What is the difference between Sessions and Cookies in PHP

Question

What is the distinction between Sessions and Cookies in PHP

User · Answer

Session

Session is used for maintaining a dialogue between server and user. It is more secure because it is stored on the server, we cannot easily access it. It embeds cookies on the user computer. It stores unlimited data.

Cookies

Cookies are stored on the local computer. Basically, it maintains user identification, meaning it tracks visitors record. It is less secure than session. It stores limited amount of data, and is maintained for a limited time.

User · Answer

Cookies are stored in browser as a text file format It stores limited amount of data  up to 4kb 4096bytes  A single Cookie can not hold multiple values but yes we can have more than one cookie   Cookies are easily accessible so they are less secure  The setcookie   function must appear BEFORE the  tag   Sessions are stored in server side There is no such storage limit on session  Sessions can hold multiple variables Since they are not easily accessible hence are more secure than cookies

User · Answer

The main difference between a session and a cookie is that session data is stored on the server  whereas cookies store data in the visitor   s browser    Sessions are more secure than cookies as it is stored in server  Cookie can be turned off from browser   Data stored in cookie can be stored for months or years  depending on the life span of the cookie  But the data in the session is lost when the web browser is closed

User · Answer

A cookie is a bit of data stored by the browser and sent to the server with every request   A session is a collection of data stored on the server and associated with a given user  usually via a cookie containing an id code

User · Answer

One part missing in all these explanations is how are Cookies and Session linked- By SessionID cookie  Cookie goes back and forth between client and server - the server links the user  and its session  by session ID portion of the cookie   You can send SessionID via url also  not the best best practice  - in case cookies are disabled by client   Did I get this right

User · Answer

A session is a chunk of data maintained at the server that maintains state between HTTP requests   HTTP is fundamentally a stateless protocol  sessions are used to give it statefulness   A cookie is a snippet of data sent to and returned from clients   Cookies are often used to facilitate sessions since it tells the server which client handled which session   There are other ways to do this  query string magic etc  but cookies are likely most common for this

User · Answer

Cookie   is a small amount of data saved in the browser  client-side  can be set from PHP with setcookie and then will be sent to the client s browser  HTTP response header Set-cookie  can be set directly client-side in Javascript  document cookie    foo bar   if no expiration date is set  by default  it will expire when the browser is closed   Example  go on http   example com  open the Console  do document cookie    foo bar    Close the tab  reopen the same website  open the Console  do document cookie  you will see foo bar is still there  Now close the browser and reopen it  re-visit the same website  open the Console   you will see document cookie is empty  you can also set a precise expiration date other than  deleted when browser is closed   the cookies that are stored in the browser are sent to the server in the headers of every request of the same website  see Cookie   You can see this for example with Chrome by opening Developer tools   Network  click on the request  see Headers    can be read client-side with document cookie can be read server-side with   COOKIE  foo   Bonus  it can also be set get with another language than PHP  Example in Python with  bottle  micro-framework  see also here    from bottle import get  run  request  response  get      def index        if request get cookie  visited            return  Welcome back  Nice to see you again      else          response set cookie  visited    yes           return  Hello there  Nice to meet you  run host  localhost   port 8080  debug True  reloader True     Session   is some data relative to a browser session saved server-side each server-side language may implement it in a different way in PHP  when session start    is called    a random ID is generated by the server  e g  jo96fme9ko0f85cdglb3hl6ah6 a file is saved on the server  containing the data  e g   var lib php5 sess jo96fme9ko0f85cdglb3hl6ah6 the session ID is sent to the client in the HTTP response headers  using the traditional cookie mechanism detailed above  Set-Cookie  PHPSESSID jo96fme9ko0f85cdglb3hl6ah6  path        it can also be be sent via the URL instead of cookie but not the default behaviour  you can see the session ID on client-side with document cookie     the PHPSESSID cookie is set with no expiration date  thus it will expire when the browser is closed  Thus  sessions  are not valid anymore when the browser is closed   reopened  can be set read in PHP with   SESSION the client-side does not see the session data but only the ID  do this in index php    lt  php session start      SESSION  abc    def     gt    The only thing that is seen on client-side is  as mentioned above  the session ID    because of this  session is useful to store data that you don t want to be seen or modified by the client you can totally avoid using sessions if you want to use your own database   IDs and send an ID token to the client with a traditional Cookie

User · Answer

Cookies are used to identify sessions  Visit any site that is using cookies and pull up either Chrome inspect element and then network or FireBug if using Firefox   You can see that there is a header sent to a server and also received called Cookie  Usually it contains some personal information  like an ID  that can be used on the server to identify a session  These cookies stay on your computer and your browser takes care of sending them to only the domains that are identified with it   If there were no cookies then you would be sending a unique ID on every request via GET or POST  Cookies are like static id s that stay on your computer for some time   A session is a group of information on the server that is associated with the cookie information  If you re using PHP you can check the session save path location and actually  see sessions   They are either files on the server filesystem or backed in a database

[php] What is the difference between Sessions and Cookies in PHP?

Session

Cookies

Examples related to php

Examples related to session

Examples related to cookies

Examples related to session-state

Examples related to session-cookies