Chapter 5: Sessions and Cookies management in PHP

This lesson examines two ways of passing data between pages of a website without requiring a
form submission from one page to another: using cookies and using sessions.

5.1

What are cookies?

A cookie is often used to identify a user. A cookie is a small file that the server embeds on the
user's computer. Each time the same computer requests a page with a browser, it will send the cookie
too. With PHP, you can both create and retrieve cookie values.
If your application deals with browsers that do not support cookies, you will have to use other
methods to pass information from one page to another in your application. One method is to pass the
data through forms. Other method is to use sessions.

5.2

Create and use cookies.

sc.php
//set cookie
<?php
$expire=time()+60*60*24*30;
// One month =60 sec * 60 min * 24 hours * 30
days.
setcookie("user", "Anand", $expire);
// variable, value, expiration
echo "Cookie set successfully";
?>
rc.php
//retrieve cookie
<?php
if (isset($_COOKIE["user"]))
echo "Welcome " . $_COOKIE["user"] . "!<br />";
else
echo "Welcome guest!<br />";
?>
dc.php
//delete cookie
// To delete cookie set the expiration date
//to one hour ago (past)
<?php
setcookie("user", "", time()-3600);
echo "Cookie deleted successfully";
?>

Run rc.php
Run sc.php
Run rc.php
Run dc.php
Run rc.php

5.3

What are sessions?

A PHP session variable is used to store information about, or change settings for a user session. Session
variables hold information about one single user, and are available to all pages in one application.
When you are working with an application, you open it, do some changes and then you close it.
This is much like a Session. The computer knows who you are. It knows when you start the application
and when you end. But on the internet there is one problem: the web server does not know who you
are and what you do because the HTTP address doesn't maintain state.
A PHP session solves this problem by allowing you to store user information on the server for
later use (i.e. username, shopping items, etc). However, session information is temporary and will be
deleted after the user has left the website (by closing the browser). If you need a permanent storage
you may want to store the data in a database.
Sessions work by creating a unique id (UID) for each visitor and store variables based on this
UID. The UID is either stored in a cookie or is propagated in the URL.
A session can be started by writing the statement session_start();
There is no need to close a session, because, a session is closed automatically, when the user
closes his browser. Note that, session will not be closed until user closes all opened tabs and windows of
that browser.
5.4

Create and use sessions

1.php
<?php
session_start();
$_SESSION['a']=10;
echo '<a href="2.php">Click to goto page 2</a>';
?>
2.php
<?php
session_start();
$_SESSION['a']++;
echo $_SESSION['a'];
?>
<?php
//To track number of visits to a page
error_reporting(E_ALL ^ E_NOTICE); //to bypass
notices
session_start();
echo
"Total
number
of
visits:
".++$_SESSION["tnv"];
?>

Difference between cookie and session variables: Session expires when user turns off his machine (or
browser). Cookie continues to exist until its expiration time, even if the user turns off his machine (PC).
Cookies are the chunks of information written by the web site to the visitors computer hard drive.