PHP: How to store session in cookie

php session cookies session-variables session-cookies
10,191

In fact, php does store the session in a cookie - a single cookie, usually called PHPSESSID. This corresponds to a file (the filename of which is the value of the PHPSESSID cookie) on the server which is a set of key/value pairs, such as those you outline above.

Provided that the user has cookies enabled, sessions will work fine. The main thing to make sure is that every response uses session_start(); otherwise you won't be able to access values within $_SESSION.

If you want this session cookie to stick around after the browser closes, you need to use session_set_cookie_params() (documentation here) which you would call before session_start().

I'd definitely recommend against the approach of 'eternal' sessions, just from a scalability point of view - bearing in mind each session corresponds to a file on the server these could build up after a while (especially if you are a high traffic website).

There is one approach which involves storing a separate cookie on the user's browser, containing login information which your website can look for within $_COOKIE, enabling an 'auto-login' process, which you could explore. I'm not sure it's the most secure approach though.

Hope that helps a little.

Share:
10,191
TaneMahuta
Author by

TaneMahuta

Updated on June 14, 2022

Comments

  • TaneMahuta
    TaneMahuta almost 2 years

    I am new to PHP and am currently struggling with the following:

    I have a login page where I start a session as below which works well so far. 

    session_start();
// ...
$_SESSION["Customer"]["username"] = $username;
$_SESSION["Customer"]["email"] = $email;

    Now I have never used sessions before but assume they die once a user closes their browser and I would like to keep them logged in so that they don't have to do this whenever they re-enter the page. My thought was to use a cookie for that but I am not sure how I can store my session in a cookie.

    I did some research on this and came across the following but I am not sure if that's the right approach and how to use it for what I need.
    Can someone help me with this ?

    session_set_cookie_params ( int $lifetime [, string $path [, string $domain [, bool $secure = false [, bool $httponly = false ]]]] );

    lifetime in my case would be indefinite so as long as possible,
    path would probably just be "/",
    secure would be true
    and I wouldn't need the httponly.

    Many thanks in advance, Mike

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to tell PHP to use SameSite=None for cross-site cookies?
CodeIgniter adding session variable to an already defined "named session"
What is the difference between Sessions and Cookies in PHP?
PHP session variables not being maintaned
Codeigniter can't delete cookies
What happens if cookies are disabled?
PHP - why can't I get rid of this session id cookie?
PHPSESSID not being saved to cookie
Access session cookie in scrapy spiders
Difference between setcookie() and session_set_cookie_params() functions