Cookie
extends BaseObject
in package
Cookie represents information related with a cookie, such as [[name]], [[value]], [[domain]], etc.
For more details and usage information on Cookie, see the guide article on handling cookies.
Tags
Table of Contents
Constants
- SAME_SITE_LAX = 'Lax'
- SameSite policy Lax will prevent the cookie from being sent by the browser in all cross-site browsing context during CSRF-prone request methods (e.g. POST, PUT, PATCH etc).
- SAME_SITE_NONE = 'None'
- SameSite policy None disables the SameSite policy so cookies will be sent in all contexts, i.e in responses to both first-party and cross-origin requests.
- SAME_SITE_STRICT = 'Strict'
- SameSite policy Strict will prevent the cookie from being sent by the browser in all cross-site browsing context regardless of the request method and even when following a regular link.
Properties
- $domain : string
- $expire : int|string|DateTimeInterface|null
- $httpOnly : bool
- $name : string
- $path : string
- $sameSite : string
- $secure : bool
- $value : string
Methods
- __call() : mixed
- Calls the named method which is not a class method.
- __construct() : mixed
- Constructor.
- __get() : mixed
- Returns the value of an object property.
- __isset() : bool
- Checks if a property is set, i.e. defined and not null.
- __set() : mixed
- Sets value of an object property.
- __toString() : string
- Magic method to turn a cookie object into a string without having to explicitly access [[value]].
- __unset() : mixed
- Sets an object property to null.
- canGetProperty() : bool
- Returns a value indicating whether a property can be read.
- canSetProperty() : bool
- Returns a value indicating whether a property can be set.
- className() : string
- Returns the fully qualified name of this class.
- hasMethod() : bool
- Returns a value indicating whether a method is defined.
- hasProperty() : bool
- Returns a value indicating whether a property is defined.
- init() : mixed
- Initializes the object.
Constants
SAME_SITE_LAX
SameSite policy Lax will prevent the cookie from being sent by the browser in all cross-site browsing context during CSRF-prone request methods (e.g. POST, PUT, PATCH etc).
public
mixed
SAME_SITE_LAX
= 'Lax'
E.g. a POST request from https://otherdomain.com to https://yourdomain.com will not include the cookie, however a GET request will. When a user follows a link from https://otherdomain.com to https://yourdomain.com it will include the cookie
Tags
SAME_SITE_NONE
SameSite policy None disables the SameSite policy so cookies will be sent in all contexts, i.e in responses to both first-party and cross-origin requests.
public
mixed
SAME_SITE_NONE
= 'None'
E.g. a POST request from https://otherdomain.com to https://yourdomain.com will include the cookie.
Note: If sameSite is set to None, the secure attribute must be set to true (otherwise the cookie will be blocked by the browser).
Tags
SAME_SITE_STRICT
SameSite policy Strict will prevent the cookie from being sent by the browser in all cross-site browsing context regardless of the request method and even when following a regular link.
public
mixed
SAME_SITE_STRICT
= 'Strict'
E.g. a GET request from https://otherdomain.com to https://yourdomain.com or a user following a link from https://otherdomain.com to https://yourdomain.com will not include the cookie.
Tags
Properties
$domain
public
string
$domain
= ''
domain of the cookie
$expire
public
int|string|DateTimeInterface|null
$expire
= 0
the timestamp or date at which the cookie expires. This is the server timestamp.
Defaults to 0, meaning "until the browser is closed" (the same applies to null).
$httpOnly
public
bool
$httpOnly
= true
whether the cookie should be accessible only through the HTTP protocol. By setting this property to true, the cookie will not be accessible by scripting languages, such as JavaScript, which can effectively help to reduce identity theft through XSS attacks.
$name
public
string
$name
name of the cookie
$path
public
string
$path
= '/'
the path on the server in which the cookie will be available on. The default is '/'.
$sameSite
public
string
$sameSite
= self::SAME_SITE_LAX
SameSite prevents the browser from sending this cookie along with cross-site requests.
See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite for more information about sameSite.
