Sessions and Cookies:
Cookies Vs Sessions: The main difference between cookies and sessions is that cookies are stored on the client side while sessions are stored on the server side.
Cookies:
A cookie is a file that is stored on the client computer when visiting a website. They are typically used to store user preferences e.g. Cookies store the order, in which users want their news to be printed etc. More often than not, they are used to store any non-sensitive data on client computer. When you create a cookie, you need to specify how long you want it to be valid, and once done, it will reside on the client computer till that date until it ‘expires.’ Once a cookie has been created, the visitor’s browser will automatically send it to the web server each time the visitor visits our site. PHP then reads this value into the superglobal array: $_COOKIE, which a developer can then use to read the concerned cookie’s value as $value = $_COOKIE[‘name’];
Usage:
Following is the syntax to create a cookie:
setcookie(name,value,expire,path,domain,secure,httponly);
where:
name => name of the cookie to be stored on the client’s computer.
value => value the cookie will hold.
expire => the expiry period of the cookie
path => the path on the server in which the cookie will be available on. Default value is the current directory that the cookie is being set in.
domain => the domain on which the cookie will be available.
secure => indicates that the cookie will be transmitted only over a secure http connection i.e. only over an https:// request.
httponly => This parameter was added in PHP 5.2 and above. When set to TRUE, the cookie will be accessible only via an http protocol. It cannot be accessed by Javascript anymore.
e.g. Let us set a cookie that will expire 2 days from now. It’s typical syntax will be:
$cookieValue = “test data”;
setcookie(‘testcookie’, $cookieValue,time()+172800,’/foo’,’example.com’,1);
The above declaration will create a cookie named “testcookie” with the given value and will expire after 2 days. 2 days = 24*60*60*2 = 172800 seconds. In addition, it will available within the directory /foo and all sub-directories such as /foo/test of the domain : example.com.
Please note: The secure parameter being set to 1, indicates that the cookie will be available only on a secured HTTP connection i.e. over an https:// request only.
Sessions: A session is nothing but a combination of a client-side cookie and server-side cookie. The client-side cookie contains a reference to the server side cookie which is stored on the web server. So, when a user visits a website, the client’s browser sends the reference code to the web server which in turn loads the corresponding data.
Advantages of such a combination of a client side and server side cookie representing a session are:
1. The server-side cookie can contain very large amounts of data with no hassle - client-side cookies are limited in size.
2. The client-side cookie contains nothing other than a small reference code - as this cookie is passed each time someone visits a page on your site, you are saving a lot of bandwidth by not transferring large client-side cookies around.
3. Session data is much more secure - only you are able to manipulate it, as opposed to client-side cookies which are editable by all.
Usage:
session_start();
$_SESSION[‘firstName’] = “Jim”;
print $_SESSION[‘firstName’];
unset($_SESSION[‘firstName’]);
session_destroy();
As shown above, when you call session_start(), PHP will check to see if the client computer’s browser has sent a session cookie, if it did, then PHP will load the session data. Otherwise, PHP will create a new session file on the server and send an ID back to the client computer to associate it with the new file. To remove a specific value from a session, use unset() function. It is important that you should unset only specific elements of the $_SESSION array, not the $_SESSION array itself, because doing so would leave you without any way to manipulate the session data at all.
