setrawcookie

(PHP 5, PHP 7, PHP 8)

setrawcookie — Send a cookie without urlencoding the cookie value

Description

setrawcookie(
    string $name,
    string $value = ?,
    int $expires_or_options = 0,
    string $path = ?,
    string $domain = ?,
    bool $secure = false,
    bool $httponly = false
): bool

Alternative signature available as of PHP 7.3.0 (not supported with named parameters):

setrawcookie(string $name, string $value = ?, array $options = []): bool

setrawcookie() is exactly the same as setcookie() except that the cookie value will not be automatically urlencoded when sent to the browser.

Parameters

For parameter information, see the setcookie() documentation.

Return Values

Returns true on success or false on failure.

Changelog

Version	Description
7.3.0	An alternative signature supporting an `options` array has been added. This signature supports also setting of the SameSite cookie attribute.

Improve This Page

Learn How To Improve This Page • Submit a Pull Request • Report a Bug

＋add a note

User Contributed Notes 2 notes

down

Brian ¶

18 years ago

Firefox is following the real spec and does not decode '+' to space...in fact it further encodes them to '%2B' to store the cookie.  If you read a cookie using javascript and unescape it, all your spaces will be turned to '+'.

To fix this problem, use setrawcookie and rawurlencode:



<?php

setrawcookie('cookie_name', rawurlencode($value), time()+60*60*24*365);

?>



The only change is that spaces will be encoded to '%20' instead of '+' and will now decode properly.