Code Perspective

Cookies and Sessions are extremely useful to a PHP programmer, however they could be considerably confusing to a beginner. Cookies and sessions are used to store pieces of information for a period of time until it is destroyed. This information inside of a cookie or a session can be used to store things like log in information, URL information and much much more.

Cookies

Cookies are pieces of information stored on the client’s machine. The disadvantage here is that cookies can be disabled or ignored from the client’s end. So if you’re using cookies, try not to use them for anything that is crucial to the system functioning(this is what sessions are for… more on that later). The syntax for creating a cookie looks like this…

//A cookie can be equal to a string
$_COOKIE['nameOfCookie'] = 'What information you want to store here';
 
//or a cookie can be equal to a variable
$_COOKIE['nameOfCookie'] = $username;

According to PHP variable declaration rules, you can name the cookie whatever you would like as long as it doesn’t break any of the PHP rules. Data from created cookies can then be used anywhere you like just like any variable such as…

//print the value of the cookie
print($_COOKIE['nameOfCookie']);

Alternately, you can use the isset() method to check to see if a specific cookie has been set. This is more useful when using sessions but we’ll get to that later.

Sessions

Session differ from cookies in that they are stored on the server as opposed to the client. Sessions offer one major advantage over cookies, they cannot be disabled by the user, thus making sessions much more secure than cookies. When dealing with things like log in information and secure data, session are a much better choice than cookies. Sessions are declared using the same conventions as cookies…

//a session can be equal to a string
$_SESSION['nameOfSession'] = 'What information you want to store in the session';
 
//or a session can be equal to a variable
$_SESSION['nameOfSession'] = $username;

This will declare a session variable, however there is one key function that needs to be created prior to using a session variable. The session_start() function needs to be called before any data is sent from the server. Even if a spare white space is sent, the session_start() function will most likely send an error. Whenever you want to use a session variable in a PHP file/function, you must call the session_start() function at the very beginning of the page in order to use a session variable that has been created. This needs to occur even prior to sending the DOCTYPE to the client. To use a session variable the syntax is as follows…

//start the session
session_start();
 
//print the session variable
print($_SESSION['nameOfSession']);

The syntax is similar to using a cookie and alternatively you can use the isset() method to check if a session variable has been created or not. This becomes particularly useful when it comes to creating login systems that keeps users logged in using a session.

In full, you can use sessions or cookies if you like but keep in mind that sessions are stored on the server and cannot be disabled by a user, thus making them much more secure and reliable. In order to create a session, remember to call the session_start() method at the very start of the document or you may not be able to use the session variables.