Where the php cookies are stored?

Question

php manual has setcookies syntax like this

setcookie ($name, $value, $expire, $path, $domain, $secure, $httponly) 

It is said that cookies are stored on the remotely in client side. The syntax has path var that if applied cookies will be stored on the server side.

Now suppose if I mention that path var "/". And on user named denish log in and I create a cookie for username for remember me functionality

setcookie('site_username','denish',time + 3600,'/','.xyz.com')

Now each time the different user logs in. Would it over write the previous cookie or new cookie will be created?

What if I want to create a cookie client side and also want to apply $domain var. Is it possible?

Answer 1

You're incorrect as to the use of the path argument from the manual:

The path on the server in which the cookie will be available on.

Cookies are always stored on the client's machine.

Answer 2

If you use different $paths you can have two cookies with the same name.

setcookie("foobar", "root", time()+3600, "/");
setcookie("foobar", "test", time()+3600, "/test");

The first cookie (root) can be accessed using any $path in this domain, except for /test/*. In /test/* only the second cookie can be accessed. Both cookies are stored by the user's browser and the browser decides which cookie to provide based on which cookie's $path matches the current URL.

Answer 3

Cookies are always stored in the client. The path only sets restrictions to what remote pages can access said cookies. For example, if you set a cookie with the path "/foo/" then only pages in the directory "/foo/" and subdirectories of "/foo/" can read the cookie.

The domain does the same restriction, only with subdomains.

Cookies with the same name will overwrite each other, yes.

I believe you cannot set a cookie to another domain other than the page you're on due to security issues.