Giver Khadka's PHP Blog
PHP: Session and Cookie

Photo by Joshua Bedford on Unsplash

PHP: Session and Cookie

Giver Kdk's photo
Giver Kdk
·

2 min read

Table of contents

Session

It is used to temporarily store data on a server. The data lasts until the website is closed. It can keep track of data between different pages. Since the data is not stored in the user's computer, it is good for storing sensitive data.

Let us take an example of a form that takes user-name as input and shows that value on another page.

session.php:

<?php
    if(isset($_POST["submit"]))        
    {
        // Initialize the use of session
        session_start();
        // Define custom key inside session
        $_SESSION["myName"] = $_POST["name"];
        // Move to different page
        header("Location: index.php");
    }
?>
<html>
<head><title>Session in PHP</title></head>
<body>
    <form action="session.php" method="post">
        <label for="username">Your Name</label>
        <input type="text" name="name" id="username">
        <button type="submit" name="submit">Submit</button>
    </form>
</body>
</html>

Here, when a user submits the form, 'session_start()' creates a session in PHP, we define our session variable and go to the index.php page.

index.php:

<html>
<head><title>Home</title></head>
<body>
    Welcome to the HomePage.
    <?php 
        // Initialize 'session' before use
        session_start();
        if($_SESSION["myName"]) echo $_SESSION["myName"];
    ?>
    <a href="./session.php"><button type="button">Add Name</button></a>
</body>
</html>

To use the stored session variable, we resume the session using the same 'session_start()' function and access the value.

Deleting Session

We can use the 'unset()' function to delete particular session variables and 'session_unset()' to clear all session values:

session_start();
unset($_SESSION["myName"]);
// session_unset();

Cookie

A cookie is used to store data in the user's computer and not in the server. It is helpful to identify the user data and improve user experience according to that data. But, it is not suitable for storing sensitive user data.

Let us take an example of a web page taking user gender as input and displaying that on another page.

cookie.php:

<?php
if (isset($_POST["submit"])) {
    // 'setcookie(key, value, expiry_date)'
    setcookie("gender", $_POST["gender"], time() + 10000);
    header("Location: index.php");
}
?>
<html>
<head><title>Cookie in PHP</title></head>
<body>
    <form action="cookie.php" method="post">
        <input type="radio" id="radio1" name="gender" checked value="Male">
        <label for="radio1">Male</label>
        <input type="radio" id="radio2" name="gender" value="Female">
        <label for="radio2">Female</label>
        <button type="submit" name="submit" class="btn btn-primary">Submit</button>
    </form>
</body>
</html>

Here, when the user submits the form, we set the cookie with an expiration date of 10000 milliseconds ahead of the current time and go to the index.php page.

index.php:

<html>
<head><title>Home</title></head>
<body>
    Welcome to the HomePage. You are a 
    <?php 
        if($_COOKIE["gender"]) echo $_COOKIE["gender"];
    ?>
    <a href="./cookie.php"><button type="button">Add Name</button></a>
</body>
</html>

We use '$_COOKIE[]' to access the cookie we set in the cookie.php page.

Deleting Cookie

Simply set the expiry date to past time to delete the cookie from the user's computer.

// Here, we set the expiry date to 10000 milliseconds behind
setcookie("gender", $_POST["gender"], time() - 10000);
Sessioncookiessession in phpcookie in phpsession and cookie