Given the state of many modern web applications, one of the things that I think surprises many developers when coming to WordPress is that the application is stateless.
That is, it doesn’t maintain any type of session using the conventional PHP $_SESSION
utilities. If you’re building a web application on top of WordPress where users will be required to login, you may want to introduce something like this.
At the very least, you may be interested in using cookies to manage certain settings for users who have signed in on the front-end using some type of custom functionality you’ve built.
To that end, here’s how to set cookies in WordPress.
Set Cookies in WordPress
Given that a user will be submitting their information via a form on the front-end and given that it will include their username and password, you’ll naturally want to verify them before creating and setting a cookie.
Once that’s done, setting a cookie in WordPress is as easy as doing the following:
As the code comment reads, this gist assumes that all of the user validation is already done. Next up, we’re just using PHP’s native setcookie function in order to create a cookie for the user related to the username that was just authenticated.
In the code above, I’m setting the cookie to expire in seven days, but the unit of time is arbitrary. You can even set it up such that it uses a value that the user has selected from the homepage (think of the “Remember Me For 30 Days” check boxes).
Of course, at some point, you’ll also want to delete the cookie such as if the user logs out of the application or some other action forces them out of the system. This is just a little bit trickier:
Unlike in the first example, we’re doing two things rather than one:
- We’re removing the value of the user’s cookie from the `$_COOKIE` collection
- We’re forcing the cookie to expire
The code that follows that logic is nothing more than an example to show what can be done (like redirecting users to the homepage). Technically, you can do anything you’d want here – especially any other house cleaning – but at some point, you’ll want to take the user away from any of the pages they can access when they’re logged into the system.
Hey, Tom. Another awesome post!
Just a quick heads-up: there’s a missing semi-colon on line 8 of the 2-delete-a-cookie.php gist. Hopefully it’ll save you from anyone potentially blaming you for crashing their site. ;-)
Nice catch! Thanks – all fixed :).
Hey, I want to set up a cookie in my wordpress account so that each time when user selects particular product of my company, I get to know the most visited item of my company using only ‘cookies’. PS – I do not want to use any plugin or widget for this purpose. It’d be better if I build it on my own using cookies in PhP. Thank You. :)
You can use PHP’s setcookie method for doing this, but given the nature of cookies it will only last for so long.
You wouldn’t use a Widget for this. It’s really more of plugin territory and it’s not something I’d recommend introducing into the core functionality of your theme. You can use vanilla PHP features in the context of plugins.
Hey, Thanks for your response.
As I am currently using setcookie() in my wordpress editor, seems like I can not edit the page to have a php code in it. I mean I’m using the tag instead of <?php> . And apparently when I use that tag in wordpress page editor then it doesn’t set my cookies, on the other hand when I create a new .php file inside my web root then that same code seems to be working fine.
So, now my question is how do I use my setcookies() function inside the wordpress dashboard page editor so that I wouldn’t have to leave my theme webpage when I use that function (when I create a separate .php file then it redirects me to that page instead of displaying it in my default theme screen).
PS – I know this is long and boring comment for you but I would really appreciate if you go through this once and help me out. Thanks :)
Heya,
It sounds like you’ve got only a little experience with WordPress. If I’m off base in saying this, sorry about that :).
You should absolutely not be using the WordPress editor to edit files like this. It’s dangerous and not really what the editor was meant for.
Or it shouldn’t support that.
Regardless, these changes should be tested locally in a development environment at the very least where you can debug them.
Don’t use the Dashboard page editor. I ask that you please use a plugin to do this so you can deactivate this should something go wrong.
It’s the correct way to extend WP and the safest way to go about custom development.
— Tom
The WordPress constant is DAY_IN_SECONDS, note singular day. The third parameter of setcookie is also a unix timestamp, so the value should be:
time() + ( 7 * DAY_IN_SECONDS )
Ah, good catch. Thanks for this, Ryan!
How does one set cookies in WordPress without getting the ‘headers not sent’ error? The above tutorial is great, but within WP, I can’t write a cookie that processes submitted form data with getting said error.
My understanding is that since cookies are part of the HTTP header they can’t be written after there is any output. However, I’m not sure how to get around it since I don’t want to write cookies in the header file that has the in it which gets written before the cookie…
Have you tried setting a function that’s hooked into
init
? That’s one way to do it.