PHP Conference Nagoya 2025

setrawcookie

(PHP 5, PHP 7, PHP 8)

setrawcookieSend a cookie without urlencoding the cookie value

Descrizione

setrawcookie(
    string $name,
    string $value = ?,
    int $expires_or_options = 0,
    string $path = ?,
    string $domain = ?,
    bool $secure = false,
    bool $httponly = false
): bool

Alternative signature available as of PHP 7.3.0 (not supported with named parameters):

setrawcookie(string $name, string $value = ?, array $options = []): bool

setrawcookie() is exactly the same as setcookie() except that the cookie value will not be automatically urlencoded when sent to the browser.

Elenco dei parametri

For parameter information, see the setcookie() documentation.

Valori restituiti

Restituisce true in caso di successo, false in caso di fallimento.

Log delle modifiche

Versione Descrizione
7.3.0 An alternative signature supporting an options array has been added. This signature supports also setting of the SameSite cookie attribute.

Vedere anche:

add a note

User Contributed Notes 2 notes

up
25
Brian
18 years ago
Firefox is following the real spec and does not decode '+' to space...in fact it further encodes them to '%2B' to store the cookie. If you read a cookie using javascript and unescape it, all your spaces will be turned to '+'.
To fix this problem, use setrawcookie and rawurlencode:

<?php
setrawcookie
('cookie_name', rawurlencode($value), time()+60*60*24*365);
?>

The only change is that spaces will be encoded to '%20' instead of '+' and will now decode properly.
up
11
subs at voracity dot org
17 years ago
setrawcookie() isn't entirely 'raw'. It will check the value for invalid characters, and then disallow the cookie if there are any. These are the invalid characters to keep in mind: ',;<space>\t\r\n\013\014'.

Note that comma, space and tab are three of the invalid characters. IE, Firefox and Opera work fine with these characters, and PHP reads cookies containing them fine as well. However, if you want to use these characters in cookies that you set from php, you need to use header().
To Top