Cookies

Lightpack provides the cookie() function to work with cookies.

Note: All cookies created by Lightpack are signed using HMAC for tamper detection. The cookie value is visible to the client, but any modification will be detected and rejected.

You can access the following functions:

cookie()->set()
cookie()->get()
cookie()->has()
cookie()->forever()
cookie()->delete()

Set

Set a cookie (expires at the end of the session):

cookie()->set('key', 'value');

Set a cookie with custom expiry (in seconds):

cookie()->set('key', 'value', 5*60);

Set a cookie with options (path, domain, secure, http_only, same_site):

cookie()->set('key', 'value', 5*60, [
    'path' => $path,
    'domain' => $domain,
    'secure' => true,
    'http_only' => true,
    'same_site' => 'lax', // or 'strict', 'none'
]);

Get

Get all cookies:

cookie()->get();

Get a specific cookie (returns null if not found or tampered):

cookie()->get('key');

Has

Check if a cookie is set:

cookie()->has('key');

Forever

Set a cookie that lasts for years (useful for “Remember Me”):

cookie()->forever('key', 'value');

You can also pass options as the third parameter:

cookie()->forever('key', 'value', ['path' => $path, 'same_site' => 'strict']);

Delete

Delete a specific cookie:

cookie()->delete('key');

Security Note:
If a cookie is modified by the client, Lightpack will detect the tampering and return null for that cookie.