Join Training
Home/PHP/Sessions & Cookies
PHP & The WebExtra· 35 min read

Sessions & Cookies

Remember users across pages — the foundation of logins and shopping carts.

What you will learn

  • Start and use sessions
  • Set cookies
  • Understand how login state works

Sessions remember data per visitor

HTTP is stateless — each request forgets the last. Sessions store data on the server tied to a visitor, so they stay “logged in” across pages.

Here is how a session keeps a visitor recognised from one page to the next:

  1. On the first visit, session_start() creates a session and gives the browser a tiny ID in a cookie.
  2. You store data into $_SESSION (for example the logged-in username).
  3. On the next page, the browser sends that ID back automatically.
  4. session_start() uses the ID to find the same session, so $_SESSION still holds your data.
  5. When the user logs out, session_destroy() throws the stored data away.
Sessions: store data across pages
<?php
  session_start();              // must be first, before any output

  $_SESSION["user"] = "Asha";   // store
  echo $_SESSION["user"];       // read on any page

  // session_destroy();         // log out
?>

session_start() must come first, before any HTML is sent. $_SESSION["user"] = "Asha" saves a value into the session; that value will still be there on every other page that also calls session_start(). echo $_SESSION["user"] reads it back. The commented-out session_destroy() is what you would call to log the user out.

Note: Output (in the browser): Asha The magic is on the *next* page: load another PHP file that calls session_start() and echo $_SESSION["user"] and it will still print Asha — the server remembered, even though it is a brand-new request.

Cookies

A cookie is a small piece of data stored in the browser and sent back on each request — handy for remembering small preferences like a chosen theme. You set one with setcookie() and read it from the $_COOKIE array.

Cookies store small data in the browser
<?php
  setcookie("theme", "dark", time() + 86400);  // lasts 1 day
  echo $_COOKIE["theme"] ?? "no cookie yet";
?>

setcookie("theme", "dark", time() + 86400) tells the browser to remember a cookie named theme with the value dark. The third argument is when it expires: time() is now, and 86400 is the number of seconds in a day, so it lasts one day. $_COOKIE["theme"] reads it back, with ?? "no cookie yet" as a fallback.

Note: Output (in the browser): no cookie yet On the first load the cookie is being set but has not come back yet, so the fallback shows. Refresh the page and the browser now sends the cookie, so it prints dark. Cookies only arrive on the request *after* they are set.

Note: Sessions store data on the server (more secure, used for login state). Cookies store small data in the browser (preferences). Laravel handles all of this elegantly for you later.

Q. What must you call before using $_SESSION?

Answer: session_start() must be called (before any output) to begin or resume a session.

✍️ Practice

  1. Store a username in a session and read it on a second page.
  2. Set a cookie and read it back.

🏠 Homework

  1. Build a tiny “login” that stores the user in a session and a “logout” that destroys it.
Want to learn this with a mentor?

CodingClave runs guided, project-based training (28-day, 45-day & 6-month batches).

Explore Training →