Register Login

Difference between Cookies and Sessions

Updated Oct 27, 2022

Generally, we need or use cookies and sessions to store user information as a global constant for the whole website. In addition to this feature, sessions and cookies can store data at the client-side browser's local storage.

Now, the question arises if both global constants have the same capability and functionality, how can both of them differ from each other? In this article, users will find the primary differences between sessions and cookies, and this article will also discuss how to create a session and a cookie using PHP.

What are cookies in PHP?

Programmers can use cookies to store their user information in the browser, but this is not a safe method to store data. A cookie can take a maximum size of 4KB that a web server saves on the client's computer.

Every page request that follows returns the cookie name and value when programmers finish setting the cookie. A cookie is also a web cookie, an HTTP cookie, or an internet cookie.

A website transmits data packets to the client's computer in cookie form when the client first visits any website.

Syntax:

setcookie(name, value, expire, path, domain, secure, httponly);

Attribute:

  • Name: Name of the cookie.
  • Value: Value given to the cookie.
  • Expire: Specify time when cookie get expired in seconds. If we don’t assign value or give 0, cookies will be expires at the end of the session or when the Web Browser is closed.
  • Path: It defines the path to store the cookie. "/": define cookie will be available within the complete domain,
    "/mydrive/": define cookie will be available within the folder /mydrive/.
  • Domain: Specify domain name of the cookie. Example  "stechies.com", it will be available in domain stechies.com.
  • Secure: If it is set "0", it means cookie can be sent by HTTP and HTTPS both, if it is set "1" it means cookie can be sent only by HTTPS.
  • HTTPOnly: If it is set to TRUE, the cookies will be accessible through the HTTP protocol.

What are sessions in PHP?

A session is a global variable that stores information on the server. Sessions are safe as it does not store data in the user's computer, unlike cookies.

A cookie comprising the unique session id gets saved on the user's computer and returns with each request to the server whenever programmers create a session. Each session has a unique id that a programmer can use to fetch stored data.

At the point; when the client browser does not support the cookies, the browser displays this unique session id in the URL. Users or programmers can use sessions to store relatively large-sized information or data compared to cookies.

The thought of using PHP sessions is safe because it automatically deletes the values it has stored when the browser is closed. If programmers want to save the data or information permanently, they should keep them in their database.

Syntax:

$_SESSION['KEY'] = VALUE

How to create a cookie using PHP?

Using the syntax of the cookie, we can create a cookie with a name and values.

Code  Snippet:

<?php
	$name = "MyCookie";
	$value = "STECHIES.COM";
	SA_MESSAGES($name, $value, time() + (86400 * 30), '/'); // Here, we are using a cookie that will expire after 86400 * 30 days. 
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
</head>

<body>
<?php
if(!isset($_COOKIE[$name])) {
     echo "The name of the Cookie is '" . $name . "' and is not set!";
} else {
     echo "Cookie '" . $name . "' is set!<br>";
     echo "Value is: " . $_COOKIE [$name];
}
?>
<p> <strong> Note: </strong> If you reload the page, you can might be able to see the value of the cookie. </p
</body>
</html>

Output:

After reloading the page:

Run Code Snippet

Explanation:

In the above example, we have created a cookie named "section" with the value "ABCD XYZ." The cookie will expire after 86400 * 30 days, i.e., after 30 days.

We have used a "/" that indicates that the cookie is available on the whole of the website. Users can also select other directories they prefer.

How to check Cookie Value in Chrome Browser

Press Ctrl + Shift + i it will open Inspect Window then go to Application >> Cookie >> select the site name as shown in the given figure.

Here you can see the Cookie that we have just created.

How to create a session using PHP?

Using the syntax of the session, we can create a session with the session_start() function.

Code  Snippet:

<?php 
// Here, we are starting our session 
session_start(); 
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Difference between Cookies and Sessions </title>
<meta name="robots" content="noindex,nofollow">
</head>

<body>
<?php
// Here, we are setting session variables
$_SESSION["favourite_color"] = "black";
$_SESSION["favourite_animal"] = "dog";
echo "We set a Session that has two variables.";
echo "<br>Session one: " . $_SESSION["favourite_color"];
echo "<br>Session Two: " . $_SESSION["favourite_animal"];
?>
</body>
</html>

Output:

Run Code Snippet

Explanation: 

In the above code snippet, we have created a session using the session_start() function that starts the session. We have created two session variables using the PHP global variable "$_SESSION."

Note: Users need to start their session document with the session_start() function before all HTML tags.

Characteristics Sessions Cookies
Usage To store data as a server-side file, programmers use sessions. To store data as a client-side file, programmers use the cookies.
Nature Sessions are temporary because when users quit the browsers, the stored data gets deleted. Cookies are meant for lifetime as they store data on the client's computer.
Storage Programmers can store as much information as they like in a session. However, a session has a maximum storage limitation of 128 MB, and a file may take up to 128 MB at one time. The storage capacity of cookies cannot exceed more than 4KB.
Safety Sessions are safer than cookies as these stores data in server-side files. There is a chance that the data stored in cookies is stolen or leaked.
Function used Session program must start with a function named session_start() function. There is no function in the case of cookies.
Global Variable The global variable used in a session is $_SESSION to get data. The global variable used in a cookie is $_COOKIE to get data.
Fomat The format of saving data by a session is in encrypted form. The format of saving data by a cookie is in a text file.
Deletion of Data Programmers can use the session_destroy() function to delete data in sessions and unset a variable using unset(0) function. In cookies, programmers can set an expiration date to delete its data. At that specific time, it will automatically delete the data.  

Conclusion:

This article is all about Cookies and Sessions. We have discussed the eight differences between Cookies and Sessions. Also, by using their syntax, you can learn how to create a cookie and a session using PHP from the above code snippets.


×