What are sessions and cookies in php

PHP State Management (Sessions & Cookies) Tutorial

In this tutorial we learn how to store the state of our PHP application on the user’s browser (with cookies), or on the server itself (with sessions).

We also learn the best practice to delete a cookie, and how to test if a cookie can be set.

• What is state management?
• What is a session?
• How to start a session and store session data
• How to access session data
• How to change session data
• How to remove stored session data from variables
• How to destroy a session
• How to destroy a session
• What is a cookie?
• How to access cookie data
• How to change cookie data
• How to delete a cookie
• How to test if cookies can be set
• Summary

What is state management?

PHP allows us to save certain states of the application either on the server itself, or in the user’s browser. PHP provides us with two different techniques to manage states in a web application:

1. Sessions: Server Side State Management
2. Cookies: Client Side State Management

What is a session

Sessions are states that are saved to the server (like a unique ID), or if a user is logged into their account.

note Because sessions are not stored in the browser like cookies, it is a more secure option.

As an example, let’s consider a social media application like Facebook.

When users log into their Facebook account, the application remembers who they are until they log out. When logged in, a user has access to special features such as sending messages, uploading images and videos, joining groups etc.

The application tracks these states and stores them as a session on the server. As soon as the user is logged out, the session is destroyed.

How to start a session and store session data

To start a session in PHP, we use the session_start() function. We store session data by using the $_SESSION superglobal.

  The session_start() function must be the first statement in the document.

  Sessions page In the example above we also create an html hyperlink to another page, which will demonstrate how sessions save data across pages.

How to access session data

Before we access the session data set up in the previous section, create the sessions.php file in your main directory.

If you have been following along with the course and you’re working in Atom, follow the steps below.

1. Inside Atom, navigate to your /PHPProjects/ folder.
2. In the Project Pane, right-click on the /PHPProjects/ folder and select New File .
3. Name the file “sessions.php” and press Enter .

We access session data in the same way we would access an array element.

 When we run the main.php file, it stores the session data. Clicking the link takes us to a new page where we display the stored data. The username value survived across pages.

note We must remember to start a session with the session_start() function, even on pages that only access session data. The session start function will fetch an ongoing session if one has already been started elsewhere.

How to change session data

Session variables are mutable, which means they can be changed during runtime. To change the value of a session variable, we simply assign a new value to it.

 Example: main.php - change session data

  Sessions page In the example above, we change the username session variable from John to Jane. If we run main.php and click on the link, the new name will be printed to the page.

How to remove stored session data from variables

If we want to clear out all the stored values from session variables, we use the session_unset() function.

   After we unset the value of the username variable, we can no longer print it and the interpreter will raise an Undefined index error.

 Notice: Undefined index: username on line 10

How to destroy a session

We can destroy a whole session completely with the session_destroy() function.

   When the session is destroyed, both echo statements will not be able to print the username variable, and the interpreter will raise an error.

Notice: Undefined index: username on line 4 Hello Notice: Undefined index: username on line 10

note It’s important to note that destroying a session may take some time, it is not always immediate.

Typically, a session is destroyed after logout or checkout etc. to clean the session variable of the user specific data.

What is a cookie

Cookies are states that are saved to the user’s system, instead of the server. Unlike a session, a cookie has a 1024 byte size limit. Cookies are sent to the web server as header information in every HTTP request.

note Cookies are not stored on the server, they can be modified and deleted. Cookies are less reliable and secure than sessions.

As an example, let’s consider an application with a member area. Once a user enters their log in details, a cookie is created on that user’s system that saves those details.

If the user comes back to the application, the login details can be automatically filled into the form so that the user doesn’t have to repeat the process.

Cookies are also commonly used to serve advertisements based on products that the user views around the web. For example, if a user views a product on Amazon, they will find advertisements of similar products when using Facebook or Google services.

How to set a cookie

PHP provides us with the setcookie() function to create, or set, a cookie.

 The first argument, name, is mandatory for every cookie. The rest of the arguments are optional, but recommended.

Argument	Usage
name	Required. The name the cookie will be referred to. Must be a string.
value	Optional. The value of the cookie.
expiration	Optional. If an expiration time is not set, the cookie will expire when the browser is closed.
path	Optional. The path on the server the cookie will be available on. The cookie can be set to ‘/’ to be available to the entire domain.
domain	Optional. The (sub)domain that the cookie is available to. Sub-domains of the specified domain are automatically included.
secure	Optional. If set to true, the cookie will only be set for a HTTPS secure connection.

