Class Cookie
Cookie object to build a cookie and turn it into a header value
An HTTP cookie (also called web cookie, Internet cookie, browser cookie or simply cookie) is a small piece of data sent from a website and stored on the user's computer by the user's web browser while the user is browsing.
Cookies were designed to be a reliable mechanism for websites to remember stateful information (such as items added in the shopping cart in an online store) or to record the user's browsing activity (including clicking particular buttons, logging in, or recording which pages were visited in the past). They can also be used to remember arbitrary pieces of information that the user previously entered into form fields such as names, and preferences.
Cookie objects are immutable, and you must re-assign variables when modifying cookie objects:
$cookie = $cookie->withValue('0');See: \Cake\Http\Cookie\CookieCollection for working with collections of cookies.
See: \Cake\Http\Response::getCookieCollection() for working with response cookies.
Link: https://tools.ietf.org/html/rfc6265
Link: https://en.wikipedia.org/wiki/HTTP_cookie
Constants
-
stringEXPIRES_FORMAT ¶'D, d-M-Y H:i:s T'Expires attribute format.
-
stringSAMESITE_LAX ¶'Lax'SameSite attribute value: Lax
-
stringSAMESITE_NONE ¶'None'SameSite attribute value: None
-
stringSAMESITE_STRICT ¶'Strict'SameSite attribute value: Strict
-
string[]SAMESITE_VALUES ¶[self::SAMESITE_LAX, self::SAMESITE_STRICT, self::SAMESITE_NONE]Valid values for "SameSite" attribute.
Property Summary
-
$domain protected
stringDomain
-
$expiresAt protected
DateTime|DateTimeImmutable|nullExpiration time
-
$httpOnly protected
boolHTTP only
-
$isExpanded protected
boolWhether or not a JSON value has been expanded into an array.
-
$name protected
stringCookie name
-
$path protected
stringPath
-
$sameSite protected
string|nullSamesite
-
$secure protected
boolSecure
-
$value protected
string|arrayRaw Cookie value.
Method Summary
-
__construct() public
Constructor
-
_expand() protected
Explode method to return array from string set in CookieComponent::_flatten() Maintains reading backwards compatibility with 1.x CookieComponent::_flatten().
-
_flatten() protected
Implode method to keep keys are multidimensional arrays
-
_setValue() protected
Setter for the value attribute.
-
check() public
Checks if a value exists in the cookie data.
-
getDomain() public
Get the domain attribute.
-
getExpiresTimestamp() public
Get the timestamp from the expiration time
-
getExpiry() public
Get the current expiry time
-
getFormattedExpires() public
Builds the expiration value part of the header string
-
getId() public
Get the id for a cookie
-
getName() public
Gets the cookie name
-
getPath() public
Get the path attribute.
-
getSameSite() public
Get the SameSite attribute.
-
getStringValue() public
Gets the cookie value as a string.
-
getValue() public
Gets the cookie value
-
isExpanded() public
Checks if the cookie value was expanded
-
isExpired() public
Check if a cookie is expired when compared to $time
-
isHttpOnly() public
Check if the cookie is HTTP only
-
isSecure() public
Check if the cookie is secure
-
read() public
Read data from the cookie
-
toHeaderValue() public
Returns a header value as string
-
validateBool() protected
Validate that an argument is a boolean
-
validateName() protected
Validates the cookie name
-
validateSameSiteValue() protected static
Check that value passed for SameSite is valid.
-
validateString() protected
Validate that an argument is a string
-
withAddedValue() public
Create a new cookie with updated data.
-
withDomain() public
Create a cookie with an updated domain
-
withExpired() public
Create a new cookie that will expire/delete the cookie from the browser.
-
withExpiry() public
Create a cookie with an updated expiration date
-
withHttpOnly() public
Create a cookie with HTTP Only updated
-
withName() public
Sets the cookie name
-
withNeverExpire() public
Create a new cookie that will virtually never expire.
-
withPath() public
Create a new cookie with an updated path
-
withSameSite() public
Create a cookie with an updated SameSite option.
-
withSecure() public
Create a cookie with Secure updated
-
withValue() public
Create a cookie with an updated value.
-
withoutAddedValue() public
Create a new cookie without a specific path
Method Detail
__construct() ¶ public
__construct(string $name, string|array $value = '', DateTime|DateTimeImmutable|null $expiresAt = null, string $path = '/', string $domain = '', bool $secure = false, bool $httpOnly = false, string|null $sameSite = null)Constructor
The constructors args are similar to the native PHP setcookie() method.
The only difference is the 3rd argument which excepts null or an
DateTime or DateTimeImmutable object instead an integer.
Parameters
-
string$name Cookie name
-
string|array$value optional Value of the cookie
-
DateTime|DateTimeImmutable|null$expiresAt optional Expiration time and date
-
string$path optional Path
-
string$domain optional Domain
-
bool$secure optional Is secure
-
bool$httpOnly optional HTTP Only
-
string|null$sameSite optional Samesite
Throws
InvalidArgumentExceptionIf an invalid value is passed for any of the arguments.
