Cookies and sessions are mechanisms to store and use information from any page on your site. A cookie is a small file kept on the client's computer that can be used to store data relating to that user.
Cookies achieve this by storing very small files on the user's computer. They are used to hold information that identifies the user, whether or not they are logged in, or other information the user needs to achieve their full experience with the site. Cookies can be set to expire after a fixed amount of time, or forever, by setting an expiration date far after the computer or user is likely to still be around.
For example, you could send a cookie that contains the user's name. The cookie could then be stored on the user’s computer and the next time the user visits the site, the cookie would be sent to your program, which would then present a personalized greeting.
To create a cookie, the setcookie function is used. This function must be called before any output is sent to the browser. It has three mandatory parameters that contain the name, value, and expiration date of the cookie.
setcookie("lastvisit", date("H:i:s"), time() + 60*60);
The value here is set with the date function, which returns a string formatted according to the specified format string. The expiration date is measured in seconds and is usually set relative to the current time in seconds retrieved through the time function. In this example, the cookie expires after one hour.
Once the cookie has been set for a user, this cookie is sent along the next time that user views the page; it can then be accessed through the $_COOKIE array.
echo "Last visit: " . $_COOKIE['lastvisit'];
A cookie can be deleted manually by re-creating that same cookie with an old expiration date. It is then removed when the browser is closed.
setcookie("lastvisit", 0, 0);
Sessions allow the same storing of information, but achieve it by storing the information on the server (instead of the user's computer) for a fixed amount of time (usually up to 15 minutes unless the user stays active).
A session in PHP is a secure way to track a user from page to page. With a session, you can store information about users, such as their e-mail address, name, phone number, and whatever other details you have, and automatically fill in that information wherever it’s needed on the site. For example, say that on login you load the user’s first name and e-mail address from your user database. You can store that information in a session, essentially hidden from the user, until you use it.
Starting a Session
To begin a session, the session_start function is used. This function must appear before any output is sent to the web page.
<?php session_start(); ?>
The session_start function sets a cookie on the client’s computer, containing an id used to associate the client with the session. If the client already has an ongoing session, the function resumes that session instead of starting a new one.
You use session variables as you would any other variables. Sessions are stored in an array called $_SESSION. You store values just as you would with a named array in PHP. For example, you can keep track of an e-mail address and name like this:
$_SESSION[‘emailAddress’] = “firstname.lastname@example.org”;
$_SESSION[‘firstName’] = “Steve”;
You can also use sessions to keep track of information filled in on a web form without having to carry that information through the site in hidden form variables.
Deleting a Session
A session is guaranteed to last until the user leaves the web site. Then, the garbage collector is free to delete that session. To manually remove a session variable, the unset function can be used. For removing all session variables, there is the session_destroy function.
unset($_SESSION['views']); // destroy session variable
session_destroy(); // destroy session