Set browser cookies from a WordPress macro

Setting cookies from server-side WordPress is clumsy

You want a macro step that marks a visitor as "seen this offer" so a promo banner stops showing. In JavaScript this is document.cookie = "seen_promo=1". In PHP it's setcookie() with a carefully-constructed expiry date, path, and secure flag, easy to get wrong.

Worse: set a cookie named wp_user_session by accident and you can break logged-in sessions. setcookie() has no safety net for WordPress-reserved names.

What most people do instead

A better way: safe cookie writes from a macro

Run tp set user cookie -name=cookie_name -value=value. Default expiry is 365 days. Pass -expires=0 for a session cookie. Reserved WordPress cookie names (anything starting with wp_, wordpress_, or PHPSESSID) are rejected.

Shown in advanced mode, where commands start with tp. In easy mode you type the same command without the tp prefix.

How it works

Wraps setcookie() with sensible defaults (path=/, secure + httpOnly when site is HTTPS) and a reserved-name blocklist. Default expiry is 365 days. Pass -expires=0 for a session cookie. Empty -value effectively deletes the cookie.

Real example

You run a limited-time promo banner. After a visitor dismisses it, you want the banner hidden for 30 days. A JavaScript listener already exists, but you want the "seen" flag stored server-side so it persists across devices if the user logs in.

The macro triggers on "dismiss_promo" webhook from your frontend JS. Step 1: tp set user cookie -name=seen_promo -value=1 -expires=30. Step 2 (if user is logged in): tp update user meta -key=seen_promo -value=1. The banner stays hidden for 30 days on this browser, and forever on any device where the user is logged in.

Goes further with TrueCommander

Frequently asked questions