Servage Magazine

Information about YOUR hosting company – where we give you a clear picture of what we think and do!

Using Sessions with cookies

Thursday, November 6th, 2014 by Servage

screenshot400Your PHP program can’t tell which variables were set in other programs – or even which values the program itself set the previous time it ran – you’ll sometimes want to track what your users are doing from one web page to another. You can do this by setting hidden fields in a form and checking the value of the fields after the form is submitted. However, PHP provides a much more powerful and simpler solution in the form of sessions. These are groups of variables that are stored on the server – but relate only to the current user. To ensure that the right variables are applied to the right users, a cookie is saved in the users’ web browsers to uniquely identify them.

This cookie has meaning only to the web server and cannot be used to ascertain any information about a user. You might ask about those users who have their cookies turned off. Well, that’s not a problem since PHP 4.2.0, because it will identify when this is the case and place a cookie token in the GET portion of each URL request instead. Either way, sessions provide a solid way of keeping track of your users.

Due to their privacy implications, cookies can be read only from the issuing domain. In other words, if a cookie is issued by, for example,, it can be retrieved only by a web server using that domain. This prevents other websites from gaining access to details they are not authorized to have. Due to the way the Internet works, multiple elements on a web page can be embedded from multiple domains, each of which can issue its own cookies. These are referred to as third-party cookies. Most commonly, they are created by advertising companies in order to track users across multiple websites.

Several technologies support this kind of interaction, ranging from simple browser cookies to session handling and HTTP authentication. Between them, they offer the opportunity for you to configure your site to your users’ preferences and ensure a smooth and enjoyable transition through it.

Starting a Session

Starting a session requires calling the PHP function session_start before any HTML has been output, similarly to how cookies are sent during header exchanges. Then, to begin saving session variables, you just assign them as part of the $_SESSION array, like this:

$_SESSION['variable'] = $value;

They can then be read back just as easily in later program runs, like this:

$variable = $_SESSION['variable'];

Now assume that you have an application that always needs access to the username, forename, and surname of each user, as stored in the users table, which you should have created a little earlier. Let’s further modify authenticate.php to set up a session once a user has been authenticated.

Sources for further reading

Using Sessions with cookies, 4.2 out of 5 based on 5 ratings
Categories: Guides & Tutorials


You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

No comments yet (leave a comment)

You are welcome to initiate a conversation about this blog entry.

Leave a comment

You must be logged in to post a comment.