Viewed   67 times

I'm trying to access a cookie's value (using $_COOKIE) immediately after calling the setcookie() function in PHP. When I do so, $_COOKIE['uname'] isn't set. Why?

Note, however, that $_COOKIE['uname'] is set as expected upon the next execution of the script, such as after a page refresh.

setcookie('uname', $uname, time() + 60 * 30);
echo "Cookie value: " . $_COOKIE['uname'];



$_COOKIE is set when the page loads, due to the stateless nature of the web. If you want immediate access, you can set $_COOKIE['uname'] yourself or use an intermediate variable.

For example:

if (isset($_COOKIE['uname'])) {
    // get data from cookie for local use
    $uname = $_COOKIE['uname'];
else {
    // set cookie, local $uname already set
    setcookie('uname', $uname, time() + 1800);  
Friday, September 2, 2022

Http cookies are headers that are transferred between the client (the browser), and the webserver.

When you use setcookie, what you are doing is instructing the PHP interpreter to inject a header in its response with this format:


That cookie will be stored by the browser, and returned by it in future requests (to the same host) in the Cookies request header like this:


Normally, when transferring this you should urlencode any special characters. Let's say that I wan to specify a cookie named "operator" with a value of ">", then I should emit this header:


When it says that the value is automatically urlencoded, is saying that you don't have to worry about that. You can simply do:

setcookie('operator', ">");

And PHP will handle the urlencoding directly, producing the correct header.

On the server side, you'll receive cookies in the $_COOKIES superglobal, and in the same way that happens with $_GET and $_POST, values will be automatically urldecoded for you. So if the client returns the previously set cookie %3E, you'll see: > in your code.

If you use your browser inspector, you can see the relevant headers on any request-response. E.g.:

request (returning cookie)

response (setting cookie)

setrawcookie, does the same, but you have to urlencode on your own. From the docs:

setrawcookie() is exactly the same as setcookie() except that the cookie value will not be automatically urlencoded when sent to the browser.

More likely than not, you won't have any reason to ever use setrawcookie directly.

Wednesday, October 26, 2022

Try using setcookie with a a path specified, this used to catch me out, as it assumes the current path by default. Using / will make the cookie work for the whole domain

setcookie("Username", $username, time()+3600*24*30, '/');
Friday, November 4, 2022
$cookie_name = "test";
$cookie_value = "123";
setcookie($cookie_name, $cookie_value, time() + (86400 * 30), "/"); // 86400 = 1 day

You need to write your php code like this

You can use this script If u can want particular cookie

function getCookie(cname) {
    var name = cname + "=";
    var ca = document.cookie.split(';');
    for(var i=0; i<ca.length; i++) {
        var c = ca[i];
        while (c.charAt(0)==' ') c = c.substring(1);
        if (c.indexOf(name) == 0) return c.substring(name.length,c.length);
    return "";

Monday, December 5, 2022

From CORS spec

Whenever the make a request steps are applied, fetch the request URL from origin source origin with the manual redirect flag set, and the block cookies flag set if the omit credentials flag is set. Use method request method, entity body request entity body, including the author request headers, and include user credentials if the omit credentials flag is unset. Exclude the Referer header if source origin is a globally unique identifier.

As you correctly says - cookies are added by browser if you use withCredentials.

Monday, August 15, 2022
Only authorized users can answer the search term. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :