The Difference Between Sessions and Cookies in PHP

The Difference Between Sessions and Cookies in PHP In PHP, visitor information designated to be used across the site can be stored in either sessions  or cookies. Both of them accomplish much the same thing. The main difference between cookies and sessions is that information stored in a cookie is stored on the visitors browser, and information stored in a session is not- it is stored at the web server. This difference determines what each is best suited for. A Cookie Resides on the User's Computer Your website can be set to place a cookie on a users computer. That cookie maintains information in the users machine until the information is deleted by the user. A person may have a username and password to your website. That information can be saved as a cookie on the visitors computer, so there is no need for him to log in to your website on each  visit. Common uses for cookies include authentication, storage of site preferences, and shopping cart items. Although you can store almost any text in a browser cookie, a user can block cookies or delete them at any time. If, for example, your websites shopping cart utilizes cookies, shoppers who block cookies in their browsers cant shop at your website. Cookies can be disabled or edited by the visitor. Do not use cookies to store sensitive data. Session Information Resides on the Web Server A session is server-side information  intended to exist only throughout the visitors interaction with the website. Only a unique identifier is stored on the client side. This token is passed to the web server when the visitors browser requests your  HTTP address. That  token matches your website with the visitors information while the user is at your site. When the user closes the website, the session ends, and your website loses access to the information. If you dont need any permanent data, sessions are usually the way to go. They are a little easier to use, and they can be as large as needed, in comparison with cookies, which are relatively small. Sessions cannot be disabled or edited by the visitor.  Ã‚   So, if you have a site requiring a login, that information is better served as a cookie, or the user would be forced to log in every time he visits. If you prefer tighter security and the ability to control the data and when it expires, sessions work  best. You can, of course, get the best of both worlds. When you know what each does, you can use a combination of cookies and sessions to make your site work exactly the way you want it to work.