Deleting a cookie with PHP

Hi,

I have been doing some research about deleting a cookie via PHP and basically there are two approaches:

1) unset($_COOKIE['my_cookie']);
2) setcookie('my_cookie', '', 1); // 1 is just a sample time point in the past.

The second approach seems to be used more widely. I would consider the first approach to be more suitable way of programming since the purpose is to remove/unset the cookie, not to set it in a past date hence it will automatically expire.

What are your thoughts on this? Are there any practical differences between the two approaches that I may have missed?

Thanks.

EDIT: In my further tests, I noticed that approach 2 works (unsets the cookie) but approach 1 does not.

Unsetting the $_COOKIE element doesn’t actually delete the cookie, it just deletes the variable (array element) where the value is stored in this particular PHP execution. The original cookie still remains intact in the browser.

The second method you use there actually sets the cookie in such a way that the browser will effectively delete it. (By putting the expiration date in the past.)

1 Like

Thank you, I understand it better now. So, does that mean that there is no such a thing which will do the opposite of setcookie() function? Our only option is to use it but with a past date so that the cookie will expire.

Yes, there is no function such as unsetcookie(). The setcookie() function is basically just a simple wrapper around the Set-Cookie HTTP header, which is the only way in which server-side code can deal with cookies.

The best way to understand how PHP deals with cookies is to study that HTTP header.

1 Like

To unset a cookie, you have to use setcookie() function as well. Just set the expiration time to be someday in the past, and the cookie will be considered unset or deleted, something like this as your second method indicates:

setcookie("key","value",time()-3600);

I know this sounds strange and maybe even stupid, but it is really how PHP works with cookie, for the same reason why your first method does not work.

Yes, that’s the way to do it. However, I would make the value of the cookie blank. Don’t know if you really have to, but just in case :wink:

setcookie("key","",time()-3600);

I think its unnecessary, but it may be a good practice. Anyway you dont need to give a non empty/null value to an expired cookie, so its a good idea just to make its value blank.

Is there no other way than this? I think the second method is good that is putting the expiration date so that the browser will delete it automatically.

Nope, there is no other way. There isn’t really any need for it.

They could have made some sort of a delete function, but it would just be a wrapper around the setcookie function. Setting the expiration date in the past is hardly complicated enough to warrant that, in my opinion.

You can always define it yourself if you want to have it :wink:

function deletecookie($name, $path="", $domain="", $secure=false, $httponly=false) {
    setcookie($name, '', 1, $path, $domain, $secure, $httponly);
}

I do think it’s a good idea. In my Cookie class, this is how it deletes one:

setcookie($this->prefix . $var, '', time() - 3600, $this->path, $this->domain, $this->isSecure, $this->httpOnly);

Ohhh…
But if you really want to do it then you can do anything complicated for this purpose I guess.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.