Chapter 5

COOKIES AND
SESSIONS
 The Stateless Model

The Hypertext Transfer Protocol (HTTP) is a stateless technology,

meaning that each individual HTML page is an unrelated entity
HTTP has no method for tracking users or retaining variables as a person
traverses a site
When a user requests one page followed by another HTTP does not
provide a way for us to tell that both requests came from the same user
Without the server being able to track a user, there can be no shopping
carts or custom Web-site personalization.
The idea of session control is to be able to track user during a single
session on a web site.

08/10/2024
 Cont…

Using a server-side technology like PHP, you can overcome the

statelessness of the Web
The two best PHP tools for this purpose are cookies and sessions
The key difference between cookies and sessions is that cookies store data
in the user’s Web browser and sessions store data on the server itself.
Sessions are generally more secure than cookies and can store much more
information.

08/10/2024
 Maintaining State with Sessions

Sessions in PHP are driven by a unique session ID, a cryptographically

random number.
This session ID is generated by PHP and stored on the client side for a
lifetime of a session.
The session ID acts as a key that allows you to register particular variables as
so called session variables.
The contents of these variables are stored at the server.
The session ID is the only information visible at the client side
By default, the session variables are stored in flat files on the server.
Session variables solve the problem by storing user information to be used
across multiple pages (e.g. username, favorite color, etc)
08/10/2024
 Starting a PHP Session
 Before storing any information in session variables, the first step is
starting up the session.
 To begin a new session, simply call the PHP session_start() function.
 It will create a new session and generate a unique session ID for the
user.
<?php
// Starting session
session_start();
?>

08/10/2024
 Starting a PHP Session
 The session_start() function first checks to see if a session already exists
by looking for the presence of a session ID.
Session variables are set with the PHP global variable:
$_SESSION.
 Note: The session_start() function must be the very
first thing in your document. Before any HTML tags.

08/10/2024
 Storing and Accessing Session Data

 You can store all your session data as key-value pairs in the $_SESSION[]
super global array.
 The stored data can be accessed during lifetime of a session.
 Consider the following script, which creates a new session and registers two
session variables.
<?php // Starting session
session_start();
// Storing session data
$_SESSION[“Newname"] = "Ethiopia";
$_SESSION[“Oldname"] = "Abyssinia";
?>
08/10/2024
 Accessing Session data

 To access the session data we set on our previous example from any other page
on the same web domain — simply recreate the session by calling
session_start() and then pass the corresponding key to the $_SESSION
associative array.
<?php
// Starting session
session_start();
// Accessing session data
echo ‘My Country Is,’ .
$_SESSION[“Newname"] . ' ' . $_SESSION[“Oldname"];
?>
08/10/2024
 Destroying a Session

 if you want to remove certain session data, simply unset the corresponding
key of the $_SESSION associative array, as shown in the following
example:
<?php
// Starting session
session_start();
// Removing session data
if(isset($_SESSION["Newname"])){
unset($_SESSION["Newname"]);}
?>
08/10/2024
 Destroying a Session

 However, to destroy a session completely, simply call the

session_destroy() function.
 This function does not need any argument and a single call
destroys all the session data.
<?php
// Starting session
session_start();
// Destroying session
session_destroy();
08/10/2024
 Destroying a Session

Every PHP session has a timeout value — a duration, measured

in seconds — which determines how long a session should
remain alive in the absence of any user activity.
It is possible adjust this timeout duration by changing the value
of session.gc_maxlifetime variable in the PHP configuration file
(php.ini).

08/10/2024
 What is Cookies ??

A cookie is a small text file that lets you store a small amount of data
on the user's computer.
They are typically used to keep track of information such as username
that the site can retrieve to personalize the page when user visit the
website next time.
A cookie is often used to identify a user.
A cookie is a small file that the server embeds on the user's computer.
Each time the same computer requests a page with a browser, it will
send the cookie too.
 With PHP, you can both create and retrieve cookie values.

08/10/2024
 Setting Cookies
The setcookie() function is used to set a cookie in PHP.
The basic syntax of this function can be given with: setcookie(name, value,
expire, path, domain, secure);
Parameter Description
name The name of the cookie.
The value of the cookie. Do not store sensitive information since this value is stored
value
on the user's computer.
The expiry date . After this time cookie will become inaccessible. The default value is
expires
0.
Specify the path on the server for which the cookie will be available. If set to /, the
path
cookie will be available within the entire domain.
domain Specify the domain for which the cookie is available to e.g www.example.com.
This field, if present, indicates that the cookie should be sent only if a secure HTTPS
secure
connection exists. 08/10/2024
 Setting Cookies

<?php
// Setting a cookie
setcookie("username", “Abebe Kebede", time()+30*24*60*60);
?>
Note:All the arguments except the name are optional. It is possible to replace an
argument with an empty string ("") in order to skip that argument, however to skip
the expire argument use a zero (0) instead, since it is an integer.

08/10/2024
 Accessing Cookies Values

 The PHP $_COOKIE super global variable is used to retrieve a cookie

value.
 It typically an associative array that contains a list of all the cookies values
sent by the browser in the current request, keyed by cookie name.
 The individual cookie value can be accessed using standard array notation,
for example to display the username cookie set in the previous example:
<?php
// accessing an individual cookie value
echo $_COOKIE["username"];
?>
// out put is:abebe kebede 08/10/2024
 Accessing Cookies Values

 It's a good practice to check whether a cookie is set or not before accessing its
value.
 To do this you can use the PHP isset() function, like this:
<?php
// Verifying whether a cookie is set or not
if(isset($_COOKIE["username"])){
echo "Hi " . $_COOKIE["username"];
} else{
echo "Welcome Guest!";
}
?>
08/10/2024
 Removing Cookies

To remove a cookie, you should set its expiry to a date in the past.
<?php
// Deleting a cookie
setcookie("username", "", time()-(60*60*24*7));
?>
• You should pass exactly the same path if it was set with a path
<?php
// Deleting a cookie with a path
setcookie("the_cookie_name", "", time()-(60*60*24*7),"/");
?>
08/10/2024
End of the Chapter

08/10/2024