Class HTTPCookie

set_expiration_date(integer $timestamp) 

The time the cookie expires. This is a Unix timestamp so is in number of seconds since the epoch. In other words, you'll most likely set this with the time function plus the number of seconds before you want it to expire.

set_path(string $path) 

The path on the server in which the cookie will be available on.

If set to '/' (default value), the cookie will be available within the entire domain.

set_domain(string $domain) 

The domain that the cookie is available.

set_secure(boolean $secure) 

Indicates that the cookie should only be transmitted over a secure HTTPS connection from the client. When set to true, the cookie will only be set if a secure connection exists. The default is false. On the server-side, it's on the programmer to send this kind of cookie only on secure connection (e.g. with respect to $_SERVER["HTTPS"]).

set_httponly(boolean $httponly) 

When true the cookie will be made accessible only through the HTTP protocol. This means that the cookie won't be accessible by scripting languages, such as JavaScript. This setting can effectively help to reduce identity theft through XSS attacks (although it is not supported by all browsers). Added in PHP 5.2.0.