Class Cookie

Cookie object to build a cookie and turn it into a header value

An HTTP cookie (also called web cookie, Internet cookie, browser cookie or simply cookie) is a small piece of data sent from a website and stored on the user's computer by the user's web browser while the user is browsing.

Cookies were designed to be a reliable mechanism for websites to remember stateful information (such as items added in the shopping cart in an online store) or to record the user's browsing activity (including clicking particular buttons, logging in, or recording which pages were visited in the past). They can also be used to remember arbitrary pieces of information that the user previously entered into form fields such as names, and preferences.

Cookie objects are immutable, and you must re-assign variables when modifying cookie objects:

$cookie = $cookie->withValue('0');
Namespace: Cake\Http\Cookie

Constants summary

  • string
    EXPIRES_FORMAT
    'D, d-M-Y H:i:s T'
  • string
    SAMESITE_LAX
    'Lax'
  • string
    SAMESITE_NONE
    'None'
  • string
    SAMESITE_STRICT
    'Strict'
  • string[]
    SAMESITE_VALUES
    [self::SAMESITE_LAX, self::SAMESITE_STRICT, self::SAMESITE_NONE]

Properties summary

  • $domain protected
    string

    Domain

  • $expiresAt protected
    \DateTime|\DateTimeImmutable|null

    Expiration time

  • $httpOnly protected
    bool

    HTTP only

  • $isExpanded protected
    bool

    Whether or not a JSON value has been expanded into an array.

  • $name protected
    string

    Cookie name

  • $path protected
    string

    Path

  • $sameSite protected
    string|null

    Samesite

  • $secure protected
    bool

    Secure

  • $value protected
    string|array

    Raw Cookie value.

Method Summary

Method Detail

__construct() public 

__construct(mixed $name, mixed $value, mixed $expiresAt, mixed $path, mixed $domain, mixed $secure, mixed $httpOnly, mixed $sameSite)

Constructor

The constructors args are similar to the native PHP setcookie() method. The only difference is the 3rd argument which excepts null or an DateTime or DateTimeImmutable object instead an integer.

Parameters

string $name

Cookie name

string|array $value optional

Value of the cookie

\DateTime|\DateTimeImmutable|null $expiresAt optional

Expiration time and date

string $path optional

Path

string $domain optional

Domain

bool $secure optional

Is secure

bool $httpOnly optional

HTTP Only

string|null $sameSite optional

Samesite

Throws

InvalidArgumentException
If an invalid value is passed for any of the arguments.

Links

http://php.net/manual/en/function.setcookie.php

_expand() protected 

_expand(mixed $string)

Explode method to return array from string set in CookieComponent::_flatten() Maintains reading backwards compatibility with 1.x CookieComponent::_flatten().

Parameters

string $string

A string containing JSON encoded data, or a bare string.

Returns

string|array

Map of key and values

_flatten() protected 

_flatten(array $array)

Implode method to keep keys are multidimensional arrays

Parameters

array $array

Map of key and values

Returns

string

A json encoded string.

_setValue() protected 

_setValue(mixed $value)

Setter for the value attribute.

Parameters

mixed $value

The value to store.

check() public 

check(mixed $path)

Checks if a value exists in the cookie data.

This method will expand serialized complex data, on first use.

Parameters

string $path

Path to check

Returns

bool

getDomain() public 

getDomain()

Get the domain attribute.

Returns

string

getExpiresTimestamp() public 

getExpiresTimestamp()

Get the timestamp from the expiration time

Timestamps are strings as large timestamps can overflow MAX_INT in 32bit systems.

Returns

string|null

The expiry time as a string timestamp.

getExpiry() public 

getExpiry()

Get the current expiry time

Returns

\DateTime|\DateTimeImmutable|null

Timestamp of expiry or null

getFormattedExpires() public 

getFormattedExpires()

Builds the expiration value part of the header string

Returns

string

getId() public 

getId()

Get the id for a cookie

Cookies are unique across name, domain, path tuples.

Returns

string

getName() public 

getName()

Gets the cookie name

Returns

string

getPath() public 

getPath()

Get the path attribute.

Returns

string

getSameSite() public 

getSameSite()

Get the SameSite attribute.

Returns

string|null

getStringValue() public 

getStringValue()

Gets the cookie value as a string.

