Class yii\web\Cookie
Inheritance | yii\web\Cookie » yii\base\BaseObject |
---|---|
Implements | yii\base\Configurable |
Available since version | 2.0 |
Source Code | https://github.com/yiisoft/yii2/blob/master/framework/web/Cookie.php |
Cookie represents information related with a cookie, such as $name, $value, $domain, etc.
For more details and usage information on Cookie, see the guide article on handling cookies.
Public Properties
Property | Type | Description | Defined By |
---|---|---|---|
$domain | string | Domain of the cookie | yii\web\Cookie |
$expire | integer | The timestamp at which the cookie expires. | yii\web\Cookie |
$httpOnly | boolean | Whether the cookie should be accessible only through the HTTP protocol. | yii\web\Cookie |
$name | string | Name of the cookie | yii\web\Cookie |
$path | string | The path on the server in which the cookie will be available on. | yii\web\Cookie |
$sameSite | string | SameSite prevents the browser from sending this cookie along with cross-site requests. | yii\web\Cookie |
$secure | boolean | Whether cookie should be sent via secure connection | yii\web\Cookie |
$value | string | Value of the cookie | yii\web\Cookie |
Public Methods
Method | Description | Defined By |
---|---|---|
__call() | Calls the named method which is not a class method. | yii\base\BaseObject |
__construct() | Constructor. | yii\base\BaseObject |
__get() | Returns the value of an object property. | yii\base\BaseObject |
__isset() | Checks if a property is set, i.e. defined and not null. | yii\base\BaseObject |
__set() | Sets value of an object property. | yii\base\BaseObject |
__toString() | Magic method to turn a cookie object into a string without having to explicitly access $value. | yii\web\Cookie |
__unset() | Sets an object property to null. | yii\base\BaseObject |
canGetProperty() | Returns a value indicating whether a property can be read. | yii\base\BaseObject |
canSetProperty() | Returns a value indicating whether a property can be set. | yii\base\BaseObject |
className() | Returns the fully qualified name of this class. | yii\base\BaseObject |
hasMethod() | Returns a value indicating whether a method is defined. | yii\base\BaseObject |
hasProperty() | Returns a value indicating whether a property is defined. | yii\base\BaseObject |
init() | Initializes the object. | yii\base\BaseObject |
Constants
Constant | Value | Description | Defined By |
---|---|---|---|
SAME_SITE_LAX | 'Lax' | SameSite policy Lax will prevent the cookie from being sent by the browser in all cross-site browsing context during CSRF-prone request methods (e.g. POST, PUT, PATCH etc). E.g. a POST request from https://otherdomain.com to https://yourdomain.com will not include the cookie, however a GET request will. When a user follows a link from https://otherdomain.com to https://yourdomain.com it will include the cookie | yii\web\Cookie |
SAME_SITE_STRICT | 'Strict' | SameSite policy Strict will prevent the cookie from being sent by the browser in all cross-site browsing context regardless of the request method and even when following a regular link. E.g. a GET request from https://otherdomain.com to https://yourdomain.com or a user following a link from https://otherdomain.com to https://yourdomain.com will not include the cookie. | yii\web\Cookie |
Property Details
Domain of the cookie
The timestamp at which the cookie expires. This is the server timestamp. Defaults to 0, meaning "until the browser is closed".
Whether the cookie should be accessible only through the HTTP protocol. By setting this property to true, the cookie will not be accessible by scripting languages, such as JavaScript, which can effectively help to reduce identity theft through XSS attacks.
Name of the cookie
The path on the server in which the cookie will be available on. The default is '/'.
SameSite prevents the browser from sending this cookie along with cross-site requests.
Please note that this feature is only supported since PHP 7.3.0
For better security, an exception will be thrown if sameSite
is set while using an unsupported version of PHP.
To use this feature across different PHP versions check the version first. E.g.
`
php
$cookie->sameSite = PHP_VERSION_ID >= 70300 ? yii\web\Cookie::SAME_SITE_LAX : null,
`
See https://www.owasp.org/index.php/SameSite for more information about sameSite.
Whether cookie should be sent via secure connection
Value of the cookie
Method Details
Magic method to turn a cookie object into a string without having to explicitly access $value.
if (isset($request->cookies['name'])) {
$value = (string) $request->cookies['name'];
}
public string __toString ( ) | ||
return | string | The value of the cookie. If the value property is null, an empty string will be returned. |
---|
If you are facing login concern due to Identify Cookies, for the PHP version < 7.3, you can set the value of sameSite Attribute None as:
**'identityCookie' => [
**'name' => 'name', 'httpOnly' => true** 'path' => '/;SameSite=None', 'secure' => true
]**
And for session cookie, modify the cookie params as:
*'cookieParams' => [
'lifetime' => time()60,
'httpOnly' => true, 'secure'=>true, 'path' => '/;SameSite=None'
]**
Signup or Login in order to comment.