Cookie Helper

The Cookie Helper file contains functions that assist in working with cookies.

Loading this Helper

This helper is loaded using the following code:

<?php

helper('cookie');

Available Functions

The following functions are available:

set_cookie($name[, $value = ''[, $expire = ''[, $domain = ''[, $path = '/'[, $prefix = ''[, $secure = false[, $httpOnly = false[, $sameSite = '']]]]]]]])

Parameters

• $name (mixed) – Cookie name or associative array of all of the parameters available to this function

• $value (string) – Cookie value

• $expire (int) – Number of seconds until expiration

• $domain (string) – Cookie domain (usually: .yourdomain.com)

• $path (string) – Cookie path

• $prefix (string) – Cookie name prefix. If '', the default from app/Config/Cookie.php is used

• $secure (bool) – Whether to only send the cookie through HTTPS

• $httpOnly (bool) – Whether to hide the cookie from JavaScript

• $sameSite (string) – The value for the SameSite cookie parameter. If null, the default from app/Config/Cookie.php is used

Return type

void

This helper function gives you friendlier syntax to set browser cookies. Refer to the Response Library for a description of its use, as this function is an alias for Response::setCookie().

get_cookie($index[, $xssClean = false[, $prefix = '']])

Parameters

• $index (string) – Cookie name

• $xssClean (bool) – Whether to apply XSS filtering to the returned value

• $prefix (string|null) – Cookie name prefix. If set to '', the default value from app/Config/Cookie.php will be used. If set to null, no prefix

Returns

The cookie value or null if not found

Return type

mixed

Note

Since v4.2.1, the third parameter $prefix has been introduced and the behavior has been changed a bit due to a bug fix. See Upgrading for details.

This helper function gives you friendlier syntax to get browser cookies. Refer to the IncomingRequest Library for detailed description of its use, as this function acts very similarly to IncomingRequest::getCookie(), except it will also prepend the Config\Cookie::$prefix that you might’ve set in your app/Config/Cookie.php file.

Warning

Using XSS filtering is a bad practice. It does not prevent XSS attacks perfectly. Using esc() with the correct $context in the views is recommended.

delete_cookie($name[, $domain = ''[, $path = '/'[, $prefix = '']]])

Parameters

• $name (string) – Cookie name

• $domain (string) – Cookie domain (usually: .yourdomain.com)

• $path (string) – Cookie path

• $prefix (string) – Cookie name prefix

Return type

void

Lets you delete a cookie. Unless you’ve set a custom path or other values, only the name of the cookie is needed.

<?php

delete_cookie('name');

This function is otherwise identical to set_cookie(), except that it does not have the value and expire parameters.

Note

When you use set_cookie(), if the value is set to empty string and the expire is set to 0, the cookie will be deleted. If the value is set to non-empty string and the expire is set to 0, the cookie will only last as long as the browser is open.

You can submit an array of values in the first parameter or you can set discrete parameters.

<?php

delete_cookie($name, $domain, $path, $prefix);

has_cookie(string $name[, ?string $value = null[, string $prefix = '']])

Parameters

• $name (string) – Cookie name

• $value (string|null) – Cookie value

• $prefix (string) – Cookie prefix

Return type

bool

Checks if a cookie exists by name. This is an alias of Response::hasCookie().