This will collapse any complex data in the cookie with json_encode()

Returns

string

getValue() public 

getValue()

Gets the cookie value

Returns

string|array

isExpanded() public 

isExpanded()

Checks if the cookie value was expanded

Returns

bool

isExpired() public 

isExpired(mixed $time)

Check if a cookie is expired when compared to $time

Cookies without an expiration date always return false.

Parameters

\DateTime|\DateTimeImmutable $time optional

The time to test against. Defaults to 'now' in UTC.

Returns

bool

isHttpOnly() public 

isHttpOnly()

Check if the cookie is HTTP only

Returns

bool

isSecure() public 

isSecure()

Check if the cookie is secure

Returns

bool

read() public 

read(mixed $path)

Read data from the cookie

This method will expand serialized complex data, on first use.

Parameters

string $path optional

Path to read the data from

Returns

mixed

toHeaderValue() public 

toHeaderValue()

Returns a header value as string

Returns

string

validateBool() protected 

validateBool(mixed $value)

Validate that an argument is a boolean

Parameters

bool $value

The value to validate.

Throws

InvalidArgumentException

validateName() protected 

validateName(mixed $name)

Validates the cookie name

Parameters

string $name

Name of the cookie

Throws

InvalidArgumentException

Links

https://tools.ietf.org/html/rfc2616#section-2.2
Rules for naming cookies.

validateSameSiteValue() protected static 

validateSameSiteValue(mixed $sameSite)

Check that value passed for SameSite is valid.

Parameters

string $sameSite

SameSite value

Throws

InvalidArgumentException

validateString() protected 

validateString(mixed $value)

Validate that an argument is a string

Parameters

string $value

The value to validate.

Throws

InvalidArgumentException

withAddedValue() public 

withAddedValue(mixed $path, mixed $value)

Create a new cookie with updated data.

Parameters

string $path

Path to write to

mixed $value

Value to write

Returns

static

withDomain() public 

withDomain(mixed $domain)

Create a cookie with an updated domain

Parameters

string $domain

Domain to set

Returns

static

withExpired() public 

withExpired()

Create a new cookie that will expire/delete the cookie from the browser.

This is done by setting the expiration time to 1 year ago

Returns

static

withExpiry() public 

withExpiry(mixed $dateTime)

Create a cookie with an updated expiration date

Parameters

\DateTime|\DateTimeImmutable $dateTime

Date time object

Returns

static

withHttpOnly() public 

withHttpOnly(mixed $httpOnly)

Create a cookie with HTTP Only updated

Parameters

bool $httpOnly

HTTP Only

Returns

static

withName() public 

withName(mixed $name)

Sets the cookie name

Parameters

string $name

Name of the cookie

Returns

static

withNeverExpire() public 

withNeverExpire()

Create a new cookie that will virtually never expire.

Returns

static

withPath() public 

withPath(mixed $path)

Create a new cookie with an updated path

Parameters

string $path

Sets the path

Returns

static

withSameSite() public 

withSameSite(mixed $sameSite)

Create a cookie with an updated SameSite option.

Parameters

string|null $sameSite optional

Value for to set for Samesite option. One of CookieInterface::SAMESITE_* constants.

Returns

static

Throws

InvalidArgumentException
If argument value is not one of CookieInterface::SAMESITE_VALUES

withSecure() public 

withSecure(mixed $secure)

Create a cookie with Secure updated

Parameters

bool $secure

Secure attribute value

Returns

static

withValue() public 

withValue(mixed $value)

Create a cookie with an updated value.

Parameters

string|array $value

Value of the cookie to set

Returns

static

withoutAddedValue() public 

withoutAddedValue(mixed $path)

Create a new cookie without a specific path

Parameters

string $path

Path to remove

Returns

static

Property Detail

$domain protected

Domain

Type

string

$expiresAt protected

Expiration time

Type

\DateTime|\DateTimeImmutable|null

$httpOnly protected

HTTP only

Type

bool

$isExpanded protected

Whether or not a JSON value has been expanded into an array.

Type

bool

$name protected

Cookie name

Type

string

$path protected

Path

Type

string

$sameSite protected

Samesite

Type

string|null

$secure protected

Secure

Type

bool

$value protected

Raw Cookie value.

Type

string|array

© 2005–present The Cake Software Foundation, Inc.
Licensed under the MIT License.
CakePHP is a registered trademark of Cake Software Foundation, Inc.
We are not endorsed by or affiliated with CakePHP.
https://api.cakephp.org/3.9/class-Cake.Http.Cookie.Cookie.html