As you may know from the JavaScript page on cookies they are a way of writing data to the user's computer (for example the name of the person logged in).  JavaScript could do that because it runs on the user's computer.  PHP can do it because it can send special messages (headers) to the browser with the pages it sends.  One of these can be to create or read cookies. 

Create a new PHP page called phpcookiesave.php and just under the h1 put this (inside the PHP):

setcookie("name", "fred");

Save the page but do not try it in the browser yet.

That line of code puts some data into a header which it will send when the page is sent (or just before technically).  Remember that the above PHP code is executed on the server and is finished before the page is sent.  Remember also that the user can choose not to accept cookies so this might not always work.

Now create another page called phpcookieread.php and put this in just under the h1:


Try phpcookieread.php and you should get an error about an undefined index.  The index is the bit in square brackets.  No cookie called name exists so there is no index in $_COOKIE which matches.  Change that line of code by adding the if isset you learned about recently plus an echo line:

} else {
echo $nameFromCookie;

Now the page should say unknown rather than showing an error which is a bit more professional.

Now you should try phpcookiesave.php by loading it in the browser.  You should see nothing if it worked.  Now try phpcookieread.php again.  You should see the name stored in the cookie by the other page.

$_COOKIE is a superglobal variable available to all pages on the site and holds all cookies for that site.

Cookie duration

Once you close the browser used to test the above pages the cookie may be deleted (it depends on how the browser handles things).  You can also ask for a cookie to be stored for a definite time.  Amend the setcookie line in phpcookiesave.php to this:

setcookie("name", "fred", time()+1814400);

The function time() returns the current time.  The number added to that is the number of seconds to keep the cookie.  The browser and user may choose to ignore this and delete the cookie anyway (or not delete it after that time) but mostly it will work.

You can also use the time to delete a cookie by setting the time to before now.  Create a page called phpcookiedestroy.php and put this just under the h1:

setcookie("name", "fred", time()-1);

Save, upload and try (the page should be blank).  Then try phpcookieread.php again (it should say unknown).  You now have three pages which can create, read and delete a cookie.

Security note

You may have become fed up of the comments above about cookies being open to the browser doing what it wants with them.  Here is another warning like that!  Cookies are stored (sometimes as text files) on the user's computer.  The user can therefore access them.  If they know how they can also change them.  So, do not store anything in a cookie which is sensitive data (like a password).  Cookies are often used to remember a user but there is nothing to stop the user changing the name stored.  So never trust cookie data.  They might even change it to some PHP code and hack your server.  You will learn how to avoid that soon.