Devinow Framework Cookie Library,Modern cookie management.

5.0.0 2023-08-03 15:27 UTC

This package is auto-updated.

Last update: 2023-11-03 16:10:20 UTC


composer require devinow/cookie


Static method

This library provides a static method that is compatible to PHP’s built-in setcookie(...) function but includes support for more recent features such as the SameSite attribute:

\Devinow\Cookie\Cookie::setcookie('SID', '31d4d96e407aad42');
// or
\Devinow\Cookie\Cookie::setcookie('SID', '31d4d96e407aad42', time() + 3600, '/~rasmus/', '', true, true, 'Lax');

Builder pattern

Instances of the Cookie class let you build a cookie conveniently by setting individual properties. This class uses reasonable defaults that may differ from defaults of the setcookie function.

$cookie = new \Devinow\Cookie\Cookie('SID');
$cookie->setMaxAge(60 * 60 * 24);
// $cookie->setExpiryTime(time() + 60 * 60 * 24);

// echo $cookie;
// or
// or
// $cookie->saveAndSet();

The method calls can also be chained:

(new \Devinow\Cookie\Cookie('SID'))->setValue('31d4d96e407aad42')->setMaxAge(60 * 60 * 24)->setSameSiteRestriction('None')->save();

A cookie can later be deleted simply like this:

// or

Note: For the deletion to work, the cookie must have the same settings as the cookie that was originally saved – except for its value, which doesn’t need to be set. So you should remember to pass appropriate values to setPath(...), setDomain(...), setHttpOnly(...) and setSecureOnly(...) again.

Reading cookies

  • Checking whether a cookie exists:

  • Reading a cookie’s value (with optional default value):

    // or
    \Devinow\Cookie\Cookie::get('first_visit', \time());

Managing sessions

Using the Session class, you can start and resume sessions in a way that is compatible to PHP’s built-in session_start() function, while having access to the improved cookie handling from this library as well:

// start session and have session cookie with 'lax' same-site restriction
// or

// start session and have session cookie with 'strict' same-site restriction

// start session and have session cookie without any same-site restriction
// or
\Devinow\Cookie\Session::start('None'); // Chrome 80+

All three calls respect the settings from PHP’s session_set_cookie_params(...) function and the configuration options, session.cookie_lifetime, session.cookie_path, session.cookie_domain, session.cookie_secure, session.cookie_httponly and session.use_cookies.

Likewise, replacements for

// and

are available via

// and

if you want protection against session fixation attacks that comes with improved cookie handling.

Additionally, access to the current internal session ID is provided via


as a replacement for


Reading and writing session data

  • Read a value from the session (with optional default value):

    $value = \Devinow\Cookie\Session::get($key);
    // or
    $value = \Devinow\Cookie\Session::get($key, $defaultValue);
  • Write a value to the session:

    \Devinow\Cookie\Session::set($key, $value);
  • Check whether a value exists in the session:

    if (\Devinow\Cookie\Session::has($key)) {
        // ...
  • Remove a value from the session:

  • Read and then immediately remove a value from the session:

    $value = \Devinow\Cookie\Session::take($key);
    $value = \Devinow\Cookie\Session::take($key, $defaultValue);

    This is often useful for flash messages, e.g. in combination with the has(...) method.

Parsing cookies

$cookieHeader = 'Set-Cookie:; expires=Thu, 09-Jun-2016 16:30:32 GMT; Max-Age=3600; path=/~rasmus/; secure';
$cookieInstance = \Devinow\Cookie\Cookie::parse($cookieHeader);