Difference between Cookie and Session in PHP

Relation  or Difference between session and cookies in php Cookies and sessions both are used to store values or data,But there are some differences a cookie stores the data in your browser memory and a session is stored on the server.

A cookie is a bit of data stored by the browser and sent to the server with every request.

A session is a collection of data stored on the server and associated with a given user (usually via a cookie containing an id code)

Cookie data is available in your browser up to expiration date and session data available for the browser run, after closing the browser we will lose the session information.

Cookies can only store string data,but session stored any type of data.

we could be save cookie for future reference, but session couldn’t. When users close their browser, they also lost the session.

Cookies are unsecured,but sessions are highly Secured.

You lose all the session data once you close your browser, as every time you re-open your browser, a new session starts for any website.

Cookies stores some information like the username, last visited Web pages etc. So that when the customer visits the same site again, he may have the same environment set for him. You can store almost anything in a browser cookie.when you check the ‘Remember Password’ link on any website, a cookie is set in your browser memory, which exists there in the browser until manually deleted. So, when you visit the same website again, you don’t have to re-login.

Session Basics

Sessions are simply server-side cookies each with a corresponding client side cookie that contains only a reference to its server-side counterpart. When a user visits a page, the client sends the reference code to the server, and PHP will then match that reference code to a server-side cookie and load the data in the server’s cookie into the $_SESSION superglobal.

PROS

1. Can store very large amounts of data easily.
2. Save bandwidth by passing only a reference to the session each pageload. A client-side cookie has to pass all of its data.
3. Data is stored on the web server. This makes sessions secure, because the data cannot be viewed or edited by the client.

CONS

1. Ends when the browser is closed unless you’ve configured php.ini to extend sessions’ cookie lifetime. Cannot last forever.

Cookie Basics

Cookie data is sent to the web server every page load. PHP reads and stores the value into the $_COOKIE superglobal. When a cookie is created, you can give it a lifespan. After that lifespan runs out, it will expire.

PROS

1. Can last as long as the website needs. They will still be there even if the browser is closed and reopened.
2. Useful for “remember me” logins
3. Useful for storing temporary user settings. For example, if a user is browsing a paginated list of items, sorted a certain way, the sorting setting can be stored in a cookie.

CONS

1. Stored in the users filesystem. This means that the user can tamper with it and view it.
2. Can only store a limited amount of data.
3. Must pass all data to the webserver each pageload. This takes up more bandwidth.

Cookies in Action

CREATING A COOKIE

The function definition:

bool setcookie ( string name [, string value [, int expire [, string path [, string domain [, int secure]]]]])

1 2 3 4 5

<?php     if (!isset($_COOKIE['Ordering'])) {         setcookie("Ordering", $_POST['ChangeOrdering'], time() + 31536000);     } ?>

USING A COOKIE

1 2 3

<?php     echo (isset($_COOKIE[‘ordering’])) ? $_COOKIE[‘ordering’] : ‘cookie value not set’; ?>

DELETING A COOKIE

1	<?php setcookie(‘favorite_color’); ?>

Setting a cookie with no value is the same as deleting it. This will not remove the file from the client computer. To do this, you can set the cookie expiration date to a time in the past, and the browser will take care of it.

Sessions in Action

CREATING A SESSION

1	<?php session_start(); ?>

This must be called near the top of your code before any output. When you call this function, PHP will check to see if the user sent a session cookie. If so, it will load the session data into $_SESSION. If not, it will create a new session file on the server and send the ID back to the client.

SETTING A VALUE

1	<?php $_SESSION[‘first_name’] = ‘Brian’; ?>

READING A SESSION VALUE

1	<?php echo $_SESSION[‘first_name’]; ?>

REMOVING SESSION DATA

1	<?php unset($_SESSION[‘first_name’]); ?>

ENDING A SESSION

<?php session_destroy(); ?> ********************************************************************************

Destroying a PHP Session:

A PHP session can be destroyed by session_destroy() function. This function does not need any argument and a single call can destroy all the session variables. If you want to destroy a single session variable then you can use unset() function to unset a session variable.

Here is the example to unset a single variable:

<?php unset($_SESSION['counter']); ?>

Here is the call which will destroy all the session variables:

<?php session_destroy(); ?>

Turning on Auto Session:

You don't need to call start_session() function to start a session when a user visits your site if you can set session.auto_start variable to 1 in php.ini file.