PHP Function Reference

PHP setrawcookie() Function



The PHP setrawcookie() function defines a cookie to be sent along with the rest of the HTTP headers without urlencoding the cookie value. Like other headers, cookies must be sent before any output from the script. This requires to place calls to this function prior to any output, including <html> and <head> tags as well as any whitespace.

Once the cookies have been set, they can be accessed on the next page load with the $_COOKIE array. Cookie values may also exist in $_REQUEST array.

Cookies are text files stored on the client computer and they are used for tracking purpose. PHP transparently supports HTTP cookies. There are three steps involved in identifying returning users:

  • Server script sends a set of cookies to the browser. For example name, age, or id etc.
  • Browser stores this information on local machine for future use.
  • When next time browser sends any request to web server then it sends those cookies information to the server and server uses that information to identify the user.
Note: setrawcookie() is exactly the same as setcookie() except that the cookie value will not be automatically urlencoded when sent to the browser.

Syntax

setrawcookie(name, value, expires, path, 
          domain, secure, httponly)

//alternative signature available as of PHP 7.3.0
setrawcookie(name, value, options)

Parameters

name Required. Specify the name of the cookie.
value Optional. Specify the value of the cookie. This value is stored on the clients computer. This value can be retrieved through $_COOKIE['cookiename'].
expires Optional. Specify the time the cookie expires. This is a Unix timestamp which is in number of seconds since the epoch. For example: time()+60*60*24*30 will set the cookie to expire in 30 days. If set to 0, or omitted, the cookie will expire at the end of the session (when the browser closes). Default is 0.
path Optional. Specify the server path of the cookie. If set to '/', the cookie will be available within the entire domain. If set to '/php/', the cookie will only be available within the /php/ directory and all sub-directories of php. The default value is the current directory that the cookie is being set in.
domain Optional. Specify the (sub)domain name that the cookie is available to. To make the cookie available on all subdomains of example.com, set domain to "example.com". Setting it to www.example.com will make the cookie only available in the www subdomain
secure Optional. Specify whether or not the cookie should only be transmitted over a secure HTTPS connection from the client. When set to true, the cookie will only be set if a secure connection exists. Default is false.
httponly Optional. If set to true the cookie will be made accessible only through the HTTP protocol (the cookie will not be accessible by scripting languages, such as JavaScript). This setting can help to reduce identity theft through XSS attacks. Default is false.
options

Optional. Specify an associative array which may have any of the keys expires, path, domain, secure, httponly and samesite. If any other key is present an error of level E_WARNING is generated. The values have the same meaning as described for the parameters with the same name. If any of the allowed options are not given, their default values are the same as the default values of the explicit parameters.

The value of the samesite element should be either None, Lax or Strict. If the samesite element is omitted, no SameSite cookie attribute is set.

Return Value

If output exists prior to calling this function, setrawcookie() will fail and return false. If setrawcookie() successfully runs, it will return true. This does not indicate whether the user accepted the cookie.

Example: sending cookies

The example below shows how to send the set cookies request using PHP script.

<!DOCTYPE html>
<?php
//expire at the end of the session
setrawcookie("name", "John Smith");

//expire in 1 hour
setrawcookie("age", 27, time()+3600);

//expires in 1 hour- this cookie will be available 
//within the entire domain if set through secure 
//HTTPS connection from the client
setrawcookie("hobbies", "painting", time()+3600, "/", "", 1);
?>
<html>
<head><title>Setting Cookies</title></head>
   
<body>
  <?php echo "Set Cookies"; ?>
</body>  
</html>

Example: accessing cookies

The value of a cookie can be retrieved through $_COOKIE['cookiename']. Consider the example below:

<!DOCTYPE html>
<?php
//expire in 1 hour
setrawcookie("TestCookie", "CookieValue", time()+3600);
?>

<html>
<head><title>Accessing Cookies</title></head>
   
<body>

  <?php
    if(!isset($_COOKIE["TestCookie"])) {
      echo "This cookie is not set.";
    } else {
      "Value is: ".$_COOKIE['TestCookie'];
    }
  ?>

</body>  
</html>

Example: deleting cookies

To delete a cookie, the expiration date can be set in the past using setrawcookie() function. This will trigger the removal mechanism in the browser.

<!DOCTYPE html>
<?php
//setting the expiration date in past 1 hour will 
//trigger the removal mechanism in the browser
setrawcookie("TestCookie", "CookieValue", time()-3600);
?>

<html>
<head><title>Deleting Cookies</title></head>
   
<body>
  <?php echo "Deleting Cookies"; ?>
</body>  
</html>

Example: modifying cookies

To modify a cookie, just set the cookie again using the setrawcookie() function.

<!DOCTYPE html>
<?php
//this will modify the expiration time to 2 hours
setrawcookie("TestCookie", "CookieValue", time()+7200);
?>

<html>
<head><title>Modifying Cookies</title></head>
   
<body>
  <?php echo "Modifying Cookies"; ?>
</body>  
</html>

Example: check if cookies are enabled

The following example can be used to check whether cookies are enabled or not. First, try to create a test cookie with the setcookie() function, then count the $_COOKIE array variable:

<!DOCTYPE html>
<?php
//this will modify the expiration 
//time to 2 hours
setcookie("TestCookie", "CookieValue", time()+7200, "/");
?>

<html>
<head><title>Modifying Cookies</title></head>
   
<body>
  <?php 
    if(count($_COOKIE) > 0) {
      echo "Cookies are enabled.";
      //codes 
    } else {
      echo "Cookies are disabled.";
      //codes
    }
  ?>
</body>  
</html>

Example: setrawcookie() and arrays

The array cookies can be set by using array notation in the cookie name. Consider the example below:

<!DOCTYPE html>
<?php
//set cookie array
setrawcookie("arr[three]", "cookiethree");
setrawcookie("arr[two]", "cookietwo");
setrawcookie("arr[one]", "cookieone");
?>

<html>
<head><title>Modifying Cookies</title></head>
   
<body>

  <?php
  //after the page reloads, displaying them
  if (isset($_COOKIE['arr'])) {
    foreach ($_COOKIE['arr'] as $name => $value) {
      $name = htmlspecialchars($name);
      $value = htmlspecialchars($value);
      echo "$name : $value <br>\n";
    }
  }
  ?>

</body>  
</html>

The output of the above code will be:

three : cookiethree
two : cookietwo
one : cookieone

Note: To automatically URL-encode the cookie value when sending, and automatically decode when receiving, use the setcookie() function instead.

❮ PHP Network Reference