Working with Cookies and Sessions in PHP
1. Cookies in PHP
1.1 Introduction to Cookies
-
A cookie is a small piece of data stored in the user’s browser.
-
Used to:
-
Store user preferences
-
Track users
-
Maintain state across requests
-
-
Cookies are stored client-side (browser).
1.2 Setting Cookies in PHP
Syntax
setcookie(name, value, expiry, path, domain, secure, httponly);Example
<?php
setcookie("username", "Shivam", time() + 3600); // expires in 1 hour
?>Important Points
-
Must be called before any HTML output
-
time() + 3600→ expiry in seconds
1.3 Accessing Cookies
<?php
if (isset($_COOKIE['username'])) {
echo "Welcome " . $_COOKIE['username'];
}
?>1.4 Deleting Cookies
Method: Set expiry in past
<?php
setcookie("username", "", time() - 3600);
?>1.5 Advantages and Limitations
Advantages
-
Simple to use
-
Stored on client side
Limitations
-
Limited size (~4KB)
-
Less secure (can be modified by user)
2. Sessions in PHP
2.1 Introduction to Sessions
-
Session stores data on the server.
-
Each user is assigned a unique session ID.
-
Used for:
-
Login systems
-
Shopping carts
-
Secure data storage
-
2.2 Starting a Session
Syntax
session_start();Example
<?php
session_start();
?>Important Rule
- Must be called before any HTML output
2.3 Working with Session Variables
Setting Session Variable
<?php
session_start();
$_SESSION['username'] = "Shivam";
?>Accessing Session Variable
<?php
session_start();
echo $_SESSION['username'];
?>Checking Session Variable
<?php
if (isset($_SESSION['username'])) {
echo "Logged in";
}
?>2.4 Passing Session IDs in Query String
- Session ID can be passed manually in URL.
Example
<?php
session_start();
echo session_id();
?>URL example:
page.php?PHPSESSID=abc123
Note
-
Used when cookies are disabled
-
Not recommended due to security risks
2.5 Destroying Sessions
1. Unset Specific Variable
<?php
unset($_SESSION['username']);
?>2. Destroy Entire Session
<?php
session_start();
session_destroy();
?>2.6 Complete Session Cleanup
<?php
session_start();
session_unset(); // remove all variables
session_destroy(); // destroy session
?>2.7 Using Sessions (Login Example)
<?php
session_start();
$_SESSION['user'] = "Shivam";
echo "Session started for " . $_SESSION['user'];
?>3. Cookies vs Sessions
3.1 Differences
-
Storage:
-
Cookies → Client-side
-
Sessions → Server-side
-
-
Security:
-
Cookies → Less secure
-
Sessions → More secure
-
-
Size:
-
Cookies → Limited
-
Sessions → Larger data
-
4. Complete Working Program
Problem: Simple Login System using Cookies and Sessions
<?php
session_start();
// If form submitted
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$username = $_POST['username'];
// Set session
$_SESSION['user'] = $username;
// Set cookie (valid for 1 hour)
setcookie("user", $username, time() + 3600);
echo "Login successful!<br>";
}
// Show session data
if (isset($_SESSION['user'])) {
echo "Session User: " . $_SESSION['user'] . "<br>";
}
// Show cookie data
if (isset($_COOKIE['user'])) {
echo "Cookie User: " . $_COOKIE['user'] . "<br>";
}
// Logout
if (isset($_GET['logout'])) {
session_unset();
session_destroy();
setcookie("user", "", time() - 3600);
echo "Logged out successfully";
}
?>
<!-- HTML Form -->
<form method="POST">
Username: <input type="text" name="username"><br>
<input type="submit" value="Login">
</form>
<a href="?logout=true">Logout</a>5. Quiz (Exam Practice)
Q1. What is a cookie?
Small data stored in browser.
Q2. Which function is used to start a session?
session_start()
Q3. Where are sessions stored?
Server-side
Q4. How to delete a cookie?
Set expiry time in past.
Q5. Which is more secure: cookies or sessions?
Sessions
6. Summary
6.1 Cookies
-
Stored in browser
-
Use
setcookie() -
Limited and less secure
6.2 Sessions
-
Stored on server
-
Use
session_start() -
Secure and widely used
6.3 Key Functions
-
Cookies:
-
setcookie()
-
$_COOKIE
-
-
Sessions:
-
session_start()
-
$_SESSION
-
session_destroy()
-