Links
_expand() ¶ protected
_expand(string $string): string|arrayExplode method to return array from string set in CookieComponent::_flatten() Maintains reading backwards compatibility with 1.x CookieComponent::_flatten().
Parameters
-
string$string A string containing JSON encoded data, or a bare string.
Returns
string|array_flatten() ¶ protected
_flatten(array $array): stringImplode method to keep keys are multidimensional arrays
Parameters
-
array$array Map of key and values
Returns
string_setValue() ¶ protected
_setValue(mixed $value): voidSetter for the value attribute.
Parameters
-
mixed$value The value to store.
Returns
voidcheck() ¶ public
check(string $path): boolChecks if a value exists in the cookie data.
This method will expand serialized complex data, on first use.
Parameters
-
string$path Path to check
Returns
boolgetExpiresTimestamp() ¶ public
getExpiresTimestamp(): string|nullGet the timestamp from the expiration time
Timestamps are strings as large timestamps can overflow MAX_INT in 32bit systems.
Returns
string|nullgetExpiry() ¶ public
getExpiry(): DateTime|DateTimeImmutable|nullGet the current expiry time
Returns
DateTime|DateTimeImmutable|nullgetFormattedExpires() ¶ public
getFormattedExpires(): stringBuilds the expiration value part of the header string
Returns
stringgetId() ¶ public
getId(): stringGet the id for a cookie
Cookies are unique across name, domain, path tuples.
Returns
stringgetStringValue() ¶ public
getStringValue(): stringGets the cookie value as a string.
This will collapse any complex data in the cookie with json_encode()
Returns
stringisExpired() ¶ public
isExpired(DateTime|DateTimeImmutable $time = null): boolCheck if a cookie is expired when compared to $time
Cookies without an expiration date always return false.
Parameters
-
DateTime|DateTimeImmutable$time optional
Returns
boolread() ¶ public
read(string $path = null): mixedRead data from the cookie
This method will expand serialized complex data, on first use.
Parameters
-
string$path optional Path to read the data from
Returns
mixedvalidateBool() ¶ protected
validateBool(bool $value): voidValidate that an argument is a boolean
Parameters
-
bool$value The value to validate.
Returns
voidThrows
InvalidArgumentExceptionvalidateName() ¶ protected
validateName(string $name): voidValidates the cookie name
Parameters
-
string$name Name of the cookie
Returns
voidThrows
InvalidArgumentExceptionLinks
validateSameSiteValue() ¶ protected static
validateSameSiteValue(string $sameSite): voidCheck that value passed for SameSite is valid.
Parameters
-
string$sameSite SameSite value
Returns
voidThrows
InvalidArgumentExceptionvalidateString() ¶ protected
validateString(string $value): voidValidate that an argument is a string
Parameters
-
string$value The value to validate.
Returns
voidThrows
InvalidArgumentExceptionwithAddedValue() ¶ public
withAddedValue(string $path, mixed $value): staticCreate a new cookie with updated data.
Parameters
-
string$path Path to write to
-
mixed$value Value to write
Returns
staticwithDomain() ¶ public
withDomain(string $domain): staticCreate a cookie with an updated domain
Parameters
-
string$domain
Returns
staticwithExpired() ¶ public
withExpired(): staticCreate a new cookie that will expire/delete the cookie from the browser.
This is done by setting the expiration time to 1 year ago
Returns
staticwithExpiry() ¶ public
withExpiry(DateTime|DateTimeImmutable $dateTime): staticCreate a cookie with an updated expiration date
Parameters
-
DateTime|DateTimeImmutable$dateTime
Returns
staticwithHttpOnly() ¶ public
withHttpOnly(bool $httpOnly): staticCreate a cookie with HTTP Only updated
Parameters
-
bool$httpOnly
Returns
staticwithName() ¶ public
withName(string $name): staticSets the cookie name
Parameters
-
string$name
Returns
staticwithNeverExpire() ¶ public
withNeverExpire(): staticCreate a new cookie that will virtually never expire.
Returns
staticwithPath() ¶ public
withPath(string $path): staticCreate a new cookie with an updated path
Parameters
-
string$path
Returns
staticwithSameSite() ¶ public
withSameSite(mixed $sameSite = null): staticCreate a cookie with an updated SameSite option.
Parameters
-
$sameSite optional Value for to set for Samesite option. One of CookieInterface::SAMESITE_* constants.
Returns
staticThrows
InvalidArgumentExceptionIf argument value is not one of CookieInterface::SAMESITE_VALUES
withSecure() ¶ public
withSecure(bool $secure): staticCreate a cookie with Secure updated
Parameters
-
bool$secure
Returns
staticwithValue() ¶ public
withValue(string|array $value): staticCreate a cookie with an updated value.
Parameters
-
string|array$value
Returns
staticwithoutAddedValue() ¶ public
withoutAddedValue(string $path): staticCreate a new cookie without a specific path
Parameters
-
string$path Path to remove
Returns
static