue", time() + 3600, "/");

Updating cookies ensures that they remain relevant and accurate, providing users with the latest information.

2. Deleting Cookies

Deleting cookies is important when you want to remove specific cookie data, either because it’s no longer needed or for user privacy considerations.

  • To delete a cookie, set its expiration time to a past date using the setcookie() function. This causes the cookie to expire immediately.
  • Make sure to set the path and domain attributes the same way they were set when the cookie was originally created.


// Deleting the 'username' cookie
setcookie("username", "", time() - 3600, "/");

Deleting cookies is crucial for user privacy and for removing obsolete or unwanted data from the user’s browser.

Before updating or deleting a cookie, it’s wise to check if the cookie exists to avoid errors.

  • Use the isset() function to verify if a specific cookie is set before attempting to update or delete it.


if (isset($_COOKIE['username'])) {
    // Proceed with updating or deleting

Checking for cookie existence helps prevent errors and ensures that you are working with valid cookie data.

Updating and deleting cookies in PHP is a critical aspect of web development, allowing developers to manage user data accurately and responsibly. By following these steps, you can ensure that your web applications provide an optimal user experience while respecting user privacy and data accuracy.

Best Practices for Using Cookies in PHP

Cookies are vital in conducting the best security practices in PHP. But, it also requires careful handling to ensure security, user privacy, and an optimized browsing experience.

1. Data Sensitivity and Security Measures

Consider the type of information stored in cookies. Ensure that sensitive data, like passwords or personal information, isn’t directly stored in cookies.

If sensitive data needs to be stored, encrypt the information before placing it into the cookie. Additionally, always set the Secure flag for cookies that contain sensitive information to ensure they are transmitted only over HTTPS connections.

Cookies should have a sensible expiration time to avoid unnecessary data retention. Define appropriate expiration times for cookies, considering the necessity of stored information. For session-specific cookies, set them to expire when the browser session ends. To persistent data, set reasonable and relevant expiry dates.

Respect user privacy and legal requirements regarding cookies. Inform users about the use of cookies on your website and obtain their consent where necessary. This aligns with regulations like the GDPR. Utilize cookie consent banners or policies that describe the type of cookies used and their purpose.

4. Path and Domain Scope Definition

Define the scope of where cookies are accessible. Set the Path and Domain parameters according to the necessary scope of your cookies. This ensures that cookies are only accessible where required, reducing unnecessary data exposure.

5. Regular Maintenance and Cleanup

Prevent cookie clutter and maintain a lean data environment. Regularly review and clean up unnecessary or outdated cookies. Cookies that are no longer relevant or expired should be removed to maintain a tidy and efficient user data environment.

Implementing these best practices will not only ensure better security and compliance but also contribute to a more positive and responsible user experience when dealing with cookies in PHP-based web development.

FAQs About How to Use Cookies in PHP

What security measures should I consider when using cookies in PHP?
Security is crucial when handling cookies to protect sensitive information and user privacy.
  • Avoid storing sensitive data directly in cookies; instead, encrypt the information before storing it.
  • Always set the Secure flag for cookies containing sensitive data to ensure transmission only over secure connections (HTTPS).
Implementing these security measures ensures that sensitive data stored in cookies is protected and transmitted securely over HTTPS connections.
Do cookies work across different pages or subdomains in PHP?
Understanding the accessibility and scope of cookies across various pages or subdomains is essential for effective data management.
  • Cookies can function across different pages or subdomains based on the definitions of the Path and Domain attributes when setting the cookies.
  • Adjust the Path and Domain parameters to control where cookies are accessible, allowing them to be limited to specific sections of the website or across various subdomains.
By appropriately configuring the Path and Domain attributes, cookies can be controlled in their accessibility across different pages and subdomains, ensuring targeted data storage.
How long do cookies last in PHP?
Understanding the duration of cookies helps manage data retention and user sessions effectively.
  • The lifespan of a cookie can vary based on how it's set using the setcookie() function.
  • Cookies can either have a specific expiration time, after which they expire, or persist until the user closes the browser session.
By setting appropriate expiration times, cookies can be managed effectively for data retention or session-based functionalities in PHP applications.


In conclusion, the use of cookies in PHP stands as a fundamental aspect of web development, enabling personalized experiences, session management, and data retention. Understanding the attributes of cookies, including their expiration, path, and security settings, is vital for effective implementation.

By employing cookies with measures and attaching them to best practices such as securing sensitive information, managing expiration times, obtaining user consent, and regular maintenance, developers can enhance both the functionality and security of web applications.

Cookies in PHP present a gateway to dynamic and interactive websites, fostering individualized user experiences and facilitating personalized content delivery. Adhering to responsible and secure cookie handling practices not only ensures compliance with privacy regulations but also cultivates trust and confidence among users.

Continual learning, adaptation, and implementation of evolving best practices will benefit you in unlocking the true potential of cookies in PHP-based web development. If you get stuck in any of those procedures or need a 1:1 consultation, feel free to get in touch with us – our dedicated team of PHP developers will be there to help you with tailored solutions!

Mehul Patel is a seasoned IT Engineer with expertise as a WordPress Developer. With a strong background in Core PHP and WordPress, he has excelled in website development, theme customization, and plugin development.

Leave a comment