Tags
$secure
public
bool
$secure
= false
whether cookie should be sent via secure connection
$value
public
string
$value
= ''
value of the cookie
Methods
__call()
Calls the named method which is not a class method.
public
__call(string $name, array<string|int, mixed> $params) : mixed
Do not call this method directly as it is a PHP magic method that will be implicitly called when an unknown method is being invoked.
Parameters
- $name : string
-
the method name
- $params : array<string|int, mixed>
-
method parameters
Tags
Return values
mixed —the method return value
__construct()
Constructor.
public
__construct([array<string|int, mixed> $config = [] ]) : mixed
The default implementation does two things:
- Initializes the object with the given configuration
$config. - Call [[init()]].
If this method is overridden in a child class, it is recommended that
- the last parameter of the constructor is a configuration array, like
$confighere. - call the parent implementation at the end of the constructor.
Parameters
- $config : array<string|int, mixed> = []
-
name-value pairs that will be used to initialize the object properties
__get()
Returns the value of an object property.
public
__get(string $name) : mixed
Do not call this method directly as it is a PHP magic method that
will be implicitly called when executing $value = $object->property;.
Parameters
- $name : string
-
the property name
Tags
Return values
mixed —the property value
__isset()
Checks if a property is set, i.e. defined and not null.
public
__isset(string $name) : bool
Do not call this method directly as it is a PHP magic method that
will be implicitly called when executing isset($object->property).
Note that if the property is not defined, false will be returned.
Parameters
- $name : string
-
the property name or the event name
Tags
Return values
bool —whether the named property is set (not null).
__set()
Sets value of an object property.
public
__set(string $name, mixed $value) : mixed
Do not call this method directly as it is a PHP magic method that
will be implicitly called when executing $object->property = $value;.
Parameters
- $name : string
-
the property name or the event name
- $value : mixed
-
the property value
Tags
__toString()
Magic method to turn a cookie object into a string without having to explicitly access [[value]].
public
__toString() : string
if (isset($request->cookies['name'])) {
$value = (string) $request->cookies['name'];
}
Return values
string —The value of the cookie. If the value property is null, an empty string will be returned.
__unset()
Sets an object property to null.
public
__unset(string $name) : mixed
Do not call this method directly as it is a PHP magic method that
will be implicitly called when executing unset($object->property).
Note that if the property is not defined, this method will do nothing. If the property is read-only, it will throw an exception.
Parameters
- $name : string
-
the property name
Tags
canGetProperty()
Returns a value indicating whether a property can be read.
public
canGetProperty(string $name[, bool $checkVars = true ]) : bool
A property is readable if:
- the class has a getter method associated with the specified name (in this case, property name is case-insensitive);
- the class has a member variable with the specified name (when
$checkVarsis true);
Parameters
- $name : string
-
the property name
- $checkVars : bool = true
-
whether to treat member variables as properties
Tags
Return values
bool —whether the property can be read
canSetProperty()
Returns a value indicating whether a property can be set.
public
canSetProperty(string $name[, bool $checkVars = true ]) : bool
A property is writable if:
- the class has a setter method associated with the specified name (in this case, property name is case-insensitive);
- the class has a member variable with the specified name (when
$checkVarsis true);
Parameters
- $name : string
-
the property name
- $checkVars : bool = true
-
whether to treat member variables as properties
Tags
Return values
bool —whether the property can be written
className()
Returns the fully qualified name of this class.
public
static className() : string
Tags
Return values
string —the fully qualified name of this class.
hasMethod()
Returns a value indicating whether a method is defined.
public
hasMethod(string $name) : bool
The default implementation is a call to php function method_exists().
You may override this method when you implemented the php magic method __call().
Parameters
- $name : string
-
the method name
Return values
bool —whether the method is defined
hasProperty()
Returns a value indicating whether a property is defined.
public
hasProperty(string $name[, bool $checkVars = true ]) : bool
A property is defined if:
- the class has a getter or setter method associated with the specified name (in this case, property name is case-insensitive);
- the class has a member variable with the specified name (when
$checkVarsis true);
Parameters
- $name : string
-
the property name
- $checkVars : bool = true
-
whether to treat member variables as properties
Tags
Return values
bool —whether the property is defined
init()
Initializes the object.
public
init() : mixed
This method is invoked at the end of the constructor after the object is initialized with the given configuration.