What are cookies and sessions in PHP?

What is a cookie?

A cookie is a small file with a maximum size of 4KB. It is used to store user identification data.

Cookies are stored on the user’s local machine.

Each time a browser page is requested, the computer sends the cookie alongside for authentication. Cookies are only visible to the user who creates them.

Why are cookies used?

Since HTTP is a stateless protocol, cookies are used to track the state of the application. They are also used to track websites visited by the user to store user preferences.

Creating cookies with PHP

We can create a cookie as follows:

setcookie(name, value, expire, path, domain, secure, httponly);

The name parameter is required. The rest are optional.

Example

The code snippet below shows how we can create a cookie in PHP:

The following cookie will expire in 30 days (86400s * 30).

<!DOCTYPE html>
<?php
$cookie_name = "user";
$cookie_value = "John Doe";
setcookie($cookie_name, $cookie_value, time() + (86400 * 30), "/"); // 86400 = 1 day
?>

We can also retrieve the set cookie using the cookie_name variable. It is done as follows:

<html>
<body>
<?php
  echo "Cookie '" . $cookie_name . "' is set!<br>";
  echo "Value is: " . $_COOKIE[$cookie_name];
?>
</body>
</html>

Cookies are stored in the _COOKIE variable in PHP. Their value can be retrieved using the cookie_name variable, which acts as an identifier.

Deleting a cookie

We can delete an existing cookie by changing its expiry date. We can set the expiry date to be before the current time.

The setcookie function needs to be used again for this purpose.

The code snippet below shows how to delete the same cookie that we created before:

<?php
// set the expiration date to one hour ago
setcookie("user", "", time() - 3600);
?>

What is a session variable?

A session variable stores information that can be used across web pages. Session variables are stored on the browser. Therefore, a session lasts till the webpage is closed.

Creating a session

A session begins by using the session_start function. Each session variable is stored and retrieved from the global variable named _SESSION. Session variable are then created as follows:

$_SESSION[identifier] = value;

Example

The example below shows how one can create session variables in PHP:

 <?php
session_start();
?>
<!DOCTYPE html>
<html>
<body>
<?php
// Set session variables
$_SESSION["name"] = "Educative";
$_SESSION["ID"] = "123";
?>
</body>
</html>

The code snippet below shows how we can retrieve session variables in PHP:

 <?php
session_start();
?>
<!DOCTYPE html>
<html>
<body>
<?php
// Echo session variables that were set on previous page
echo "Company name is " . $_SESSION["name"] . ".<br>";
echo "Company ID is " . $_SESSION["ID"] . ".";
?>
</body>
</html>

Deleting a session

A session can be using the session_unset and session_destroy functions in PHP.

The session_unset function removes all session variables.

The session_destroy function destroys the session.

The example below shows how to destroy a session in PHP:

<?php
session_start();
?>
<!DOCTYPE html>
<html>
<body>
<?php
// remove all session variables
session_unset();
// destroy the session
session_destroy();
?>
</body>
</html>
Free AI Mock Interviews
Coding Interview
Coding PatternsFree Interview
Gain insights and practical experience with coding patterns through targeted MCQs and coding problems, designed to match and challenge your expertise level.
System Design
You TubeFree Interview
Learn to design a video streaming platform like YouTube by tackling functional and non-functional requirements, core components, and high-level to detailed design challenges.

Free Resources

Copyright ©2025 Educative, Inc. All rights reserved