Both cookies and sessions are available to you as a PHP developer, and both accomplish much the same task of storing data across pages on your site. However, there are differences between the two that will make each favourable in their own circumstance.
Cookies can be set to a long lifespan, which means that data stored in a cookie can be stored for months if not years. Cookies, having their data stored on the client, work smoothly when you have a cluster of web servers, whereas
sessions are stored on the server, meaning in one of your web servers handles the first request, the other web servers in your cluster will not have the stored information.
Sessions are stored on the server, which means clients do not have access to the information you store about them - this is particularly important if you store shopping baskets or other information you do not want you visitors to be able to edit by hand by hacking their cookies. Session data, being stored on your
server, does not need to be transmitted with each page; clients just need to send an ID and the data is loaded from the local file. Finally, sessions can be any size you want because they are held on your server, whereas many web browsers have a limit on how big cookies can be to stop rogue web sites chewing up gigabytes of data with meaningless cookie information.
So, as you can see, each have their own advantages, but at the end of the day it usually comes down one choice: do you want
your data to work when you visitor comes back the next day? If so, then your only choice is cookies - if you have any particularly sensitive information, your best bet is to store it in a database, then use the cookie to store an ID number to reference the data. If you do not need semi-permanent data, then sessions are generally preferred, as they are a little easier to use, do not require their data to be sent in entirety with each page, and are also cleaned up as soon as your visitor closes
their web browser.
Want to learn PHP 7?
Hacking with PHP has been fully updated for PHP 7, and is now available as a downloadable PDF. Get over 1200 pages of hands-on PHP learning today!
If this was helpful, please take a moment to tell others about Hacking with PHP by tweeting about it!
Next chapter: Cookies >>
Previous
chapter: Cookies and Sessions
Jump to:
Home: Table of Contents
Copyright ©2015 Paul Hudson. Follow me: @twostraws.
next → ← prev
The Session and cookies are used by different websites for storing user's data across different pages of the site. Both session and cookies are important as they keep track of the information provided by a visitor for different purposes. The main difference between both of them is
that sessions are saved on the server-side, whereas cookies are saved on the user's browser or client-side. Apart from this, there are also various other differences between both. In this topic, we will understand the detailed description of sessions and cookies and how both are differentiated from each other.
What is a Session?
- A session is used to temporarily
store the information on the server to be used across multiple pages of the website. It is the total time used for an activity. The user session starts when he logs-in to a particular network application and ends when the user logs out from the application or shutdowns the system.
- When we work on an application over the internet, the webserver doesn't know the user because the HTTP protocol does not maintain the state. The information provided by the user on one page of the
application (Let's say Home) will not be transferred to another page. To remove this limitation, sessions are used. Session gets started whenever a visitor first enters a website.
- The user information is stored in session variables, and these variables can store any type of value or data type of an Object.
- Session values are much secured as these are stored in binary form or encrypted form and can only be decrypted at the server. The session values are automatically removed when
the user shutdowns the system or logout from the application. To store the values permanently, we need to store them in the database.
- Each session is unique for each user, and any number of sessions can be used in an application; there is no limitation to it.
- The user is identified with the help of sessionID, which is a unique number saved inside the server. It is saved as a cookie, form field, or URL.
Working of Session
The
working of a session can be understood with the help of the below diagram:
- In the first step, the client request to the server via GET or POST method.
- The sessionID is created on the server, and it saves the sessionID into the database. It returns the sessionId with a cookie as a response to the client.
- Cookie with sessionID stored on the
browser is sent back to the server. The server matches this id with the saved sessionID and sends a response HTTP200
Why Use Session?
- Sessions are used to store information such as UserID over the server more securely, where it cannot be tempered.
- It can also transfer the information in the form of value from one web page to another.
- It can be used as an alternative to cookies for browsers that don't support cookies to store variables in
a more secure way.
What is Cookie?
- A cookie is a small text file that is stored on the user's computer. The maximum file size of a cookie is 4KB. It is also known as an HTTP cookie, web cookie, or internet Cookie. Whenever a user visits a website for the first time, the site sends packets of data in the form of a cookie to the user's computer.
- The cookies help the websites to keep track of the user's browsing history or cart
information when they visit their sites.
- It stores only the "String" data type.
- The information stored within cookies is not secure because this information is stored in text-format on the client-side, which can be read by anyone.
