Register now or log in to join your professional community.
Both cookies and sessions are used to keep user-specific information in order to track a user. A lot of times you can use either one, but they have some differences.
A cookie is a text file kept on the user's machine. Every time the users visits your site he hands over the cookie letting you know who he is. The advantage of this is that the information is kept on somebody else's machine so you don't have to worry about it. As such you can leave it there until the cows come home. When/if the user comes back he'll bring the information with him. The downside is that the information is out of your control because the user can easily edit the cookie you gave him. This makes any information in a cookie untrustworthy and has to be checked every time the user gives it to you.
A session is like a cookie except you keep the information on your server. The advantage is that you can trust a session to keep data exactly like it was when you put it in. The downside is that you have to store that information which means that eventually you'll need to discard it lest your webserver fills up with information that will never be used.
To know how cookies work we should know at first what's the cookie?
- a cookie is a small file with the maximum size of 4KB that the web server stores on the client computer and the cookie which created by a user can only be visible to him/her. Other users canot see its value.
so usually the website store the cookies in client browser and the client of course can remove or disable cookies
What's the session then ?
- Session is a global variable stored on the server and each session is assigned to a unique id which is used to retrieve stored values. Whenever a session is created, a cookie containing the unique session id is stored on the user's computer and returned with every request to the server. if the client browser disabled or doesn't support cookies, the unique php session id will be displayed in the url and php will add hidden input to the forms containing the session id. Sessions have the capaxity to store relatively large data compared to cookies and session values are automatically deleted when the browser is closed.
cookie is a file on the client's computer. You can store whatever in it (objects, text, numbers).
$_COOKIE global variable used to access cookie .
A cookie is created with the setcookie(name, value, expire, path, domain, secure, httponly) function.
To modify a cookie, just set (again) the cookie using the setcookie() function
To delete a cookie, use the setcookie() function with an expiration date in the past:
setcookie($cookie_name, "", time() - 3600);
----------------------------------------
Session variables hold information about one single user, and are available to all pages in one application and last until the user closes the browser
Session variables are set with the PHP global variable $_SESSION.
A session is started with the session_start() function
$_SESSION["variable"] = "value"; /* create or modify a session variable */
unset($_SESSION["variable"]) /* delete a session variable */
To remove all global session variables and destroy the session, use session_unset() and session_destroy():
Session and cookies are same process for user verfication . Cookies logs are stored on desktop log files while session are stored on server side. Session has time to end like if there is not any movement on browers for 10 minutes , session will be automatically expied while in cookies you have to end it by your self. And for cookies if you delete cookies for you have relogin.
A session is stored in the system as soon as its registered. There is a standard life period assigned to every session based on php configuration. The session is used to store data in the server.
Cookies are used for storing information but on the client side. Also, more data can be stored in sessions, and it expires when a user closes the browser. On the other hand, cookies that are independent of browser closing, persist data over a long duration of time.
1) When you visit a website for the first time, actually when you do a session_start() on the PHP side, a new session ID is generated (a random string) and sent to the browser as cookie, usually with the name PHPSESSID, so next time you visit the site the same data is loaded back from the session file (which is stored somewhere on the server)
2) If cookie expires before the session the browser won't send the PHPSESSID value, thus a new session ID is generated. It is usually advisable to use an expire time for cookies way longer. When you expire a cookie, you rely on the client's browser to honor your disposition, but to be safe you must expire the session server side.
3) Sessions won't work, every time the client requests a page a new session cookie will be generated
A session id is created for each session whenever a user logged in. That session id is stored by cookie which is sent to server on each request to give server information about the user so that it can find that user's file
For each user a session is created and its session id is stored in cookie. That cookie containing session id is sent to server by each request for the information that which file corresponds to that user.