Managing Cookies

PrestaShop uses encrypted cookies to store all the session information, for visitors/clients as well as for employees/administrators.

The Cookie class (/classes/Cookie.php) is used to read and write cookies.

In order to access the cookies from within PrestaShop code, you can use this:

$this->context->cookie;

All the information stored within a cookie is available using this code:

$this->context->cookie->variable;

If you need to access the PrestaShop cookie from non-PrestaShop code, you can use this code:

include_once('path_to_prestashop/config/config.inc.php');
include_once('path_to_prestashop/config/settings.inc.php');
include_once('path_to_prestashop/classes/Cookie.php');
$cookie = new Cookie('ps'); // Use "psAdmin" to read an employee's cookie.

Data stored in a visitor/client's cookie

TokenDescription
date_addThe date and time the cookie was created (in YYYY-MM-DD HH:MM:SS format).
id_langThe ID of the selected language.
id_currencyThe ID of the selected currency.
last_visited_categoryThe ID of the last visited category of product listings.
ajax_blockcart_displayWhether the cart block is "expanded" or "collapsed".
viewedThe IDs of recently viewed products as a comma-separated list.
id_wishlistThe ID of the current wishlist displayed in the wishlist block.
checkedTOSWhether the "Terms of service" checkbox has been ticked (1 if it has and 0 if it hasn't)
id_guestThe guest ID of the visitor when not logged in.
id_connectionsThe connection ID of the visitor's current session.
id_customerThe customer ID of the visitor when logged in.
customer_lastnameThe last name of the customer.
customer_firstnameThe first name of the customer.
loggedWhether the customer is logged in.
passwdThe MD5 hash of the _COOKIE_KEY_ in config/settings.inc.php and the password the customer used to log in.
emailThe email address that the customer used to log in.
id_cartThe ID of the current cart displayed in the cart block.
checksumThe Blowfish checksum used to determine whether the cookie has been modified by a third party.
The customer will be logged out and the cookie deleted if the checksum doesn't match.

Data stored in an employee/administrator's cookie

TokenDescription
date_addThe date and time the cookie was created (in YYYY-MM-DD HH:MM:SS format).
id_langThe ID of the selected language.
id_employeeThe ID of the employee.
lastnameThe last name of the employee.
firstnameThe first name of the employee.
emailThe email address the employee used to log in.
profileThe ID of the profile that determines which tabs the employee can access.
passwdThe MD5 hash of the _COOKIE_KEY_ in config/settings.inc.php and the password the employee used to log in.
checksumThe Blowfish checksum used to determine whether the cookie has been modified by a third party.
If the checksum doesn't match, the customer will be logged out and the cookie is deleted .