Session & Cookie

Session Information Resides on the Web Server

A session is server-side information intended to exist only throughout the visitor’s interaction with the website. Only a unique identifier is stored on the client side. This token is passed to the web server when the visitor’s browser requests your HTTP address. That token matches your website with the visitor’s information while the user is at your site. When the user closes the website, the session ends, and your website loses access to the information. If you don’t need any permanent data, sessions are usually the way to go. They are a little easier to use, and they can be as large as needed, in comparison with cookies, which are relatively small.

Sessions cannot be disabled or edited by the visitor.  

So, if you have a site requiring a login, that information is better served as a cookie, or the user would be forced to log in every time he visits. If you prefer tighter security and the ability to control the data and when it expires, sessions work best.

You can, of course, get the best of both worlds. When you know what each does, you can use a combination of cookies and sessions to make your site work exactly the way you want it to work.

Session usage examples

A Cookie Resides on the User’s Computer

Your website can be set to place a cookie on a user’s computer. That cookie maintains information in the user’s machine until the information is deleted by the user. A person may have a username and password to your website. That information can be saved as a cookie on the visitor’s computer, so there is no need for him to log in to your website on each visit. Common uses for cookies include authentication, storage of site preferences, and shopping cart items. Although you can store almost any text in a browser cookie, a user can block cookies or delete them at any time. If, for example, your website’s shopping cart utilizes cookies, shoppers who block cookies in their browsers can’t shop at your website.

Cookies can be disabled or edited by the visitor. Do not use cookies to store sensitive data.

Cookie usage examples

Name– The name of the cookie. It’s mandatory.The server will use when retrieving its value from the $_COOKIE array variable.

Value –The setcookie() function set the value of the name variable and It contains that you actually want to store. It’s also mandatory.

Expiry- This is a limit to access a cookie. The time may be 1 day ,1 month or more. If you set the time 1 month then you can access the cookie during the 1-month duration. After one month you can not access the cookie.

Path- Path specifies the directories from which the cookie is valid .

Domain – This can be used to specify the domain name in very large domains and must contain at least two periods to be valid. All cookies are only valid for the host and domain which created them.

Security- It set to be 1 refers that the cookie should only be sent by secure transmission using HTTPS and else set to 0 which means cookie can be sent by regular HTTP.

httponly If it is set to true, then only client side scripting languages .for example – JavaScript cannot access them. Set the cookie username, mobile, and email. The cookie will expire after one hour in the below example.

By Yuuma




tel. 06-6454-8833(平日 10:00~17:00)