PHP : Cookies and Sessions

$_cookie: By using this super global variable we can get the values of cookies.

Setcookie: By using this function we can create the cookies.

Page1.php

<?php
setcookie("city","hyd",time()+3600);
echo "Cookie is Created";
echo $_COOKIE[['city'];
?>

Page 2.php

<a href="page2.php">Next</a>
<?php
echo "welcome to php2page";
echo "value is".$_COOKIE['city'];

?>

$_SESSION: By using this super global variable, we can read the values of sessions and also we can creat the sessions.

*Sessions resides in web server.

Difference between Cookies and Sessions:

         Cookies reside in client system.          Cookies are unsecured.          Cookies stores limited data of amount.          Cookies can store only string data.          Cookies are burden to the client system

         Resides in web server          Highly secured          Sessions ca store huge amount of data          Sessions can store any type of data          Burden to web server.

*By default sessions will not initialize in temporary location. To initialize the sessions we use “sessions.auto_start” configuration directive. This directive is used to initialize the sessions  when he request is started.

*If you want to transform the sessions value from one page to another page with irrespective of session.auto_start. We have to use this function in the page.

Program:

   Page1.php

<?php
session_start();
$x=10;
$_SESSION['lan']="php";
echo $x;
echo $_SESSION['lan'];
?>
<a href="page2.php">got to </a>

Page2.php

<?php
session_start();
echo "value of x is".$x;
echo "value of session is".$_SESSION['lan'];

?>

Note: if we use “session.auto_start we can access the application else if we use session_start>we can success only page values.

Session id: Session id is a unique value generated by the web server (when user sends the first request to the server). The value is alfa numeric string.

*When the session id is created, the server creates a file in server temporary location to maintain the information of user, the file name starts with “sess id” rest of the name is session id what theuser got.

*The session id stores in the client system as a cookie, the name of the cookie is “PHPSESSID” and the value is session id.

*For every sub request and responses the same session id will transform from client system to webserver and web server to client system, that is why the session id is same between the request and responses.

*When the user closes the web browser the cookie will distract from the client system, if the user again reconnected with the server, new session id will generate by the server.

session_id:  By using thie function we can get the session id generated by the server.

session_unset: By using this function we can delete the data of the session.

session_destroy : Bys using this function we can destroy the sessions.

Dan PHP Script

login.php

<?php
session_start();
if (isset($_POST['sub']))
{
$uname=$_POST['txtuname'];
$pwd=$_POST['txtpwd'];
if($uname=="scott" and $pwd=="scott123")
{
$_SESSION['sid']=session_id();
echo
"<script>location='welcome.php'</script>";
}
else
{
echo "invalid user";
}
?>
<form method="post" action="">
USERNAME <input type="text" name="txtuname">
<br>
Password <input type="text" name="txtpwd">
<br>
<input type="submit" name="sub" value="Login">
</form>

welcome.php

<?php
session_start();
if($_SESSION['sid']==session_id())
echo "valid";
else
echo
"<script> location='login.php' </script>";
?>
<a href="logout.php">logout</a>

logout.php

<?php
session_start();
echo "log out succ";
session_unset();
?>