Scribd
Upload
7 views

COOKIES and SESSION in PHP

Uploaded by

tridibchowdhurybrp
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
7 views

COOKIES and SESSION in PHP

Uploaded by

tridibchowdhurybrp
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

COOKIES and SESSION in PHP

Why and when to use Cookies?

 Http is a stateless protocol; cookies allow us to track the state of the application using small files
stored on the user’s computer.The path were the cookies are stored depends on the
browser.Internet Explorer usually stores them in Temporal Internet Files folder.

 Tracking the pages visited by a user

Creating Cookies
Let’s now look at the basic syntax used to create a cookie.

<?php

setcookie(cookie_name, cookie_value, [expiry_time], [cookie_path], [domain], [secure], [httponly]);

?>
HERE,

 Php“setcookie” is the PHP function used to create the cookie.

 “cookie_name” is the name of the cookie that the server will use when retrieving its value from
the $_COOKIE array variable. It’s mandatory.
 “cookie_value” is the value of the cookie and its mandatory

 “[expiry_time]” is optional; it can be used to set the expiry time for the cookie such as 1 hour.
The time is set using the PHP time() functions plus or minus a number of seconds greater than 0
i.e. time() + 3600 for 1 hour.

 “[cookie_path]” is optional; it can be used to set the cookie path on the server. The forward slash
“/” means that the cookie will be made available on the entire domain.

 “[secure]” is optional, the default is false. It is used to determine whether the cookie is sent via
https if it is set to true or http if it is set to false.

 “[Httponly]” is optional. If it is set to true, then only client side scripting languages
i.e. JavaScript cannot access them.
Note: the php set cookie function must be executed before the HTML opening tag.

Let’s now look at an example that uses cookies.

We will create a basic program that allows us to store the user name in a cookie that expires after ten
seconds.

<?php
setcookie("user_name", "Guru99", time()+ 60,'/'); // expires after 60 seconds
echo 'the cookie has been set for 60 seconds';
?>

Output:
the cookie has been set for 60 seconds

Retrieving the Cookie value


Create another file named “cookies_read.php” with the following code.

<?php
print_r($_COOKIE); //output the contents of the cookie array variable
?>

What is a Session?

 A session is a global variable stored on the server.


 Each session is assigned a unique id which is used to retrieve stored values.
 Sessions have the capacity to store relatively large data compared to cookies.
 The session values are automatically deleted when the browser is closed. If you want to store the
values permanently, then you should store them in the database.
 session variables are stored in the $_SESSION array variable. Just like cookies, the session must
be started before any HTML tags.

Why and when to use Sessions?

 You want to store important information such as the user id more securely on the server where
malicious users cannot temper with them.
 You want to pass values from one page to another.
 You want the alternative to cookies on browsers that do not support cookies.
 You want to store global variables in an efficient and more secure way compared to passing them
in the URL
 You are developing an application such as a shopping cart that has to temporary store information
with a capacity larger than 4KB.
Creating a Session
In order to create a session, you must first call the PHP session_start function and then store your values
in the $_SESSION array variable.

Let’s suppose we want to know the number of times that a page has been loaded, we can use a session to
do that.

<?php
// Start the session
session_start();

// Access session variables


echo "Username: " . $_SESSION["username"];
echo "Email: " . $_SESSION["email"];
?>

Destroying Session Variables


The session_destroy() function is used to destroy the whole Php session variables.

If you want to destroy only a session single item, you use the unset() function.

The code below illustrates how to use both methods.

<?php

session_destroy(); //destroy entire session

?>

<?php

unset($_SESSION['product']); //destroy product session item

?>

Session_destroy removes all the session data including cookies associated with the session.

Unset only frees the individual session variables.

Other data remains intact.


Difference Between Session and Cookies

Cookies Session

Cookies are client-side files on a local


Sessions are server-side files that contain user data.
computer that hold user information.

Cookies end on the lifetime set by the When the user quits the browser or logs out of the
user. programmed, the session is over.

It can only store only upto 4KB data. It can hold an indefinite quantity of data.

Because cookies are kept on the local


To begin the session, we must use the session start()
computer, we don’t need to run a
method.
function to start them.

Cookies are not secured. Session are more secured compare than cookies.

Cookies stored data in text file. Session save data in encrypted form.

Cookies stored on a limited data. Session stored a unlimited data.

In PHP, to get the data from Cookies , In PHP , to get the data from Session, $_SESSION the
$_COOKIES the global variable is used global variable is used

We can set an expiration date to delete In PHP, to destroy or remove the data stored within a
the cookie’s data. It will automatically session, we can use the session_destroy() function, and to
delete the data at that specific time. unset a specific variable, we can use the unset() function.

You might also like