Session and cookies

The Session and cookies are used by different websites for storing user’s data across different pages of the site. Both session and cookies are important as they keep track of the information provided by a visitor for different purposes. The main difference between both of them is that sessions are saved on the server side, whereas cookies are saved on the user’s browser or client-side. Apart from this, there are also various other differences between both.

What is Cookie?

A cookie is a small file with a maximum size of 4KB that the web server stores on the client computer. Once a cookie has been set, all page requests that follow return the cookie name and value. A cookie can only be read from the domain that it has been issued from.

• A cookie is a small text file that is stored on the user’s computer. The maximum file size of a cookie is 4KB. It is also known as an HTTP cookie, web cookie, or internet Cookie. Whenever a user visits a website for the first time, the site sends packets of data in the form of a cookie to the user’s computer.
• The cookies help the websites to keep track of the user’s browsing history or cart information when they visit their sites.
• It stores only the “String” data type.
• The information stored within cookies is not secure because this information is stored in text-format on the client-side, which can be read by anyone.
• We can enable or disable the cookies as per the requirement.
• The cookies generated by a user are only be shown to them, and no other user can see those cookies.
• Cookies are created and shared between the server and browser with the help of an HTTP header.
• The path where the cookies are saved is decided by the browser, as Internet explorer usually stored them in Temporal Internet File Folder.
• When we visit YouTube channel and search for some songs, next time whenever we visit YouTube, cookies read our browsing history and shows similar songs or last played songs.

Creating Cookies with PHP

To create a cookie in PHP, we need to use the setcookie() function, and it must appear before the tag. The syntax of this function is given below:

setcookie(name, value, expire, path, domain, secure, httponly);
In the above syntax, only a name argument is required, and others are optional.

Cookies Parameters

• Name: It defines the name of the cookie.
• Value: It defines the value of the cookie.
• Expire: It specifies the time when the cookie will expire. If it is not used or set as 0, cookies will be deleted at the end of the session.
• Path: It defines the server path of the cookie. If it is set to “/”, the cookie will be available within the complete domain.
• Domain: It defines the domain name of the cookies. If we set it “javatpoint.com”, it will be available for all subdomains of javatpoint.com.
• Secure: It specifies that if the cookies are only transmitted over HTTPS or not. If it is set True, it means cookies will only be set for the secured connection.
• HTTPOnly: If it is set to TRUE, the cookies will be accessible through the HTTP protocol.

What is a Session?

A session is a global variable stored on the server. Each session is assigned a unique id which is used to retrieve stored values. Whenever a session is created, a cookie containing the unique session id is stored on the user’s computer and returned with every request to the server. If the client browser does not support cookies, the unique session id is displayed in the URL. Sessions have the capacity to store relatively large data compared to cookies. The session values are automatically deleted when the browser is closed. If you want to store the values permanently, then you should store them in the database.

• A session is used to temporarily store the information on the server to be used across multiple pages of the website. It is the total time used for an activity. The user session starts when he logs-in to a particular network application and ends when the user logs out from the application or shutdowns the system.
• When we work on an application over the internet, the webserver doesn’t know the user because the HTTP protocol does not maintain the state. The information provided by the user on one page of the application (Let’s say Home) will not be transferred to another page. To remove this limitation, sessions are used. Session gets started whenever a visitor first enters a website.
• The user information is stored in session variables, and these variables can store any type of value or data type of an Object.
• Session values are much secured as these are stored in binary form or encrypted form and can only be decrypted at the server. The session values are automatically removed when the user shutdowns the system or logout from the application. To store the values permanently, we need to store them in the database.
• Each session is unique for each user, and any number of sessions can be used in an application; there is no limitation to it.
• The user is identified with the help of sessionID, which is a unique number saved inside the server. It is saved as a cookie, form field, or URL.

Happy Website Coding 🙂