Published in Laravel 5

Laravel 5: Managing HTTP Cookies With cookie

By John Koster

The cookie function is generally used to create a new instance of the \Symfony\Component\HttpFoundation\Cookie class. If the supplied $name is null an implementation of \Illuminate\Contracts\Cookie\Factory (which is an instance of \Illuminate\Cookie\CookieJar by default) is returned instead. When not being used to return a CookieJar instance, the cookie function makes a call to the make method on an instance of the CookieJar (which is resolved using the application container) using all of the supplied parameters.

#Signature

The signature of the cookie function is:

 1function cookie(

 2    $name,

 3    $value,

 4    $minutes,

 5    $path,

 6    $domain,

 7    $secure,

 8    $httpOnly,

 9    $raw,

10    $sameSite

11);

#Example Use

The following examples will demonstrate the various ways to invoke the cookie helper function.

#Cookies and Responses

When using the cookie function to create a cookie, it is important to remember that the function will not send the cookie to client. It will simply create the cookie and return an instance of \Symfony\Component\HttpFoundation\Cookie.

The cookie function defines several optional parameters:

$name

This is the name of the new cookie. The names of cookies must be unique.

$value

The value to be stored in the cookie. Cookie values can be a numeric value or a string and not more than 4KB in length.

$minutes

The number of minutes until the cookie expires. A "forever" cookie in Laravel is set to expire in five years or 2,628,000 minutes.

$path

This parameter determines which path on the site the cookie will be available on. For example, if the $path is set to /laravel/, the cookie will only be available within the /laravel/ directory and all sub-directories. The cookies will also be available to any routed actions that match the path. The default value of $path is /, which means the cookie is available on all paths.

$domain

The $domain parameter can be used to restrict where the cookie is available, similar to the $path parameter. Except, instead of working on web server paths it works on the domain or sub-domain level. Setting the $domain value to example.com makes the cookie available on example.com, as well as sub-domains above it such as www.example.com. Setting a cookie domain to ww3.www.example.com would make the cookie available to the ww3 sub-domain and higher, but not the www sub-domain.

To make a cookie available to all domains, prefix the domain with the . character. So to make a cookie available on all sub-domains of example.com, set the domain to .example.com.

If no domain is specified, the request host will be used as the $domain value, as specified in RFC 2109 - HTTP State Management Mechanism.

$secure

The $secure parameter determines whether or not the cookie is only sent back to the server over a HTTPS connection. If $secure is set to true, the cookie will only be sent back over secure connections.

$httpOnly

The $httpOnly parameter determines if the cookie can only be accessed with the HTTP protocol. If set to true, the cookie cannot be accessed by scripting languages such as JavaScript.

$raw

An argument supplied to this parameter will indicate to the underlying Symfony Cookie object whether or not the values stored within the cookie are in their raw form. If not, the urlencode function will be applied to the cookie's values.

$sameSite

The value of the argument supplied to the $sameSite parameter can be used to control the cookie's samesite value. This setting prevents the browser from sending the cookie with cross-site requests. If the supplied value is null, this flag will not be set for the cookie.

The possible values for this flag are lax or strict. Setting the value to lax, the cookie will be sent along will GET requests, such as when following links on a website. When the value is set to strict, the cookie will be sent along with any cross-site requests, even when following links.

The following examples highlight the basic usage of the cookie function to create various cookies:

 1// Retrieving an instance of the cookie factor.

 2$factory = cookie();

 3

 4// Creating a cookie, with a basic value.

 5$cookie = cookie(

 6    'test_basic',

 7    'The cookie value'

 8);

 9

10// Creating a HTTPS-only cookie.

11$cookie = cookie(

12    'test_secure',

13    'Value',

14    null,

15    null,

16    null,

17    true

18);