How to set cookies using RewriteRule in htaccess or server.config file?

Hello! In this post I will show you how we set an http cookie using a RewriteRule directive in an htaccess or server.config file.

I saw many unanswered and confusing posts on StackOverflow and on other sites so I thought It would be worth writing a post that can help peope who are searching the similar topics on the internet for help.


Setting cookies using mod rewrite



With RewriteRule directive you can set http cookies the same way as you rewrite url. Cookies are set using [CO] Cookie flag of apache mod-rewrite. The cookies you set via RewriteRule can also be accessed by client or server scripting languages like PHP and JS. Mod rewrite cookies are mainy used for rewriting requests based on http cookie header.
You often set a mod rewrite cookie to rewrite/direct URLs if a specific cookie exists.
Let's start with a basic example:

RewriteEngine On
RewriteRule (.*) - [CO=user:john]

The rewrite rule above will set cookie named user and as you can see we manually assigned value john to it.
Explanation :


  • The first line "RewriteEngine on" tell server to turn on the engine for rewriting URLs. This setting is disabled by default so you must use this line ones at the top of RewriteRules in htaccess or server.config.

  • The second line is that does the does the Rewrite mazic and sets the cookie whenever you request an URI from server.

    "RewriteRule (.*) - [CO=user:john]" matches any incoming URIs as the pattern (.*) means to match anything. The - hyphen in the Rule's destination above lets your URLs pass through unchanged meaning that when you request "/file.php" only the CO flag will be applied to the URL and there will not be any change in the URL. In most cases when setting cookies by RewriteRule you use - as the destination path because we don't want to rewrite the urls we just want to set a cookie for URLs. "[CO=user:john]" sets user cookie with value john. You can also use a dynamic value using regex match "$1" or "%1" .






Setting cookies for specific URIs


In the basic example above we learned how to set cookies when any URL passes through RewriteRule. You can also set cookies for a specific URI. For example to set cookies only for a single path or file ie /this-file.php you can restrict the pattern of RewriteRule to match only this URI. You just need to write a regular expression pattern to match that particular path.

RewriteEngine On
RewriteRule ^this-file.php$ - [CO=user:john]

This will set the cookie only when you request /this-file.php . This rule example might fail on server.config, add a leading slash in the pattern ie: ^/this-file.php$ to use this in a server.config file.



Checking cookies using mod-rewrite


We use RewriteCond directive to check whether a cookie is set or notset. We can also check what value the cookie holds. The following is a basic example of checking whether a cookie is set :


RewriteCond %{HTTP_COOKIE} !^$


In the example above we want to make sure our cookie is set or not empty (!^$) . You can use a RewriteRule bellow this condition so it executes if the condition is met.
In the example bellow, we will redirect /this-file.php to root / if our user cookie is not set.


RewriteEngine on
RewriteCond %{HTTP_COOKIE} !user RewriteRule ^this-file.php$ / [R,L]




Another mod rewrite example



RewriteEngine on
RewriteCond %{HTTP_COOKIE} ^user=john
RewriteRule ^this-file.php$ / [R,L]


The rule above will redirect /this-file.php to / if the cookie user and value john is not set.


Setting cookie user if it doesn't exist


You can set a specific cookies if it doesn't exist using the following RewriteRule:

RewriteEngine on
RewriteCond %{HTTP_COOKIE} !^user=john
RewriteRule ^this-file.php$ - [CO=user:john,L]


In the example above we first check the HTTP_COOKIE header to ensure that the cookie "user=john" is notset and then we set it via RewriteRule.



Setting cookies for a specific domain



By default, mod-rewrite cookies are set for all domains that point to the same document root. You can add an optional perameter domain to the CO flag. To set cookies only for www.example.com host you will use something like the following:


RewriteEngine on
RewriteCond %{HTTP_COOKIE} !^user=john
RewriteRule ^this-file.php$ - [CO=user:john:www.example.com,L]




Setting cookies Lifetime


By default mod-rewrite cookies are set for current session only which means when the browser window is closed the cookies also get get destroyed. You can add a lifetime perameter in minutes to CO flag to customise cookies validity.


RewriteEngine on
RewriteRule ^this-file.php$ - [CO=user:john:www.example.com:10,L]

In the example above the user cookie is available only on www.example.com host and it expires after 10 minutes.



Cookies for specific path only



You can make the cookies available for a specific path only. By default mod-rewrite cookies are set for / which means the entire site. To set a specific path you may use :


RewriteEngine on
RewriteRule ^this-file.php$ - [CO=user:john:www.example.com,L]


Setting cookies expire time



You can set how long an http cookie will survive, by default mod-rewrite cookies are set for current browser session only and deleted when we close the browser window. You can add a time perameter to CO flag to extend the cookie validity . Time value is set in minutes.

RewriteEngine on
RewriteRule ^this-file.php$ - [CO=user:john:www.example.com:10,L]


This will set user cookie on www.example.com host with a validity of 10 minutes.

Post a Comment

0 Comments