Topic: PHP Basics – Part 9 of 10: Sessions, Cookies, and State Management
---
1. Why Use Sessions and Cookies?
• HTTP is stateless – every request is independent.
• To remember users or store temporary data (like login), we use sessions and cookies.
---
### 2. Sessions in PHP
• Sessions store data on the server.
---
Starting a Session
• This creates a unique session ID per user and stores data on the server.
---
Accessing Session Data
---
Destroying a Session
---
Use Cases for Sessions
• Login authentication
• Shopping carts
• Flash messages (e.g., "You’ve logged out")
---
### 3. Cookies in PHP
• Cookies store data on the client’s browser.
---
Setting a Cookie
• Syntax:
---
Accessing Cookie Values
---
Deleting a Cookie
---
Session vs Cookie
| Feature | Session | Cookie |
| ---------- | -------------------------------- | ------------ |
| Storage | Server-side | Client-side |
| Size Limit | Large (server) | \~4KB |
| Expiry | On browser close or set manually | Manually set |
| Security | More secure | Less secure |
---
### 4. Best Practices
• Always use
• Use secure flags (
---
5. Session Timeout Handling
---
6. Flash Messages with Sessions
---
### 7. Summary
• Sessions are best for storing temporary and secure server-side user data.
• Cookies are useful for small, client-side persistent data.
• Use both wisely to build secure and dynamic web applications.
---
Exercise
• Create a login form that stores the username in a session.
• Set a welcome cookie that lasts 1 day after login.
• Display both the session and cookie values after login.
---
#PHP #Sessions #Cookies #Authentication #PHPTutorial #BackendDevelopment
https://t.iss.one/Ebooks2023
---
1. Why Use Sessions and Cookies?
• HTTP is stateless – every request is independent.
• To remember users or store temporary data (like login), we use sessions and cookies.
---
### 2. Sessions in PHP
• Sessions store data on the server.
---
Starting a Session
<?php
session_start(); // Always at the top
$_SESSION["username"] = "Ali";
?>
• This creates a unique session ID per user and stores data on the server.
---
Accessing Session Data
<?php
session_start();
echo $_SESSION["username"]; // Output: Ali
?>
---
Destroying a Session
<?php
session_start();
session_unset(); // Remove all session variables
session_destroy(); // Destroy the session
?>
---
Use Cases for Sessions
• Login authentication
• Shopping carts
• Flash messages (e.g., "You’ve logged out")
---
### 3. Cookies in PHP
• Cookies store data on the client’s browser.
---
Setting a Cookie
setcookie("user", "Ali", time() + (86400 * 7)); // 7 days• Syntax:
setcookie(name, value, expiration, path, domain, secure, httponly)---
Accessing Cookie Values
echo $_COOKIE["user"];
---
Deleting a Cookie
setcookie("user", "", time() - 3600); // Expire it in the past---
Session vs Cookie
| Feature | Session | Cookie |
| ---------- | -------------------------------- | ------------ |
| Storage | Server-side | Client-side |
| Size Limit | Large (server) | \~4KB |
| Expiry | On browser close or set manually | Manually set |
| Security | More secure | Less secure |
---
### 4. Best Practices
• Always use
session_start() before outputting anything.• Use secure flags (
secure, httponly) when setting cookies.setcookie("auth", "token", time()+3600, "/", "", true, true);---
5. Session Timeout Handling
session_start();
$timeout = 600; // 10 minutes
if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > $timeout)) {
session_unset();
session_destroy();
echo "Session expired.";
}
$_SESSION['LAST_ACTIVITY'] = time();
---
6. Flash Messages with Sessions
// Set message
$_SESSION["message"] = "Login successful!";
// Display then clear
if (isset($_SESSION["message"])) {
echo $_SESSION["message"];
unset($_SESSION["message"]);
}
---
### 7. Summary
• Sessions are best for storing temporary and secure server-side user data.
• Cookies are useful for small, client-side persistent data.
• Use both wisely to build secure and dynamic web applications.
---
Exercise
• Create a login form that stores the username in a session.
• Set a welcome cookie that lasts 1 day after login.
• Display both the session and cookie values after login.
---
#PHP #Sessions #Cookies #Authentication #PHPTutorial #BackendDevelopment
https://t.iss.one/Ebooks2023
📌 How to Use Postman Scripts to Simplify Your API Authentication Process
✍️ Orim Dominic Adah
🏷️ #authentication
✍️ Orim Dominic Adah
🏷️ #authentication
❤1