   The value portion of the cookie will automatically be urlencoded when the cookie is sent. Characters such as a space and . will be converted to underscores. When the cookie is received, it will be automatically decoded and assigned to a variable with the same name.

The expiration time is often confusing for many beginners that aren’t used to working with the UNIX timestamp. In such a case we can use the strtotime() function which converts time from a string into the correct time.

 Example: alternate expiration time

Источник

Understanding Cookies and Sessions in PHP

Have you ever wondered how your details and recent activities on a website are being saved and remembered by your system? This happens with the help of cookies and sessions. In this article, we will discuss what cookies and sessions are, how cookies and sessions work in PHP, How cookies and sessions are created, accessed, modified, and deleted, and the difference between cookies and sessions in PHP.

The Idea Behind Cookies and Sessions in PHP.

If you want to know more about the internet, Cookies and Sessions are two essential things you need to know. The idea behind them is that they both save the information of the user, such as login details, recent products checked, etc. Cookies are automatically saved whenever a new web page is opened or reloaded. Whenever cookies request user information from the server. The server sets a Session ID in the cookies. The server uses that session ID to identify the cookies where the request is coming from.

What Are Cookies in PHP?

Cookies are small files of information that are sent to a browser to store a user’s information from a particular visited website. Cookies stores user information from a website in the browser only and use that information to identify the user when next the user tries to use visit the same website in the browser

Setting Cookies in PHP

The setcookie() function is used to set a cookie in PHP, it accepts up to six arguments in general, which are all in strings.

Syntax:

---Php setcookie(name, value, expire, path, domain, secure) 

The setcookie() function should be called first before any other code is called or executed, just like the code below:

Parameter	Description
Name	This contains the name of the cookie.
Value	This contains the value of the cookie. This could be in a string or integer form
Expire	This will contain the expiration date, of the cookie. If omitted, it will take the default value(0s), and immediately after the user reloads or closes the web page the data in the cookies will be lost. Optional
Path	This will contain the path of the cookie in the webserver. Optional.
Domain	This will contain the domain works. For example, www.example.com. Optional
Secure	Optional.

The name: ‘Username’, value: ‘Dennis’, expire: time() + 86400, path: ‘/’. we will leave the remaining parameters since they are optional time() is a function that returns the current time.

How to Access a cookie in PHP

There are different methods you can access a cookie in PHP, but we take the easy method to achieve this by using either $_COOKIE or $HTTP_COOKIE_VARS .

---Php   "; //Accessing a cookie with $HTTP_COOKIE_VARS echo $HTTP_COOKIE_VARS["Username"] . "
"; ?>  

How to Delete a cookie in PHP

The setcookie() function can be used to delete cookies in PHP just the same as creating a cookie. The only difference is to reverse the expiry time to a past time.
The example below illustrates how we can achieve that.

What Are Sessions in PHP?

Sessions save the user information and activity on a website to a file in a temporary directory on the server. They make user-stored information available across all other websites the browser This user data are stored temporarily on the server. By default, when a user refreshes or closes the browser the user data vanishes from the server.

How to Start a Session in PHP.

session_start() is a function that is used to start a session in PHP.
PHP $_SESSION is a PHP global variable. It is also an array that stores a session variable whenever a session creates a temporary file in the server. Let’s start a new PHP session and set a few session variables to the $_SESSION :

How to Get a Session Variable Values and display it

Here, we will get the Session variable from the previous code.
View this example to get a better understanding:

How to Modify a Session Variable

How to destroy a session in PHP.

To remove all variable values from a session, you have to make use of two functions, session_unset() and session_destroy() . These functions have different purposes.
Follow this example below:

Differences Between Cookies and Sessions in PHP.

Cookies	Sessions
Cookies stores user data in the browser	Sessions stores user data in the server
Cookies store user data permanently till the user decides to discard it	Sessions stores user data temporarily and dispose of it when the user refreshes or closes the browser.
Cookies can easily be accessed by hackers since it stores user data in the browser	Sessions cannot be accessed by hackers since it stores a user data on the server
Cookies contain a minimal amount of storage space(4kb) to store user data	Sessions contain a large amount of storage space(128MB) to store user data

Conclusion

We learned what Cookies and Sessions are in PHP, their purpose, How they work, and the difference between them. I hope this was helpful. Thank you for taking the time to read this.

Источник