Basics of PHP – Sessions & Cookies

June 1, 2010

Most of us will have heard of a cookie before, those pesky privacy thieving things which really don’t taste that great, or not. The truth is cookies are vital to the operation of a website and while being reasonably safe and secure do not divulge that much personal information, at least not the personal information that really means anything. In fact about the most personal you can get is asking PHP for the users IP Address, but even that isn’t totally unique to the user.

Anyway back to cookies, cookies are used to store information about a user in the long run (up to 30 days) and sessions are used to store information about user in the short run (until the browser is closed), a session is technically just a temporary cookie, so we’ll start there.

Sessions are most commonly used to store login information so that the website knows who a user is. Most commonly when a user logs in PHP will check that the login information entered by a user matches up with that held in the database, if all the information (username & password) is correct a session can be created to store the login user ID, this way the site will now know that you have logged in and can view certain content.

Storing something as a session is easy.

<?php

//Start the session
session_start();

//Record my name
$_SESSION['my_name'] = 'James';

?>

Let’s split this example into two parts, starting with session_start(). session_start() is a function to tell PHP you are about to use the PHP session functionality, whenever you want to add, edit, view or delete a session you must have already used the session_start() function, further this function has to appear before anything gets outputted to the browser (eg. text, even spaces or new lines).

The second part of this sets the session, the name of the session variable is placed between quotes inside the square brackets. The value of the session is then set after the equals operator (=).

To view the content of this session you would do the following…

<?php

//Start the session
session_start();

//Display my name
echo $_SESSION['my_name'];

?>

Which would output…

James

Any sort of variable (including a session variable) can be cleared by using the unset() function.

<?php

session_start();

unset($_SESSION['my_name']);

?>

There’s also a quick and easy way to delete all session content, session_destroy().

<?php

session_start();

session_destroy();

?>

All session data has now been deleted.

Next up is the cookie, for whatever reason you might want to record information for the user over a fixed amount of time (seconds to a month). To do this we use the setcookie() function in PHP.

<?php

setcookie('my_name', 'James', time() + 3600, '/');

?>

Let’s talk about the parameters, first we have the cookie name ‘my_name’, second we have the cookie value ‘James’, third we have the timestamp for when the cookie should expire. The time() function grabs the amount of seconds that have passed since Unix time (1st Jan 1970), we then add 3600 seconds onto that (3600 seconds = 1 hour) to make the cookie expire one hour from now, finally we set the cookie to be available on all folders on the domain by using ‘/’.

To display the contents of this cookie we would do…

<?php

//Display my name
echo $_COOKIE['my_name'];

?>

To delete the contents of this cookie we have to set the cookie to expire in the past…

<?php

setcookie('my_name', 'James', time() - 1, '/');

?>

As the cookie will have expired one second ago the contents of it are now lost.

Advertisement