What are cookies in PHP?
Why Interviewers Ask This
This question tests conceptual clarity. Interviewers want to hear a precise, confident definition before moving to more complex PHP topics. It also reveals how well you can explain technical ideas to non-experts.
Answer
A cookie is a small piece of data stored in the user's browser, sent to the server with every HTTP request. Set a cookie with setcookie(name, value, expiry, path, domain, secure, httponly) — this must be called before any output. Read cookies via $_COOKIE["name"]. Cookies persist on the browser until they expire or are deleted. Key security flags: HttpOnly (prevents JavaScript access, mitigating XSS), Secure (only sent over HTTPS), and SameSite (controls cross-site request behavior, mitigating CSRF). Unlike sessions (server-side), cookies store data client-side — do not store sensitive data (passwords, tokens) in cookies without encryption.
Common Mistake
A common mistake is memorizing definitions without understanding implications. When asked this question, go one level deeper — explain what happens when this concept is misused or ignored.