Cookies are small data pieces stored in the browser and sent back with every request. Use setcookie() to create them and $_COOKIE to read them. Set the httponly and secure flags to protect cookies from XSS and insecure channels.
PHP Cookies
// Set cookie (must be before any output)
setcookie("theme", "dark", [
"expires" => time() + 86400 * 30, // 30 days
"path" => "/",
"secure" => true,
"httponly" => true,
"samesite" => "Lax"
]);
// Read cookie
$theme = $_COOKIE["theme"] ?? "light";
// Delete cookie (set expired time)
setcookie("theme", "", time() - 3600);
// Check if cookie exists
if (isset($_COOKIE["token"])) {
// validate token
}