Class yii\web\Cookie

Inheritanceyii\web\Cookie » yii\base\BaseObject
Implementsyii\base\Configurable
Available since version2.0
Source Code https://github.com/yiisoft/yii2/blob/master/framework/web/Cookie.php

Cookie represents information related with a cookie, such as $name, $value, $domain, etc.

For more details and usage information on Cookie, see the guide article on handling cookies.

Public Properties

Hide inherited properties

PropertyTypeDescriptionDefined By
$domain string Domain of the cookie yii\web\Cookie
$expire integer The timestamp at which the cookie expires. yii\web\Cookie
$httpOnly boolean Whether the cookie should be accessible only through the HTTP protocol. yii\web\Cookie
$name string Name of the cookie yii\web\Cookie
$path string The path on the server in which the cookie will be available on. yii\web\Cookie
$sameSite string SameSite prevents the browser from sending this cookie along with cross-site requests. yii\web\Cookie
$secure boolean Whether cookie should be sent via secure connection yii\web\Cookie
$value string Value of the cookie yii\web\Cookie

Public Methods

Hide inherited methods

MethodDescriptionDefined By
__call() Calls the named method which is not a class method. yii\base\BaseObject
__construct() Constructor. yii\base\BaseObject
__get() Returns the value of an object property. yii\base\BaseObject
__isset() Checks if a property is set, i.e. defined and not null. yii\base\BaseObject
__set() Sets value of an object property. yii\base\BaseObject
__toString() Magic method to turn a cookie object into a string without having to explicitly access $value. yii\web\Cookie
__unset() Sets an object property to null. yii\base\BaseObject
canGetProperty() Returns a value indicating whether a property can be read. yii\base\BaseObject
canSetProperty() Returns a value indicating whether a property can be set. yii\base\BaseObject
className() Returns the fully qualified name of this class. yii\base\BaseObject
hasMethod() Returns a value indicating whether a method is defined. yii\base\BaseObject
hasProperty() Returns a value indicating whether a property is defined. yii\base\BaseObject
init() Initializes the object. yii\base\BaseObject

Constants

Hide inherited constants

ConstantValueDescriptionDefined By
SAME_SITE_LAX 'Lax' SameSite policy Lax will prevent the cookie from being sent by the browser in all cross-site browsing context during CSRF-prone request methods (e.g. POST, PUT, PATCH etc). E.g. a POST request from https://otherdomain.com to https://yourdomain.com will not include the cookie, however a GET request will. When a user follows a link from https://otherdomain.com to https://yourdomain.com it will include the cookie yii\web\Cookie
SAME_SITE_NONE 'None' SameSite policy None disables the SameSite policy so cookies will be sent in all contexts, i.e in responses to both first-party and cross-origin requests. E.g. a POST request from https://otherdomain.com to https://yourdomain.com will include the cookie. Note: If sameSite is set to None, the secure attribute must be set to true (otherwise the cookie will be blocked by the browser). yii\web\Cookie
SAME_SITE_STRICT 'Strict' SameSite policy Strict will prevent the cookie from being sent by the browser in all cross-site browsing context regardless of the request method and even when following a regular link. E.g. a GET request from https://otherdomain.com to https://yourdomain.com or a user following a link from https://otherdomain.com to https://yourdomain.com will not include the cookie. yii\web\Cookie

Property Details

$domain public property

Domain of the cookie

public string $domain ''
$expire public property

The timestamp at which the cookie expires. This is the server timestamp. Defaults to 0, meaning "until the browser is closed".

public integer $expire 0
$httpOnly public property

Whether the cookie should be accessible only through the HTTP protocol. By setting this property to true, the cookie will not be accessible by scripting languages, such as JavaScript, which can effectively help to reduce identity theft through XSS attacks.

public boolean $httpOnly true
$name public property

Name of the cookie

public string $name null
$path public property

The path on the server in which the cookie will be available on. The default is '/'.

public string $path '/'
$sameSite public property (available since version 2.0.21)

SameSite prevents the browser from sending this cookie along with cross-site requests.

See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite for more information about sameSite.

public string $sameSite self::SAME_SITE_LAX
$secure public property

Whether cookie should be sent via secure connection

public boolean $secure false
$value public property

Value of the cookie

public string $value ''

Method Details

__toString() public method

Magic method to turn a cookie object into a string without having to explicitly access $value.

if (isset($request->cookies['name'])) {
    $value = (string) $request->cookies['name'];
}
public string __toString ( )
return string

The value of the cookie. If the value property is null, an empty string will be returned.