- We can enable or disable the cookies as per the requirement.
- The cookies generated by a user are only be shown to them, and no other user can see those cookies.
- Cookies are created and shared between the server and browser with
the help of an HTTP header.
- The path where the cookies are saved is decided by the browser, as Internet explorer usually stored them in Temporal Internet File Folder.
- When we visit YouTube channel and search for some songs, next time whenever we visit YouTube, cookies read our browsing history and shows similar songs or last played songs.
Creating Cookies with PHP
To create a cookie in PHP, we need to use the setcookie()
function, and it must appear before the tag. The syntax of this function is given below:
Syntax:
Example:
setcookie("Userid", "1005", "time()+3600");
Cookies Attribute:
- Name: It defines the name of the cookie.
- Value: It defines the value of the cookie.
- Expire: It specifies the time when the cookie will expire. If it is not used or
set as 0, cookies will be deleted at the end of the session.
- Path: It defines the server path of the cookie. If it is set to "/", the cookie will be available within the complete domain.
- Domain: It defines the domain name of the cookies. If we set it "javatpoint.com", it will be available for all subdomains of javatpoint.com.
- Secure: It specifies that if the cookies are only transmitted over HTTPS or not.
If it is set True, it means cookies will only be set for the secured connection.
- HTTPOnly: If it is set to TRUE, the cookies will be accessible through the HTTP protocol.
Why use Cookies?
HTTP is a stateless protocol; hence it does not store any user information. For this purpose, we can use Cookies. It allows us to store the information on the user's computer and track the state of applications.
Key Differences between Session and Cookies
- Sessions are server-side files that store the user information, whereas Cookies are client-side files that contain user information on a local computer.
- Sessions are cookies dependent, whereas Cookies are not dependent on Session.
- The session ends when the user closes the browser or logout from the application, whereas Cookies expire at the set time.
- A session can store as much data as a user want, whereas Cookies have a limited size of 4KB.
Difference
table between Cookies and Session
| Session | Cookies |
|---|
| A session stores the variables and their values within a file in a temporary directory on the server.
| Cookies are stored on the user's computer as a text file.
|
| The session ends when the user logout from the application or closes his web browser.
| Cookies end on the lifetime set by the user.
|
| It can store an unlimited amount of data.
| It can store only limited data.
|
| We can store as much data as we want within a session, but there is a maximum memory limit, which a script can use at one time, and it is 128 MB.
| The maximum size of the browser's cookies is 4 KB.
|
| We need to call the session_start() function to start the session.
| We don't need to call a function to start a cookie as it is stored within the local computer.
|
| In PHP, to set a session data, the $_SESSION global variable is used.
| In PHP, to get the data from cookies, the $_COOKIE global variable is used.
|
| In PHP, to destroy or remove the data stored within a session, we can use the session_destroy() function, and to unset a specific variable, we can use the unset() function.
| We can set an expiration date to delete the cookie's data. It will automatically delete the data at that specific time. There is no particular function to remove the data.
|
| Sessions are more secured compared to cookies, as they save data in encrypted form.
| Cookies are not secure, as data is stored in a text file, and if any unauthorized user gets access to our system, he can temper the data.
|
Conclusion
From the above discussion, we can have a better understanding of cookies and sessions and the differences between them. Hence, we can conclude that session is a way to temporarily store the user information on the server-side, whereas cookies store the information on the user's computer until it expires.
Next TopicDifference between
← prev next →
What is the difference between PHP session and cookie?
Cookies are client-side files on a local computer that hold user information. Sessions are server-side files that contain user data. Cookies end on the lifetime set by the user. When the user quits the browser or logs out of the programmed, the session is over.
What are the differences between session and cookie?
Cookies are client-side files that are stored on a local computer and contain user information. Sessions are server-side files that store user information. Cookies expire after the user specified lifetime. The session ends when the user closes the browser or logs out of the program.
What are PHP cookies and PHP session?
A session is a global variable stored on the server. Each session is assigned a unique id which is used to retrieve stored values. Whenever a session is created, a cookie containing the unique session id is stored on the user's computer and returned with every request to the server.
Which is better session or cookie?
Session is safer for storing user data because it can not be modified by the end-user and can only be set on the server-side. Cookies on the other hand can be hijacked because they are just stored on the browser.
