Hi friends,
Waht are the differences between Sessions and cookies in PHP?
Please explain with examples.

Thanks & Regards

Recommended Answers

All 5 Replies

Sessions are way more safe. Although it creates a cookie, all thats stored in the cookie is a hash for the server to recognize with it's locally stored data. When a session is created it's all the information is stored server side and the user is recognized by the hash that is contained in the cookie. Now a cookie just contains all the data, which can sometimes not be safe.

Session is stored in server but cookie stored in client. Session should work regardless of the settings on the client browser. There is no limit on the amount of data that can be stored on session. But it is limited in cookie. Session can store objects and cookies can store only strings. Cookies are faster than session.

Best example to illustrate the difference bet. Session and Cookies is:-
when you Login as a member in any Site it Creates Sessions until you log out...
that is Session..

and Cookies when you browse websites the are stored on your computer's Main Memory that is Cookies

i-e Session is Server side
and cookies is Client side


<!-- Cookie -->

if (isset($_COOKIE["user"]))
  echo "Welcome " . $_COOKIE["user"] . "!<br>";
  echo "Welcome guest!<br>";


<!-- Session -->

// store session data


//retrieve session data
echo "Pageviews=". $_SESSION['views'];


A PHP session variable is used to store information about, or change settings for a user session. Session variables hold information about one single user, and are available to all pages in one application.

A cookie is often used to identify a user. A cookie is a small file that the server embeds on the user's computer. Each time the same computer requests a page with a browser, it will send the cookie too. With PHP, you can both create and retrieve cookie values.

you can visit this for more info and examples here

@PriteshP23 sessions do create a cookie on the client side that contains a hash to identify the user. By default the cookie is cleared when the browser is closed.

Member Avatar

Just note that sessions WILL NOT work unless the user has enabled cookies - well unless you have provision to append the session id to the url - and I can't imagine that being a very nice alternative these days. If your users have cookies turned off (have a message asking them to turn them on, otherwise they will not be able to use the site as intended).
Cookies are fine for keeping small bits of unimportant things like - site preferences, last page visited etc. Do not use them to store anything vaguely secure. Sessions on the other hand if can be used to pass data reasonably securely. Again, passing the kitchen sink through sessions is not what they're built for.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, learning, and sharing knowledge.