Cookies and sessions are mechanisms to store and use information from any page on your site.


Cookies achieve this by storing very small files on the user’s computer. They are typically used to hold information that identifies the user, whether or not they are logged in, or other information the user needs to achieve their full experience with the site. Cookies can be set to expire after a fixed amount of time, or forever, by setting an expiration date far after the computer or user is likely to still be around.

For example, you could send a cookie that contains the user's name. The cookie could then be stored on the user’s computer and the next time the user visits the site, the cookie would be sent to your program, which would then present a personalized greeting.


Sessions allow the same storing of information, but achieve it by storing the information on the server (instead of the user's computer) for a fixed amount of time (usually up to 15 minutes unless the user stays active). 

This means sessions will still work even when the user’s security settings block cookies. The use of cookies can be disabled a number of ways such as the use of security software, browser settings, and ad blockers.

A session in PHP is a secure way to track a user from page to page. With a session, you can store information about users, such as their e-mail address, name, phone number, and whatever other details you have, and automatically fill in that information wherever it’s needed on the site. For example, say that on login you load the user’s first name and e-mail address from your user database. You can store that information in a session, essentially hidden from the user, until you use it.

You use session variables as you would any other variables. Sessions are stored in an array called $_SESSION. You store values just as you would with a named array in PHP. For example, you can keep track of an e-mail address and name like this:

$_SESSION[‘emailAddress’] = “”;
$_SESSION[‘firstName’] = “Steve”;

You can also use sessions to keep track of information filled in on a web form without having to carry that information through the site in hidden form variables.