Home » Php » PHP how to stringify array and store in cookie

PHP how to stringify array and store in cookie

Posted by: admin July 12, 2020 Leave a comment


I got an array like this

$value = {array(‘id’=>$id, ’email’=>$email, ‘token’=>$token)}

I want to stringify the array then encode then store it in cookie “login”. How do you do that ? Also please tell me how to decode and read the stored value.


I’ve been trying serialize/unserialize, but it didn’t work as expected. for example,

$value = serialize(array('id'=>33, 'email'=>'[email protected]', 'token'=>'e9aa0966773d68e0fbf9cb21fc2877b4'));

echo $value; //a:3:{s:2:"id";i:33;s:5:"email";s:20:"[email protected]";s:5:"token";s:32:"e9aa0966773d68e0fbf9cb21fc2877b4";}

But when the value go to cookie, it looks like this

How to&Answers:

there is a serialize/unserialize function to convert an array to a string and back.

When you store a string to cookie (setcookie), php needs to do a url encode on the string. This prevents any characters in the string saved to cookie interfering with any other headers. When the page is loaded next, php gets the cookie and automatically does a url decode on the cookie value to return it to it’s previous value. As far as what is stored in the cookie, this shouldn’t matter within php because php will do the url encode/decode automatically. Now if you are getting the cookie in another language such as javascript, then yes, you will get the raw string back. In this case you can use something like decodeURI in JS to get the original value back.



$_COOKIE['login'] = json_encode($array);
$array = json_decode($_COOKIE['login']);

Can also use serialize/unserialize:

$_COOKIE['login'] = serialize($array);
$array = unserialize($_COOKIE['login']);



With this code:

  $array = Array(
    'id'  => 1234,
    'email' => '[email protected]',
    'token' => base64_encode('abcDEF1234')

  echo "Var Dump (initial):\r\n";

  $serialized = serialize($array);
  echo "Serialized:\r\n".$serialized."\r\n";

  $unserialized = unserialize($serialized);
  echo "Unserialized:\r\n".$unserailized."\r\n";

You would generate the following:

Var Dump (initial):
array(3) {
  string(19) "[email protected]"
  string(16) "YWJjREVGMTIzNA=="
a:3:{s:2:"id";i:1234;s:5:"email";s:19:"[email protected]";s:5:"token";s:16:"YWJjREVGMTIzNA==";}

array(3) {
  string(19) "[email protected]"
  string(16) "YWJjREVGMTIzNA=="


You’re seeing the encoded value based on how the HTTP protocol transfers cookies. There are two headers in a cookie transfer: Set-Cookie & Cookie. One is server->client, other other is client->server, respectfully.

When PHP sets the cookie (using setcookie e.g.) PHP is really just short-handing the following:


which, in PHP translates to:

header('Set-Cookie: login='.urlencode($serialized).'; '
      .'expires=Wed, 12-Jan-2011 13:15:00 GMT; '
      .'path=/; domain=.mydomain.com');

If you had characters like : or a SPACE, the browser wouldn’t know where the cookie’s properties began and ended.