In web development, HTTP is a stateless protocol, meaning once a page is loaded, the server forgets everything about the user. Sessions and Cookies are the two primary mechanisms PHP uses to overcome this, allowing a website to “remember” a user between page visits.
1. Cookies (Client-Side Storage)
A Cookie is a small piece of data (a text file) that is stored directly on the user’s computer (the client).
| Feature | Description |
| Storage | Client’s browser/computer. |
| Use Case | Tracking preferences, “Remember Me” login tokens, tracking user visits. |
| Security | Less secure. Data is visible and editable by the user. |
Creating a Cookie
To create a cookie, you use the setcookie() function. This function must be called before any HTML or output is sent to the browser.
| Parameter | Purpose |
| Name | The unique name of the cookie (e.g., user_pref). |
| Value | The data to store (e.g., dark_mode). |
| Expire | The time (in seconds since the Unix epoch) when the cookie should expire. |
Example: Storing a User Preference
This cookie will last for 30 days (60 seconds * 60 minutes * 24 hours * 30 days).
PHP
<?php
$cookie_name = "user_preference";
$cookie_value = "compact_layout";
// Set the cookie to expire in 30 days
setcookie($cookie_name, $cookie_value, time() + (86400 * 30), "/");
?>
Retrieving a Cookie
Cookies are retrieved using the built-in Superglobal array, $_COOKIE.
PHP
<?php
if (isset($_COOKIE['user_preference'])) {
echo "Your preferred layout is: " . $_COOKIE['user_preference'];
} else {
echo "No preferences saved.";
}
?>
2. Sessions (Server-Side Storage)
A Session is a way to store data on the server for a specific user. The server assigns the user a unique Session ID (which is usually stored as a temporary cookie) and uses this ID to retrieve the user’s data during subsequent page visits.
| Feature | Description |
| Storage | Server’s temporary directory. |
| Use Case | User login status, shopping cart contents, temporary flash messages. |
| Security | More secure. Sensitive data is never exposed on the client’s machine. |
Starting a Session
The session_start() function must be called at the very beginning of every page that needs to use session data.
Storing and Retrieving Session Data
Session data is stored and retrieved using the built-in Superglobal array, $_SESSION.
Example: Tracking a Login Status
PHP
<?php
// Start the session on every page
session_start();
// 1. Storing data (e.g., after successful login)
$_SESSION["user_id"] = 101;
$_SESSION["is_logged_in"] = true;
// 2. Retrieving data on a different page
if ($_SESSION["is_logged_in"] === true) {
echo "Welcome back, User ID: " . $_SESSION["user_id"];
}
?>
Destroying a Session (Logout)
To log a user out, you need to destroy the session data on the server.
PHP
<?php
session_start();
// 1. Unset all session variables
session_unset();
// 2. Destroy the session itself
session_destroy();
echo "You have been logged out.";
?>
Key Difference Summary
| Feature | Cookie | Session |
| Data Location | User’s browser (Client) | Server (Temporary storage) |
| Size Limit | Small (typically 4KB per cookie) | Limited only by server resources |
| Lifespan | Can be permanent (set with expire time) | Usually expires when the browser window is closed |
| Use Case | Preferences, tracking | Login status, cart contents |
Next Steps
We’ve covered the fundamentals of dynamic web apps. The next crucial step is learning how to interact with a database, which is necessary for any modern application. The next chapter will cover “PHP and MySQL: Database Connection.”
