Title: WP_Http_Cookie::test
Published: April 25, 2014
Last modified: April 28, 2025

---

# WP_Http_Cookie::test( string $url ): bool

## In this article

 * [Description](https://developer.wordpress.org/reference/classes/wp_http_cookie/test/?output_format=md#description)
 * [Parameters](https://developer.wordpress.org/reference/classes/wp_http_cookie/test/?output_format=md#parameters)
 * [Return](https://developer.wordpress.org/reference/classes/wp_http_cookie/test/?output_format=md#return)
 * [Source](https://developer.wordpress.org/reference/classes/wp_http_cookie/test/?output_format=md#source)
 * [Changelog](https://developer.wordpress.org/reference/classes/wp_http_cookie/test/?output_format=md#changelog)

[ Back to top](https://developer.wordpress.org/reference/classes/wp_http_cookie/test/?output_format=md#wp--skip-link--target)

Confirms that it’s OK to send this cookie to the URL checked against.

## 󠀁[Description](https://developer.wordpress.org/reference/classes/wp_http_cookie/test/?output_format=md#description)󠁿

Decision is based on RFC 2109/2965, so look there for details on validity.

## 󠀁[Parameters](https://developer.wordpress.org/reference/classes/wp_http_cookie/test/?output_format=md#parameters)󠁿

 `$url`stringrequired

URL you intend to send this cookie to

## 󠀁[Return](https://developer.wordpress.org/reference/classes/wp_http_cookie/test/?output_format=md#return)󠁿

 bool true if allowed, false otherwise.

## 󠀁[Source](https://developer.wordpress.org/reference/classes/wp_http_cookie/test/?output_format=md#source)󠁿

    ```php
    public function test( $url ) {
    	if ( is_null( $this->name ) ) {
    		return false;
    	}

    	// Expires - if expired then nothing else matters.
    	if ( isset( $this->expires ) && time() > $this->expires ) {
    		return false;
    	}

    	// Get details on the URL we're thinking about sending to.
    	$url         = parse_url( $url );
    	$url['port'] = isset( $url['port'] ) ? $url['port'] : ( 'https' === $url['scheme'] ? 443 : 80 );
    	$url['path'] = isset( $url['path'] ) ? $url['path'] : '/';

    	// Values to use for comparison against the URL.
    	$path   = isset( $this->path ) ? $this->path : '/';
    	$port   = isset( $this->port ) ? $this->port : null;
    	$domain = isset( $this->domain ) ? strtolower( $this->domain ) : strtolower( $url['host'] );
    	if ( false === stripos( $domain, '.' ) ) {
    		$domain .= '.local';
    	}

    	// Host - very basic check that the request URL ends with the domain restriction (minus leading dot).
    	$domain = ( str_starts_with( $domain, '.' ) ) ? substr( $domain, 1 ) : $domain;
    	if ( ! str_ends_with( $url['host'], $domain ) ) {
    		return false;
    	}

    	// Port - supports "port-lists" in the format: "80,8000,8080".
    	if ( ! empty( $port ) && ! in_array( $url['port'], array_map( 'intval', explode( ',', $port ) ), true ) ) {
    		return false;
    	}

    	// Path - request path must start with path restriction.
    	if ( ! str_starts_with( $url['path'], $path ) ) {
    		return false;
    	}

    	return true;
    }
    ```

[View all references](https://developer.wordpress.org/reference/files/wp-includes/class-wp-http-cookie.php/)
[View on Trac](https://core.trac.wordpress.org/browser/tags/6.9.4/src/wp-includes/class-wp-http-cookie.php#L181)
[View on GitHub](https://github.com/WordPress/wordpress-develop/blob/6.9.4/src/wp-includes/class-wp-http-cookie.php#L181-L221)

## 󠀁[Changelog](https://developer.wordpress.org/reference/classes/wp_http_cookie/test/?output_format=md#changelog)󠁿

| Version | Description | 
| [2.8.0](https://developer.wordpress.org/reference/since/2.8.0/) | Introduced. |

## User Contributed Notes

You must [log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Fclasses%2Fwp_http_cookie%2Ftest%2F)
before being able to contribute a note or feedback.