On 12/04/2026 01:49, gordonisnz@gmail.com wrote:
i understand that if you set a cookie & it fails, it fails silently..
(no errors)
Is there a way to force an error if it fails ? - Fog horn, Siren
blast, a cannon - "here is an error"
In cases where PHP knows setcookie() has failed it will either return false (and a warning / notice will be issued, which can be caught with a custom error handler - see set_error_handler()) or it will throw a ValueError (which can be caught with a try/catch, or the uncaught exception handler)
Other than headers already being sent, there are very few scenarios where setting a cookie should be able to fail. The most likely cases I can think of involve setting invalid parameters (domain, path, expiry, name, options like http-only, secure, partitioned, etc), or illegal characters in the name / value.
PHP checks for most issues with the cookie settings and setcookie() will throw a value error.
Illegal characters in the name / value (which will throw a ValueError) can be handled by encoding - PHP will automatically urlencode values unless you use setrawcookie() - or storing the actual value server-side and storing an id in the cookie, as happen with sessions.
If the cookie is rejected / discarded by the client-side, there's no way the PHP script that set the cookie can know. The PHP script has already terminated at this point. This scenario is also highly unlikely (assuming default cookie settings, or the code already passed development-time testing) unless the user has chosen to block cookie (with a browser extension).
You could possibly add some JS to the page that checks if the cookie has been set, but this does require that the cookie not be marked "http only", which may reduce security, depending on the purpose the cookie.
For development-time testing I would rely on the browser dev tools - is the Set-Cookie header present in the response where the cookie is supposed to be set? Does the cookie appear in the browsers cookie viewer? Is the Cookie header present in the following request?
In the case of sessions (using the default session handler), in addition to the cookie not being set, the most likely cause of failure is server-side issues - most likely filesystem related, where either the ownership / permissions of `session.save_path` are incorrect, or the disk is full. The former case should be taken care of by deployment, and the latter by server-level monitoring and alerting.
One common cause of unexpected output is using `?>` close tags on PHP files with no output (which are then followed by output such as whitespace). As a general rule, `?>` should only be used when output follows it / in view templates. There's no need to use `?>` on every PHP file.