PHP Sessions and Cookies

When a user interacts with a web application, the server needs to keep track of the user's state across multiple requests. PHP provides two mechanisms to maintain user state: sessions and cookies.

Sessions

A session is a way to store user data on the server and associate it with a unique session ID that is sent to the client as a cookie. Here's an example of how to use sessions in PHP:

In the above example, we first start a new session using the session_start() function. We can then set session variables using the $_SESSION superglobal array and retrieve session variables by accessing the array with the appropriate key.

When we're done with the session, we can end it using the session_destroy() function. Note that calling this function deletes all session data, so use it with caution.

Cookies

A cookie is a small text file that is stored on the client's computer and sent to the server with every request. Cookies can be used to store user data that needs to persist across sessions. Here's an example of how to use cookies in PHP:

In the above example, we use the setcookie() function to set a cookie with the name "name" and the value "John". The third parameter specifies the cookie's expiration time, and the fourth parameter specifies the cookie's path.

We can retrieve a cookie by accessing the $_COOKIE superglobal array with the appropriate key. When we're done with a cookie, we can delete it by setting its value to an empty string and setting its expiration time to a time in the past.

It's important to note that both sessions and cookies can be used for malicious purposes, such as session hijacking and cross-site scripting (XSS) attacks. Make sure to validate and sanitize all user input and store sensitive data securely.