Cookie Structure

PrestaShop uses cookies encrypted with Rijndael or Blowfish to store all session information for customers and employees. Separate cookies for each customer and employee are stored in the user's browser cache. PrestaShop uses classes/Cookie.php to read and write its cookies.

To access the cookie from inside PrestaShop, use $this->context->cookie->variable. To access the cookie from outside of PrestaShop, use code like the following:

include_once('path_to_prestashop/config/config.inc.php');
$cookie = new Cookie('ps');

Change 'ps' to 'psAdmin' to read the employee cookie. If multistore is enabled and configured to share orders, use 'ps-s' followed by the shop ID or 'ps-sg' followed by the shop group ID.

Customer Cookie

The following table contains the public variables in PrestaShop's customer cookie, which are related to the current visitor on your website:

Variable Description
ajax_blockcart_display Whether the cart block is "expanded" or "collapsed".
date_add The date and time the cookie was created (in YYYY-MM-DD HH:MM:SS format).
checkedTOS Whether the Terms of service checkbox has been ticked (1 if it has and 0 if it hasn't).
checksum The Blowfish checksum used to determine whether the cookie has been modified by a third party. The customer will be logged out and the cookie deleted if the checksum doesn't match.
customer_lastname The last name of the customer.
customer_firstname The first name of the customer.
email The email address that the customer used to log in.
id_cart The ID of the current cart displayed in the cart block.
id_compare The ID of the current product comparison.
id_connections The connection ID of the visitor's current session.
id_currency The ID of the selected currency.
id_customer The customer ID of the visitor when logged in.
id_guest The guest ID of the visitor when not logged in.
id_lang The ID of the selected language.
id_wishlist The ID of the current wishlist displayed in the wishlist block.
last_visited_category The ID of the last visited category of product listings.
logged Whether the customer is logged in.
passwd The MD5 hash of the _COOKIE_KEY_ in config/settings.inc.php and the password the customer used to log in.
viewed The IDs of recently viewed products as a comma-separated list.

There are also variables for product customisation. For example, pictures_1 contains the filenames of the images the customer has uploaded to product 1 (in the upload directory) and textfields_1 contains the text the customer has uploaded to product 1. Use the following code to get the customisation files and text fields of product 1:

$files = $cookie->getFamily('pictures_1');
$textFields = $cookie->getFamily('textFields_1');

Employee Cookie

The following table contains the public variables in PrestaShop's employee cookie, which relates to the employee who is currently logged in to the Back Office:

Variable Description
checksum The Blowfish checksum used to determine whether the cookie has been modified by a third party. The customer will be logged out and the cookie deleted if the checksum doesn't match.
csv_selected The selected CSV file when importing data.
date_add The date and time the cookie was created (in YYYY-MM-DD HH:MM:SS format).
detect_language Whether to choose a language based on the browser's configured language.
email The email address the employee used to log in.
firstname The first name of the employee.
id_employee The ID of the employee.
id_lang The ID of the selected language.
is_contributor Whether the PrestaShop Addons account is a seller account.
lastname The last name of the employee.
passwd The MD5 hash of the _COOKIE_KEY_ in config/settings.inc.php and the password the employee used to log in.
password_addons The unencrypted password of the PrestaShop Addons account when logged in.
profile The ID of the profile that determines which tabs the employee can access.
remote_addr The IP address of the employee.
shopContext The current shop context as selected in the dropdown after the PrestaShop logo in the Back Office.
stats_date_update The date current date to as displayed on the Dashboard stats.
stats_granularity The granularity of stats on the Dashboard Forecast.
username_addons The email address of the PrestaShop Addons account when logged in.

There are also pagination and filter variables stored in the employee cookie so that the state of the tables is saved. For example, the order_pagination variable stores how many orders are displayed per page and orderFilter_id_order stores the filter applied to the id_order column of the orders table.

Private Variables

These private cookie variables cannot be accessed directly like the public variables above.

Variable Description
_allow_writing Whether the cookie is allowed to be written.
_bf The Blowfish instance used to encrypt and decrypt the cookie.
_ciphertool The Rijndael instance used to encrypt and decrypt the cookie.
_domain The domain name of the website where the cookie was created. For example, yoursite.com.
_expire The expiry date of the cookie. The lifetime can be changed on the Administration > Preferences tab in the Back Office.
_iv The encrypted cookie iv that is used by Blowfish to decrypt the cookie.
_key The encrypted cookie key that is used by Blowfish to decrypt the cookie.
_modified Whether the cookie has been modified since it was last written.
_name The unique name of the cookie (Prestashop- followed by the MD5 hash of ps for customer cookie or psAdmin for employee cookie and _COOKIE_KEY_ in config/settings.inc.php).
_path The path of the website where the cookie was created. For example, /prestashop/.
_salt The password hashing salt.
_secure Whether the cookie should only be transmitted over a secure HTTPS connection.
_standalone Whether the cookie is a session cookie instead of a persistent cookie.