Thursday, September 19, 2013

PHP Sessions vs. Cookies

As a beginning PHP developer, you may have heard of sessions or cookies before. But do you truly understand what they are and when to use them? if not use the following post to get about it.


Session variables are stored on the server side.

Session variables are stored on the server side in a temporary directory. The only accessible data to the client is the session ID. If this ID is changed or lost, it will break the connection with the session. By default, a session variable will be kept alive for 1440 seconds, or 24 minutes. This default value is set by the variable session.gc_maxlifetime in the PHP configuration file, or php.ini. In the following snippet, let's create a session and fill the $_SESSION variable with the first and last name of the user, which will be retrieved from a HTML form.
    // Check if the form has been submitted (using a form with the GET method is optional)
    if (!empty($_POST)) {
        // Start the session to access its variables
        session_start();  //start session

        // Get the first name and last name from the form POST data
        $first_name = $_POST['firstName'];
        $last_name = $_POST['lastName'];

        // Fill in the session variables with the name variables
        $_SESSION['first_name'] = $first_name;  //naming session
        $_SESSION['last_name'] = $last_name;

In simple way you can set session in following manner:
    // In another file, we can access the session variables easily
    echo 'Welcome back '.$_SESSION['first_name'].'!';


Cookies are stored on the client side.

Unlike session variables, cookies are stored on the client side. This means that users will be able to access these cookies and possibly modify them using JavaScript or a regular browser extension Therefore, it is wise to store significant/personal data with sessions instead of cookies. To create a cookie, use the setcookie() function as follows. The function accepts the cookie's name, data, and expiration date as parameters (in respective order).
    // Makes a cookie with the user's first name, which is retrieved using a POST form as shown previously
    // For now, I'll use a sample value
    $first_name = 'John';

    // The name of the cookie is first_name
    // The value is the variable above, or John
    // The expiration date is 1 day from now as 86400 seconds = 1 day
    setcookie('first_name', $first_name, time() + 86400);

we can retrieve the cookie using the $_COOKIE variable in PHP.
    echo 'Hello '.$_COOKIE['first_name'].'!';

delete a cookie:
    setcookie('first_name', '', time() - 3600); // 3600 seconds = 1 hour

No comments:

Post a Comment