Cookie Structure

PrestaShop uses cookies encrypted with Rijndael or Blowfish to store all session information for customers and employees. Separate cookies for each customer and employee are stored in the user's browser cache. PrestaShop uses classes/Cookie.php to read and write its cookies.

The customer cookie is read on line 94 (in PrestaShop v1.4.2) of init.php and the employee cookie is read on line 32 of /admin/init.php. To access the cookie from inside PrestaShop, add global $cookie; (or add $cookie to the list of global variables) to the top of the function in a class or at the top of a non-class file. A variable in the cookie can then be accessed or changed using $cookie->variable. To access the cookie from outside of PrestaShop, use code like the following:

include_once('path_to_prestashop/config/config.inc.php');
include_once('path_to_prestashop/config/settings.inc.php');
include_once('path_to_prestashop/classes/Cookie.php');
$cookie = new Cookie('ps');

Change 'ps' to 'psAdmin' to read the employee cookie.

Customer Cookie

The following table contains the public variables in PrestaShop's customer cookie, which are related to the current visitor on your website:

Variable

Description

date_add

The date and time the cookie was created (in YYYY-MM-DD HH:MM:SS format).

id_lang

The ID of the selected language.

id_currency

The ID of the selected currency.

last_visited_category

The ID of the last visited category of product listings.

ajax_blockcart_display

Whether the cart block is "expanded" or "collapsed".

Viewed

The IDs of recently viewed products as a comma-separated list.

id_wishlist

The ID of the current wishlist displayed in the wishlist block.

checkedTOS

Whether the "Terms of service" checkbox has been ticked (1 if it has and 0 if it hasn't)

id_guest

The guest ID of the visitor when not logged in.

id_connections

The connection ID of the visitor's current session.

id_customer

The customer ID of the visitor when logged in.

customer_lastname

The last name of the customer.

customer_firstname

The first name of the customer.

logged

Whether the customer is logged in.

passwd

The MD5 hash of the _COOKIE_KEY_ in config/settings.inc.php and the password the customer used to log in.

email

The email address that the customer used to log in.

id_cart

The ID of the current cart displayed in the cart block.

checksum

The Blowfish checksum used to determine whether the cookie has been modified by a third party. The customer will be logged out and the cookie deleted if the checksum doesn't match.

There are also variables for product customisation. For example, pictures_1 contains the filenames of the images the customer has uploaded to product 1 (in the upload directory) and textfields_1 contains the text the customer has uploaded to product 1. Use the following code to get the customisation files and textfields of product 1:

$files = $cookie->getFamily('pictures_1');
$textFields = $cookie->getFamily('textFields_1');

Employee Cookie

The following table contains the public variables in PrestaShop's employee cookie, which relates to the employee who is currently logged in to the Back Office:

Variable

Description

date_add

The date and time the cookie was created (in YYYY-MM-DD HH:MM:SS format).

id_lang

The ID of the selected language.

id_employee

The ID of the employee.

lastname

The last name of the employee.

firstname

The first name of the employee.

email

The email address the employee used to log in.

profile

The ID of the profile that determines which tabs the employee can access.

passwd

The MD5 hash of the _COOKIE_KEY_ in config/settings.inc.php and the password the employee used to log in.

checksum

The Blowfish checksum used to determine whether the cookie has been modified by a third party. The customer will be logged out and the cookie deleted if the checksum doesn't match.

There are also pagination and filter variables stored in the employee cookie so that the state of the tables is saved. For example, the order_pagination variable stores how many orders are displayed per page and orderFilter_id_order stores the filter applied to the id_order column of the orders table.

Private Variables

These private cookie variables cannot be accessed directly like the public variables above.

Variable

Description

_name

The unique name of the cookie (the MD5 hash of "ps" for customer cookie or "psAdmin" for employee cookie and _COOKIE_KEY_ in config/settings.inc.php).

_expire

The expiry date of the cookie. It can be changed using the setExpire function in classes/Cookie.php. By default, PrestaShop cookies expire after 1728000 seconds (or 20 days). This can be changed on line 65 (in PrestaShop v1.4.2) of classes/Cookie.php.

_domain

The domain name of the website where the cookie was created. For example, yoursite.com.

_path

The path of the website where the cookie was created. For example, /prestashop/.

_bf

The Blowfish instance used to encrypt and decrypt the cookie.

_key

The encrypted cookie key that is used by Blowfish to decrypt the cookie.

_iv

The encrypted cookie iv that is used by Blowfish to decrypt the cookie.

Last updated