Class Cookie
Cookie object to build a cookie and turn it into a header value
An HTTP cookie (also called web cookie, Internet cookie, browser cookie or simply cookie) is a small piece of data sent from a website and stored on the user's computer by the user's web browser while the user is browsing.
Cookies were designed to be a reliable mechanism for websites to remember stateful information (such as items added in the shopping cart in an online store) or to record the user's browsing activity (including clicking particular buttons, logging in, or recording which pages were visited in the past). They can also be used to remember arbitrary pieces of information that the user previously entered into form fields such as names, and preferences.
Cookie objects are immutable, and you must re-assign variables when modifying cookie objects:
$cookie = $cookie->withValue('0');
See: \Cake\Http\Cookie\CookieCollection for working with collections of cookies.
See: \Cake\Http\Response::getCookieCollection() for working with response cookies.
Link: https://tools.ietf.org/html/rfc6265
Link: https://en.wikipedia.org/wiki/HTTP_cookie
Constants
-
string
EXPIRES_FORMAT ¶'D, d-M-Y H:i:s T'
Expires attribute format.
-
string
SAMESITE_LAX ¶'Lax'
SameSite attribute value: Lax
-
string
SAMESITE_NONE ¶'None'
SameSite attribute value: None
-
string
SAMESITE_STRICT ¶'Strict'
SameSite attribute value: Strict
-
string[]
SAMESITE_VALUES ¶[self::SAMESITE_LAX, self::SAMESITE_STRICT, self::SAMESITE_NONE]
Valid values for "SameSite" attribute.
Property Summary
-
$domain protected
string
Domain
-
$expiresAt protected
DateTimeDateTimeImmutable|null
Expiration time
-
$httpOnly protected
bool
HTTP only
-
$isExpanded protected
bool
Whether or not a JSON value has been expanded into an array.
-
$name protected
string
Cookie name
-
$path protected
string
Path
-
$sameSite protected
string|null
Samesite
-
$secure protected
bool
Secure
-
$value protected
string|array
Raw Cookie value.
Method Summary
-
__construct() public
Constructor
-
_expand() protected
Explode method to return array from string set in CookieComponent::_flatten() Maintains reading backwards compatibility with 1.x CookieComponent::_flatten().
-
_flatten() protected
Implode method to keep keys are multidimensional arrays
-
_setValue() protected
Setter for the value attribute.
-
check() public
Checks if a value exists in the cookie data.
-
getDomain() public
Get the domain attribute.
-
getExpiresTimestamp() public
Get the timestamp from the expiration time
-
getExpiry() public
Get the current expiry time
-
getFormattedExpires() public
Builds the expiration value part of the header string
-
getId() public
Get the id for a cookie
-
getName() public
Gets the cookie name
-
getPath() public
Get the path attribute.
-
getSameSite() public
Get the SameSite attribute.
-
getStringValue() public
Gets the cookie value as a string.
-
getValue() public
Gets the cookie value
-
isExpanded() public
Checks if the cookie value was expanded
-
isExpired() public
Check if a cookie is expired when compared to $time
-
isHttpOnly() public
Check if the cookie is HTTP only
-
isSecure() public
Check if the cookie is secure
-
read() public
Read data from the cookie
-
toHeaderValue() public
Returns a header value as string
-
validateBool() protected
Validate that an argument is a boolean
-
validateName() protected
Validates the cookie name
-
validateSameSiteValue() protected static
Check that value passed for SameSite is valid.
-
validateString() protected
Validate that an argument is a string
-
withAddedValue() public
Create a new cookie with updated data.
-
withDomain() public
Create a cookie with an updated domain
-
withExpired() public
Create a new cookie that will expire/delete the cookie from the browser.
-
withExpiry() public
Create a cookie with an updated expiration date
-
withHttpOnly() public
Create a cookie with HTTP Only updated
-
withName() public
Sets the cookie name
-
withNeverExpire() public
Create a new cookie that will virtually never expire.
-
withPath() public
Create a new cookie with an updated path
-
withSameSite() public
Create a cookie with an updated SameSite option.
-
withSecure() public
Create a cookie with Secure updated
-
withValue() public
Create a cookie with an updated value.
-
withoutAddedValue() public
Create a new cookie without a specific path
Method Detail
__construct() ¶ public
__construct(string $name, string|array $value = '', DateTimeDateTimeImmutable|null $expiresAt = null, string $path = '/', string $domain = '', bool $secure = false, bool $httpOnly = false, string|null $sameSite = null)
Constructor
The constructors args are similar to the native PHP setcookie()
method.
The only difference is the 3rd argument which excepts null or an
DateTime or DateTimeImmutable object instead an integer.
Parameters
-
string
$name Cookie name
-
string|array
$value optional Value of the cookie
-
DateTimeDateTimeImmutable|null
$expiresAt optional Expiration time and date
-
string
$path optional Path
-
string
$domain optional Domain
-
bool
$secure optional Is secure
-
bool
$httpOnly optional HTTP Only
-
string|null
$sameSite optional Samesite
Throws
InvalidArgumentException
If an invalid value is passed for any of the arguments.
