Cookies store small data on a user's browser. Setting expiration controls how long the cookie lasts. Security settings keep cookies safe from hackers.
setcookie(name, value, expire, path, domain, secure, httponly);
expire is a timestamp (seconds since 1970) when the cookie expires.
secure means cookie is sent only over HTTPS.
httponly means cookie cannot be accessed by JavaScript.
setcookie("user", "Alice", time() + 3600);
setcookie("session", "abc123", 0, "/", "example.com", true, true);
setcookie("cart", "5", time() + 86400, "/shop");
This program sets a cookie named 'username' that lasts 2 hours, is sent only over HTTPS, and is not accessible by JavaScript. It then checks if the cookie exists and greets the user accordingly.
<?php // Set a cookie that expires in 2 hours, secure and httponly setcookie("username", "Bob", time() + 7200, "/", "", true, true); // Check if cookie is set if (isset($_COOKIE["username"])) { echo "Welcome back, " . $_COOKIE["username"] . "!"; } else { echo "Hello, new visitor!"; } ?>
Cookies must be set before any HTML output in PHP.
Use time() + seconds to set expiration in the future.
Setting secure to true requires HTTPS connection.
Cookie expiration controls how long the cookie stays on the browser.
Security flags like secure and httponly protect cookies from theft and misuse.
Always set cookies before sending any output in PHP.