Cookies

If you have spent any time online, you probably already know what cookies are: small text files stored client-side (browser-side). These files store data between individual requests to the application that created the cookies. In other words, cookies save data that the application can reuse instead of requesting it each time it is accessed. We are all familiar with at least one type of cookie, and that is the "Remember Me" option when logging in somewhere. 

Laravel is no exception when it comes to using cookies for session management, authentication, and storing user preferences, settings, or information. In fact, Laravel relies on cookies for its authentication system to manage user sessions and remember authenticated users. Let's look at some essential aspects of cookies within the Laravel framework.

• Encrypted - All cookies created by Laravel are encrypted, with no exceptions. They are signed with an authentication key, which will make the cookie unusable if it has been tampered with by the user;
• Security - Laravel cookies are easy to secure. We already discussed two options in the Sessions section of this tutorial: the secure and http_only functions. These can be very easily enabled via the config/session.php file. Simply find the lines corresponding to each option and set their values to true;
  • 'secure' => env('SESSION_SECURE_COOKIE', true), - Just remember to then declare this function in the .env file of your application;
    • SESSION_SECURE_COOKIE=true
  • 'http_only' => true,
• Customizable - In the same way a session can be configured, cookies can also be used. You can configure their behavior from the config/session.php file. We have an extensive explanation about it in the Sessions section of this tutorial;
• Parameters - In addition to behavior, developers can also configure a cookie with specific parameters when creating them;
  • Name - ('cookie')
  • Domain - ('domain')
  • Path - ('path')
  • Secure Flag - ('secure')
  •  HTTP-only Flag - ('http_only')
  • Expiration Time - ('lifetime')

As you may have noticed, some of these options can also be configured in the config/session.php file. Speaking of creating cookies, here is how to do it.

Working With Cookies

The Cookie Facade makes interacting and working with cookies within your Laravel application very convenient. It provides a streamlined API that allows you to set, retrieve, check for, and delete cookies, to name a few of the functions it can perform. Like with Session Data, cookies can be created in Controllers, Middleware, Routes, or even Service Providers. The code is always the same, so without further delay, here is all the facade can do.

• Setting a Cookie

use Illuminate\Support\Facades\Cookie;
// Set a cookie with a name, value, expiration time, path, domain, secure flag, and HTTP-only flag
Cookie::queue('example_cookie', 'example_value', 60, '/', null, false, true);

• Retrieving a Cookie

use Illuminate\Support\Facades\Cookie;
// Retrieve the value of a cookie by its name
$value = Cookie::get('example_cookie');

• Deleting a Cookie

use Illuminate\Support\Facades\Cookie;
// Delete a cookie by its name
Cookie::queue(Cookie::forget('example_cookie'));

• Checking for a Cookie

use Illuminate\Support\Facades\Cookie;
// Check if a cookie exists
if (Cookie::has('example_cookie')) {
    // Cookie exists
} else {
    // Cookie does not exist
}

• Flashing Data via Cookie

use Illuminate\Support\Facades\Cookie;
// Flash data to the session for the next request
Cookie::queue('flash_cookie', 'flash_value', 1);
// Retrieve and forget the flashed data in the next request
$value = Cookie::get('flash_cookie');
Cookie::queue(Cookie::forget('flash_cookie'));

• Setting Cookie Parameters Dynamically

use Illuminate\Support\Facades\Cookie;
// Set cookie parameters dynamically
Cookie::queue('dynamic_cookie', 'dynamic_value', $minutes, $path, $domain, $secure, $httpOnly);

• Encrypting and Decrypting Cookie Values

use Illuminate\Support\Facades\Cookie;
// Encrypt cookie value before setting it
$encryptedValue = encrypt('example_value');
Cookie::queue('encrypted_cookie', $encryptedValue);
// Decrypt cookie value when retrieving it
$decryptedValue = decrypt(Cookie::get('encrypted_cookie'));

As you can see, the Cookie facade is super easy to use, the code is straightforward, and managing your cookies is no longer a hassle. It can be used anywhere that the application has to interact with Cookies, making things even easier.