PHP Tutorial

Session Control and Cookies

In the lesson on authenticaion, we created a login form and learned to authenticate users by comparing their emails and passwords to records in a database. In this lesson, we will use session variables to remember that the users are logged in as they go from page to page and we will use cookies to make it easier for users to log in on future visits.

Lesson Goals

  • To maintain sessions to track user visits.
  • To write and read cookies.

Lesson Activities

  1. Sessions
  2. Cookies


A session begins when a visiting client somehow identifies itself to the web server. The web server assigns the client a unique session id, which the client uses to re-identify itself as it moves from page to page on the website. Most of the time, these unique ids are stored in session cookies that expire after the client hasn't interacted with the server for some amount of time. The amount of time varies depending on the web application. For example, an online investment site might have very short sessions, so that if a user leaves her computer without logging out, another user who sits down at the same computer several minutes later cannot continue with the first user's session.

Configuring Sessions

In PHP, session management is configured in the php.ini file. To have a user's session start as soon as the user visits the website, the session.auto_start flag must be set to 1.

The session length is also set in the php.ini file with the session.gc_maxlifetime variable. The default value is 1440 seconds (24 minutes).

Session Functions

The following table shows the most common session functions.

Function Explanation
session_start() Starts new session if one does not exist. Continues current session if one exists.
session_unset() Unsets all session variables.
session_destroy() Kills session.

Together, the files below illustrate how sessions can be tracked.

Code Sample:

//Begin a session and create a session variable in
//the $_SESSION array.

	$_SESSION['Greeting'] = 'Hello world!';

	echo $_SESSION['Greeting'];
<a href="Session2.php">Next page</a>

Code Sample:

//Continue session, show that session variable still
//exists and then unset the session variable

	echo $_SESSION['Greeting'];

<a href="Session3.php">Next page</a>

Code Sample:

//Continue session, show that session variable no longer
//exists and then kill session.

	echo $_SESSION['Greeting'];


The code above illustrates the following points.

  • Pages that are part of the session should begin with a call to session_start().
  • Session variables are created in the $_SESSION array.
  • Session variables are deleted in the same way as other variables - using the unset() function.
  • All session variables can be unset with the session_unset() function. This should be called before calling session_destroy().
  • Sessions are killed with a call to session_destroy().


Cookies are stored in text files that sit on the client machine. Web pages with the right permissions can read from and write to cookies. They are generally used to track user information between visits.

In PHP, cookies are set with the setcookie() function, which can take several parameters including:

  • The cookie's name (required).
  • The cookie's value.
  • The cookie's expiration date (if this isn't set, the cookie will expire when the browser window is closed).
  • The directory path on the server that can read the cookie.
  • The domain name that can read the cookie.
  • A flag indicating whether the cookie should only be read over https.

The following code will set a cookie that expires in one week.

setcookie('flavor','chocolate chip', time()+60*60*24*7);

There is no deletecookie() function. To delete a cookie, set the expiration date to sometime in the past, like this.

setcookie('flavor','chocolate chip', time()-10000);

Cookies are set in the HTTP header, so they must be set before any HTML code is passed back to the browser.

Continue to the next lesson on Sending Email with PHP »

This page was last updated on 2022-05-20

All pages and graphics in this PHP Tutorial is copyright 2013 and are the property of unless otherwise specified. The purpose of this website is to help you learn PHP on your own and use of the website implies your agreement to our Terms of Service.