How to set and check for cookies in WordPress

Cookies are little pieces of information that websites can store on your computer for reference later. For example, WordPress uses cookies to store your login session, so that you don’t have to log in every time you go to a protected page.

They can also be used for much simpler tasks, such as storing information about when a user has completed a form. In the example below, I’m going to show how to set a cookie in the user’s browser when they fill out a Gravity Form.

Setting a cookie

Gravity Forms has an action hook called gform_after_submission, which fires after a form has been submitted and committed to the database. We’re going to use that action hook to set the cookie, so that we know when a user has submitted the form. gform_after_submission can have a number appended to it to apply to a specific form, so in this case, I’m targeting the form with an ID of 1. This belongs in your functionality plugin:

The setcookie function is a PHP function, and the parameters in the function above are as follows:

  • form-1-complete – the cookie name. This is a descriptive name that you will reference when checking for the cookie, as you’ll see below.
  • 1 – this is the value of the cookie. I’m setting it as a 1 to notate that the form has been completed (as opposed to a 0).
  • strtotime( ‘+30 days’ ) – this is how long the cookie will be stored. Using strtotime allows you to set a time relative to when the function runs, as opposed to a fixed time, such as Dec 31, 2020. So in this example, the cookie will expire 30 days after the user completes the form.
  • The other four parameters you shouldn’t have to worry about, unless you want to specify whether the cookie should be available on HTTP or HTTPS exclusively.

Now every time form 1 is filled out, a cookie with the name form-1-complete and a value of 1 will be set in the user’s browser and it will expire in 30 days.

This is just an example of how to set a cookie, but you could apply to many more situations by tapping into the appropriate action hook.

Checking for a cookie

Now that you’re able to set cookies at will, you’re going to want to use them to perform an action at an appropriate point, perhaps to display a notice, or to provide access to previously restricted material.

To check whether a cookie is set in the user’s browser, we can look whether $_COOKIE['form-1-complete'] is set. Note that form-1-complete is the cookie name we specified above.

In the example below, I’ve combined checking for the cookie with a couple of other checks to hide premium content, unless all checks are met. So, if the post has a meta_key of ‘protected’ set to ‘yes’ (so that standard content won’t be affected), the user isn’t logged in (so that admins can always see the content) and the cookie ‘form-1-complete’ isn’t set (the form has not been filled out), then the user will have the content hidden from them, and a message displayed instead, indicating that they need to fill out the form. Otherwise, if any of those variables aren’t met (for example, if the user has filled out the form, meaning that the cookie form-1-complete is set and the user is a subscriber to your newsletter), then the content will be shown without restriction.

This is a powerful tool when you don’t want to rely on adding the information to the user’s profile (so that visitors are accounted for as well) to store information about a user and then use it to perform an action of some sort.

Of course, it’s not without limitations: cookies can be deleted and some users don’t even allow cookies to be set in their browsers. Then there’s also the EU (and maybe other jurisdcitions) cookie law that needs to be conformed to. So, consider this a tool in your belt that will work in some instances, but not in others.

3 thoughts on “How to set and check for cookies in WordPress”

  1. Ben says:

    Hi Dave,
    Thanks for the post! I’m trying to modify a plugin to use a session and a cookie so I can set the cookie to expire at a given timeframe. The plugin originally uses sessions, but I would like to be able to set and expiration and keep the session incase the users have cookies disabled. Would you be willing to take a look at the following code and see it makes sense. This may be way off, I’m still learning PHP.

    /* Place a session variable that marks the current visitor as having completed the specified goal */
    function completeGoal($goalName)
    $sessionKey = 'goal_' . md5($goalName);
    $sessionValue = 'goal_completed_' . md5($goalName);
    $_SESSION[$sessionKey] = $sessionValue;
    return '';

    if ($_SESSION[$sessionKey] = $sessionValue;) {
    setcookie( 'form-1-complete', 1, strtotime( '+30 days' ), COOKIEPATH, COOKIE_DOMAIN, false, false )};

    /* Returns true/false, indicated whether the specified goal has been completed */
    function wasGoalCompleted($goalName)
    $sessionKey = 'goal_' . md5($goalName);
    $sessionValue = 'goal_completed_' . md5($goalName);
    return (isset($_SESSION[$sessionKey]) && $_SESSION[$sessionKey] || isset($_COOKIE['form-1-complete']) == $sessionValue);

    1. Hi Ben,

      Thanks for the question. I’ve actually not worked with sessions before, so I couldn’t tell you if this is correct or not. You might want to check out Stack Exchange for an expert answer.

      1. Ben says:

        Thanks I posted it to stack overflow. Here is the link incase anyone has a similar question:

Leave a Reply