PHP Sessions and Cookies Tutorial

All sessions are stored inside of one array $_SESSION and can only be used when the PHP function session_start() is called on top of the webpage. To create a session, we simply create a sub-variable to the $_SESSION array. Do make sure we called the session_start function first.

<?php
session_start(); //enable the use of sessions

$_SESSION['my_session'] = "I created my own session!";

?>

Note: the session_start function should be called on top of the webpage and may not be called after any HTML/graphical output.

Example of usage
Now we know how to create a session so let's make an actual simple system with it. We'll create a very small login system ( well, the part of the system that remembers a valid login ). It consists of 3 files:

• login.php
  creates a session that indicates that a user is logged in


• logout.php
  removes the session that indicates that a user is logged in


• members.php
  a members-only page that checks whether the user is logged in

login.php

<?php
session_start();

$_SESSION['loggedin'] = TRUE; //indicate that the user is logged in

?>

logout.php

<?php
session_start();

$_SESSION['loggedin'] = FALSE; //indicate that the user is no longer logged in

?>

members.php

<?php
session_start();

if($_SESSION['loggedin'] == TRUE) { //if the user is logged in
echo "Welcome to the members area!";
}else{ //user is not logged in
echo "Oops... you have to be logged in to view this part of the website.";
}

?>

Some very simple, yet effective usages of sessions we've seen above. Although this is of course not a full login system, but it illustrates how a login system works. Soon I'll create a tutorial on how to create a full login system for those who're interested.

Note: Some login systems use cookies instead of sessions ( or allow both ) because they can be remembered for a longer term, and nowadays most of the browsers allow them ( pretty much all of them ). But still: the user of the browser can see the cookies and remove or disable them.

Just like sessions, cookies are as well stored inside of one array: $_COOKIES. However, we do not need any function (like session_start) to enable cookies (as they're client-sided). Also creating a sub-variable to the array $_COOKIES ( a cookie ) is different. As cookies can be remembered for a specific period, which cannot be set when creating a sub-variable to the array the normal way, there has been made a specific PHP function to do this: setcookie( $name[, $value, $expire]).

&lt?php

// creates $_COOKIES['my_cookie'] = "my own cookie!" and does not expire
setcookie("my_cookie", "my own cookie!");

//creates $_COOKIES['another_cookie'] = "my second cookie!" and expires in 1 day (60*60*24 seconds)
setcookie("another_cookie", "my second cookie!", time()+(60*60*24));

?>

Note: the setcookie function allows more different parameters than the ones used in this lens which can be found here.