Sessions and cookies are the global storages used to store data to be persistently available all over the site. These globals can be accessed from anywhere. In PHP, there are predefined global array variables $_SESSION and $_COOKIES to contain session and cookies data, respectively. Sessions are stored in the server and the cookies are preserved only at the client side browser level.
PHP Sessions
A session is a way to store information (in the form of variables) to be used across multiple pages.
Or
The PHP session variable is used to store information about, or change settings for a user session. Session variables hold information about one single user, and are available to all pages in one application.
Working with Session
In this section, we are going to see the following to work with PHP sessions. These are,
- Starting session
- Storing session variable
- Accessing session variable
- Clearing session variable
Starting with PHP session
For starting a php session use the builtin function session_start(). This function is used in the between the php tags, as follow:
1 2 3 4 5 6 7 |
Session <h3>Starting up a session</h3> <hr /> session_start() <?php session_start(); // start up your PHP session! ?> |
Save it as session1.php
Output of the above script
To run the code Open the XAMPP server an start the services like Apache and MySQL. Open the browser and type: http://localhost/yourfoldername/session.php
Storing Session Variable
The $_SESSION array is used to create a session variable
1 2 3 4 5 6 7 |
<h3>Storing the session in the variable</h3> <hr /> <?php session_start(); $_SESSION['views'] = 1; // store session data echo "Pageviews = ". $_SESSION['views']; //retrieve data ?> |
Save it as session2.php
Output of above script
To run the code, Open the XAMPP or wamp server and start the services like Apache and MySQL. Open the browser type: http://localhost/yourfoldername/session2.php
Retrieving A Session Variable
To retrieve session variables first start session environment.
save it retrieveSession.php
1 2 3 4 5 6 7 8 |
<?php //first start session environment session_start(); // retrieve session data echo "Welcome ".$_SESSION['user']."<br/>"; echo "Your profile is ".$_SESSION['profile']; ?> |
Clearing Session Variable
PHP provides functions to clear existing session data. Those are, session_destroy(), session_unset() and more.
The session_destroy() function is used to clear all the current session data. After destroying the session, we have to reload the page to see that the session is cleared.
To make the session_destroy() action to show immediate effect, we can call session_unset() or unset() function to clear session data. Code shows an example to clear session variable.
1 2 3 4 5 |
session_start(); session_destroy(); echo $_SESSION["tagName"];//session remains until refresh unset($_SESSION["tagName"]); echo $_SESSION["tagName"];//session no more; |
Cookies
A cookie is a text file saved to a user’s system by a Web site. This file contains information that the site can retrieve on the user’s next visit, thereby allowing the site to “recognize” the user and provide an enhanced set of features customized to that specific user.
Cookie Have Some Important Security Features :
- A cookie can only be read by the Web site or domain that created it.
- A single domain cannot set more than 20 cookies.
- A single cookie cannot exceed 4 kilobytes in size.
- The maximum number of cookies that may be set on a user’s system is 300.
Set Cookie In PHP
The setcookie( ) function is used to set a cookie.
Note : The setcookie( ) function must use BEFORE the <html> tag.
Syntax
In the given example, create a cookie named “cookie_user” and assign the value “abhi” to it. We also specify that the cookie should expire after one hour.
Eg
1 2 3 4 5 6 |
<?php setcookie("cookie_name", "abhi", time()+60*60); //<strong>OR</strong> $expire=time()+60*60; etcookie("cookie_name", "arbind", $expire); ?> |
Explain : In the example above cookie_name variale creates and assign value inside variable is “arbind” which work for 1 hour.
Accessing cookies
PHP cookies can be accessed by using $_COOKIE variable. Also, we can use the other superglobals like $_SERVER, $_ENV and PHP getenv() function to access cookies by specifying HTTP_COOKIE index as shown in the code below. But, $_COOKIE has the guaranteed access in all the server compare to the other global variables. Because some server configuration will not allow us access $_SERVER, $_ENV variables.
1 2 3 4 |
echo $_COOKIE["platform"]; // Output: php // OR echo $_SERVER[‘HTTP_COOKIE’]; // Output: platform=php echo getenv(‘HTTP_COOKIE’); // Output: platform=php |
E.g.
1 2 3 4 5 6 7 8 9 10 |
PHP cookies info <h3> COOKIES INFORMATION</h3> <hr /> <?php if(isset($_COOKIE['lastVisit'])) $visit = $_COOKIE['lastVisit']; else echo " you got stale cookies!"; echo "Welcome back! You last visited on ". $visit; ?> |
Destroying the cookies
To destroy the cookie, simply use setcookie again, only set the expiration date to be in the past. Here is an example:
1 2 3 4 |
<?php // set the expiration date to one hour ago setcookie("user", "abhi", time()-60*60); ?> |
Cookies | Sessions |
---|---|
Cookies are stored in browser as text file format. | Sessions are stored in server side. |
It is stored limit amount of data. | It is stored unlimited amount of data |
It is only allowing 4kb[4096bytes]. | It is holding the multiple variable in sessions. |
It is not holding the multiple variable in cookies. | It is holding the multiple variable in sessions. |
we can accessing the cookies values in easily. So it is less secure. | we cannot accessing the session values in easily.So it is more secure. |
setting the cookie time to expire the cookie. | using session_destory(), we we will destroyed the sessions. |
The setcookie() function must appear BEFORE the <html> tag. | The session_start() function must be the very first thing in your document. Before any HTML tags. |