Links
_expand() ¶ protected
_expand(string $string): string|array
Explode method to return array from string set in CookieComponent::_flatten() Maintains reading backwards compatibility with 1.x CookieComponent::_flatten().
Parameters
-
string
$string A string containing JSON encoded data, or a bare string.
Returns
string|array
_flatten() ¶ protected
_flatten(array $array): string
Implode method to keep keys are multidimensional arrays
Parameters
-
array
$array Map of key and values
Returns
string
_setValue() ¶ protected
_setValue(mixed $value): void
Setter for the value attribute.
Parameters
-
mixed
$value The value to store.
Returns
void
check() ¶ public
check(string $path): bool
Checks if a value exists in the cookie data.
This method will expand serialized complex data, on first use.
Parameters
-
string
$path Path to check
Returns
bool
getExpiresTimestamp() ¶ public
getExpiresTimestamp(): string|null
Get the timestamp from the expiration time
Timestamps are strings as large timestamps can overflow MAX_INT in 32bit systems.
Returns
string|null
getExpiry() ¶ public
getExpiry(): DateTimeDateTimeImmutable|null
Get the current expiry time
Returns
DateTimeDateTimeImmutable|null
getFormattedExpires() ¶ public
getFormattedExpires(): string
Builds the expiration value part of the header string
Returns
string
getId() ¶ public
getId(): string
Get the id for a cookie
Cookies are unique across name, domain, path tuples.
Returns
string
getStringValue() ¶ public
getStringValue(): string
Gets the cookie value as a string.
This will collapse any complex data in the cookie with json_encode()
Returns
string
isExpired() ¶ public
isExpired(DateTimeDateTimeImmutable $time = null): bool
Check if a cookie is expired when compared to $time
Cookies without an expiration date always return false.
Parameters
-
DateTimeDateTimeImmutable
$time optional
Returns
bool
read() ¶ public
read(string $path = null): mixed
Read data from the cookie
This method will expand serialized complex data, on first use.
Parameters
-
string
$path optional Path to read the data from
Returns
mixed
validateBool() ¶ protected
validateBool(bool $value): void
Validate that an argument is a boolean
Parameters
-
bool
$value The value to validate.
Returns
void
Throws
InvalidArgumentException
validateName() ¶ protected
validateName(string $name): void
Validates the cookie name
Parameters
-
string
$name Name of the cookie
Returns
void
Throws
InvalidArgumentException
Links
validateSameSiteValue() ¶ protected static
validateSameSiteValue(string $sameSite): void
Check that value passed for SameSite is valid.
Parameters
-
string
$sameSite SameSite value
Returns
void
Throws
InvalidArgumentException
validateString() ¶ protected
validateString(string $value): void
Validate that an argument is a string
Parameters
-
string
$value The value to validate.
Returns
void
Throws
InvalidArgumentException
withAddedValue() ¶ public
withAddedValue(string $path, mixed $value): static
Create a new cookie with updated data.
Parameters
-
string
$path Path to write to
-
mixed
$value Value to write
Returns
static
withDomain() ¶ public
withDomain(string $domain): static
Create a cookie with an updated domain
Parameters
-
string
$domain
Returns
static
withExpired() ¶ public
withExpired(): static
Create a new cookie that will expire/delete the cookie from the browser.
This is done by setting the expiration time to 1 year ago
Returns
static
withExpiry() ¶ public
withExpiry(DateTimeDateTimeImmutable $dateTime): static
Create a cookie with an updated expiration date
Parameters
-
DateTimeDateTimeImmutable
$dateTime
Returns
static
withHttpOnly() ¶ public
withHttpOnly(bool $httpOnly): static
Create a cookie with HTTP Only updated
Parameters
-
bool
$httpOnly
Returns
static
withName() ¶ public
withName(string $name): static
Sets the cookie name
Parameters
-
string
$name
Returns
static
withNeverExpire() ¶ public
withNeverExpire(): static
Create a new cookie that will virtually never expire.
Returns
static
withPath() ¶ public
withPath(string $path): static
Create a new cookie with an updated path
Parameters
-
string
$path
Returns
static
withSameSite() ¶ public
withSameSite(mixed $sameSite = null): static
Create a cookie with an updated SameSite option.
Parameters
-
$sameSite optional
Value for to set for Samesite option. One of CookieInterface::SAMESITE_* constants.
Returns
static
Throws
InvalidArgumentException
If argument value is not one of CookieInterface::SAMESITE_VALUES
withSecure() ¶ public
withSecure(bool $secure): static
Create a cookie with Secure updated
Parameters
-
bool
$secure
Returns
static
withValue() ¶ public
withValue(string|array $value): static
Create a cookie with an updated value.
Parameters
-
string|array
$value
Returns
static
withoutAddedValue() ¶ public
withoutAddedValue(string $path): static
Create a new cookie without a specific path
Parameters
-
string
$path Path to remove
Returns
static