PHP Session Vs Cookies

Sessions and cookies are the global storages used to store data to be persistently available all over the site. These globals can be accessed from anywhere. In PHP, there are predefined global array variables $_SESSION and $_COOKIES to contain session and cookies data, respectively. Sessions are stored in the server and the cookies are preserved only at the client side browser level.

In this tutorial, we are going to learn how the create, access and destroy PHP sessions and cookies variables. Also, we are going learn how to set an expiration time for session and cookies data. In a previous tutorial, while discussing the features of PHP, we have seen about super global variables.

global-access

Working with Session

In this section, we are going to see the following to work with PHP sessions. These are,

  • Starting session
  • Storing session variable
  • Accessing session variable
  • Clearing session variable

Starting Session

PHP has a built-in function named as session_start(). This function is used to start a new session or to resume an existing session. By starting the session, it will call session handlers to read and return current session data by using the callback functions. As of PHP version 7, this function can have an associative array of options as its argument. Using these options, we can overwrite the default session configurations.

Storing Session Variable

The $_SESSION array is used to create a session variable. In the following code, I have created a new session with the index named as tagName.

session_start();
$_SESSION["tagName"] = "PHP";

Accessing Session Variable

Once the data is stored in a session variable, then it is in global scope and can be accessed from any PHP file.

session_start();
$tag = $_SESSION["tagName"];
echo "Welcome to $tag world!";

Clearing Session Variable

PHP provides functions to clear existing session data. Those are, session_destroy(), session_unset() and more.

The session_destroy() function is used to clear all the current session data. After destroying the session, we have to reload the page to see that the session is cleared.

To make the session_destroy() action to show immediate effect, we can call session_unset() or unset() function to clear session data. Code shows an example to clear session variable.

session_start();
session_destroy();
echo $_SESSION["tagName"];//session remains until refresh
unset($_SESSION["tagName"]);
echo $_SESSION["tagName"];//session no more;

PHP Cookies

In this section, we are going to learn how to set data to the cookies array and use them all over the site. 

Setting cookies

In PHP, we can set cookies by using setcookie(), setrawcookie() or header() function. setrawcookie() is same as setcookie(), but differs by setting the raw value of the cookie with the header without encoding. These function must be used before sending any output to the browser. Otherwise, the cookie data will not be set with the header information. 

While setting cookies, it needs information like cookies name, domain, expiration time and more. The following Code shows the usage example for setting cookies by using the header() and setcookie() functions.

header("Set-Cookie: platform=php; expires=Mon, 20-April-13 17:30:48 GMT; path=/; domain=phppot.com");

or

setcookie("platform", "php", time()+7200, "/", ".phppot.com", 0);

Accessing cookies

PHP cookies can be accessed by using $_COOKIE variable. Also, we can use the other superglobals like $_SERVER, $_ENV and PHP getenv() function to access cookies by specifying HTTP_COOKIE index as shown in the code below. But, $_COOKIE has the guaranteed access in all the server compare to the other global variables. Because some server configuration will not allow us access $_SERVER, $_ENV variables.

echo $_COOKIE["platform"]; // Output: php
// OR
echo $_SERVER[‘HTTP_COOKIE’]; // Output: platform=php
echo getenv(‘HTTP_COOKIE’); // Output: platform=php

This PHP code tutorial was published on April 17, 2013.

↑ Back to Top