Sessions and cookies in PHP

Files in PHP
PHP Filters -Validation and Sanitization

Web pages need to store the data temporarily or permanently to perform the request and response operations successfully. Almost every web development language provides sessions and cookies to store the client and server information. It is responsible for smooth experience and security. In this PHP tutorial, you will learn about PHP sessions and cookies. So, let’s dive into it.

What are Cookies in PHP?

Cookies are small files in the storage of the client’s computer. These cookies are store in the browser and can contain information related to the user, request, response, and server. These cookies go with the request to the server which allows the server to identify the user.

A user can also create its own cookies and store data in them. Later, the user can access these cookies.

How to create a cookie in PHP?

PHP setcookies() method creates a new cookie.

setcookie(name, value, expire, path, domain, secure, httponly);

In the above general syntax of PHP cookie, only the first parameter is required that is the name of the cookie. The rest of the parameters are optional.

setcookie("my_first_cookie","It contains string");

How to get cookies and their value in PHP?

All cookies store in the PHP $_COOKIE global variable. To get the cookie and its value, simply pass the name of the cookie to the global variable. Considering the above cookie created in the example, look at the following syntax to get the cookie using globals.

$_COOKIE["my_first_cookie"] // will return "It contains String"

How to delete cookies in PHP?

You can set the expiry time for a cookie. After the expiry time, the cookie will delete automatically. Look at the example below, in which we create a cookie and set its expiry time.

setcookie("my_first_cookie","It contains String", time() + (86400), "/"); // 86400 = 1 day

In the above example, the cookie “my_first_cookie” will expire after one day. Keep in mind that the expiry time for the cookie must be in the number of seconds. Therefore, we used the time() function that returns the current time and adds the number of seconds in a day i.e 86400.

How to update cookie in PHP?

You can update a cookie using the same method setcookie(). Just call the function by the name of the cookie and you can set other parameters of the cookie.

setcookie("my_first_cookie","It contains String", time() + (86400 * 2), "/"); // 86400 = 1 day

In the above example, we have called the setcookie() method for the same cookie which we have created in the previous example. Suppose, we want to increase the expiry time of the cookie from one day to two days. Simply, modify the parameter of expiry time.

Note: When cookies are set, by default they are URL encoded while sending in the request and decoded when received. To disable URL encoding, you can use setrawcookie() method.

As you are now familiar with updating the cookies, let us give another method to delete a cookie especially, if no expiry time is set for the cookie. Simply, update the expiry time of the cookie to the past.

setcookie("my_first_cookie","", time() - 3600); // delete the cookie immediately

Check if your browser allows cookies?

Here is the simple trick by which you can check browser has enabled the cookies or not. Set a cookie using setcookie() method. As we know from the previous learning that $_COOKIE array store all the cookies. So, check the count of this array.

if(count($_COOKIE) > 0) {
  echo "Cookies are enabled.";
} else {
  echo "Cookies are disabled.";

PHP Sessions

If you are on your computer and use an application for some time and then close it. The computer will have a record of the user of the application and also the track of actions performed with the application. But, on the website, HTTP protocol does not maintain the state of the user.

If you want to persist and access a value on multiple web pages, the session is there to solve this problem. In this section, we will learn how to work with PHP sessions to store and access values.

Note: Session is not permanent storage. A session starts upon opening the webpage and ends when you close that web. The database is the solution for permanent storage which we will learn in the database section of PHP tutorials.

How to start a session in PHP?

To start a session in PHP, use session_start() function. Make sure, this function should be called on the top of the PHP script. The next step is to store the value in the session global array. Look at the complete example of starting a session and storing values in it.

// Start the session

// Set session variables
$_SESSION["favcolor"] = "green";
$_SESSION["favanimal"] = "cat";
echo "Session variables are set.";

How to get the session value from the global array?

Simply, as we access the value of cookie out of the cookie global array, use the session global array to access the session value. Look at the following example.

echo "Favorite animal is " . $_SESSION["favanimal"] . ".";

How to update the session variable?

Call the session global array with the name of the session variable and assign it the new value.

$_SESSION["favcolor"] = "yellow";

Removing Session vs Destroying Session

Removing a session means removing all the values stored in the current session.


Destroy a session means to stop the session that was started using session_start()


Sessions are protected by a special key against the user. They are stored with a key like “765487cf34ert8dede5a562e4f3a7e12” in the computer. So, when the session needs to access the value stored in it on another webpage of the website, this key is matched with the key stored in the computer of the client.

To get complete reference of php sessions, visit here

Files in PHP
PHP Filters -Validation and Sanitization

Tutor Network

Share this

Learn PHP from A to Z