class Cake\Controller\Component\CookieComponent(ComponentRegistry $collection, array $config = [])

The CookieComponent is a wrapper around the native PHP setcookie() method. It makes it easier to manipulate cookies, and automatically encrypt cookie data. Cookies added through CookieComponent will only be sent if the controller action completes.

Deprecated since version 3.5.0: Cookies are available in the ServerRequest see Cookies. For encrypted cookies see the Encrypted Cookie Middleware.

Configuring Cookies

Cookies can be configured either globally or per top-level name. The global configuration data will be merged with the top-level configuration. So only need to override the parts that are different. To configure the global settings use the config() method:

$this->Cookie->config('path', '/');
    'expires' => '+10 days',
    'httpOnly' => true

To configure a specific key use the configKey() method:

$this->Cookie->configKey('User', 'path', '/');
$this->Cookie->configKey('User', [
    'expires' => '+10 days',
    'httpOnly' => true

There are a number of configurable values for cookies:


How long the cookies should last for. Defaults to 1 month.


The path on the server in which the cookie will be available on. If path is set to ‘/foo/’, the cookie will only be available within the /foo/ directory and all sub-directories such as /foo/bar/ of domain. The default value is app’s base path.


The domain that the cookie is available. To make the cookie available on all subdomains of set domain to ‘’.


Indicates that the cookie should only be transmitted over a secure HTTPS connection. When set to true, the cookie will only be set if a secure connection exists.


Encryption key used when encrypted cookies are enabled. Defaults to Security.salt.


Set to true to make HTTP only cookies. Cookies that are HTTP only are not accessible in JavaScript. Defaults to false.


Type of encryption to use. Defaults to ‘aes’. Can also be ‘rijndael’ for backwards compatibility.

Using the Component

The CookieComponent offers a number of methods for working with Cookies.

Cake\Controller\Component\CookieComponent::write(mixed $key, mixed $value = null)

The write() method is the heart of the cookie component. $key is the cookie variable name you want, and the $value is the information to be stored:

$this->Cookie->write('name', 'Larry');

You can also group your variables by using dot notation in the key parameter:

$this->Cookie->write('', 'Larry');
$this->Cookie->write('User.role', 'Lead');

If you want to write more than one value to the cookie at a time, you can pass an array:

    ['name' => 'Larry', 'role' => 'Lead']

All values in the cookie are encrypted with AES by default. If you want to store the values as plain text, be sure to configure the key space:

$this->Cookie->configKey('User', 'encryption', false);
Cake\Controller\Component\CookieComponent::read(mixed $key = null)

This method is used to read the value of a cookie variable with the name specified by $key.

// Outputs "Larry"
echo $this->Cookie->read('name');

// You can also use the dot notation for read
echo $this->Cookie->read('');

// To get the variables which you had grouped
// using the dot notation as an array use the following

// This outputs something like ['name' => 'Larry', 'role' => 'Lead']


CookieComponent cannot interact with bare strings values that contain ,. The component will attempt to interpret these values as arrays, leading to incorrect results. Instead you should use $request->getCookie().

  • $key (string) – The key to check.

Used to check whether a key/path exists and has a non-null value.

Cake\Controller\Component\CookieComponent::delete(mixed $key)

Deletes a cookie variable of the name in $key. Works with dot notation:

// Delete a variable

// Delete the cookie variable bar, but not everything under foo