Published in Laravel

Laravel Helper Function: cookie

By John Koster

cookie($name = null, $value = null, $minutes = 0, $path = null, $domain = null, $secure = false, $httpOnly = true)

The cookie function is generally used to create a new instance of the \Symfony\Component\HttpFoundation\Cookie class. If the supplied $name is null an implementation of \Illuminate\Contracts\Cookie \Factory (which is an instance of \Illuminate\Cookie\CookieJar by default) is returned instead. When not being used to return a CookieJar instance, the cookie function makes a call to the make method on an instance of the CookieJar (which is resolved using the application container) using all supplied parameters.

#Cookies and Responses

When using the cookie function to create a cookie, it is important to remember that the function will not send the cookie to client. It will simply create the cookie and return an instance of \Symfony\Component\HttpFoundation\Cookie.

The cookie function defines seven optional parameters:

$name

This is the name of the new cookie. The names of cookies must be unique.

$value

The value to be stored in the cookie. Cookie values can be a numeric value or a string and not more than 4KB in length.

$minutes

The number of minutes until the cookie expires. A "forever" cookie in Laravel is set to expire in five years or roughly 2,628,000 minutes.

$path

This parameter determines which path on the web server the cookie will be available on. For example, if the $path is set to /laravel/, the cookie will only be available within the /laravel/ directory and all sub-directories. The cookies will also be available to any routed actions that match the path. The default value of $path ultimately will be /, which means the cookie is available on all paths.

$domain

The $domain parameter can be used to restrict where the cookie is available, just like the $path parameter. Except, instead of working on web server paths it works on the domain or sub-domain. Setting the $domain value to example.com makes the cookie available on example.com, as well as sub-domains above it such as www.example.com. Setting a cookie domain to ww3.www.example.com would make the cookie available to the ww3 sub-domain and higher, but not the www sub-domain.

To make a cookie available to all domains, prefix the domain with the . character. So to make a cookie available on all sub-domains of example.com, set the domain to .example.com.

If no domain is specified, the request host will be used as the $domain value, as specified in RFC 2109 - HTTP State Management Mechanism.

$secure

The $secure parameter determines whether or not the cookie is only sent back to the server over a HTTPS connection. If $secure is set to true, the cookie will only be sent back over secure connections.

$httpOnly

The $httpOnly parameter determines if the cookie can only be accessed with the HTTP protocol. If set to true, the cookie cannot be accessed by scripting languages such as JavaScript.

The following examples highlight the basic usage of the cookie function to create various cookies:

1<?php

2

3// Creating a cookie, with a basic value.

4$cookie = cookie('test_basic', 'The cookie value');

5

6// Creating a HTTPS-only cookie.

7$cookie = cookie('test_secure', 'Value', null, null, null, true);