The Web's Memory Problem: Statelessness
By nature, the protocol that powers the web (HTTP) is stateless. This means that every time you load a new page, the server has no memory of your previous visit. It's like talking to someone who forgets who you are the moment you finish a sentence. To solve this, web developers use two techniques to create a "state" or a "memory" of a user's visit: Cookies and Sessions.
1. What are Cookies?
A cookie is a small piece of data that a server sends to a user's web browser. The browser then stores this file on the user's computer and sends it back to the same server with every subsequent request. Think of it like a name tag. The server gives you a name tag, and you show it every time you interact, so it knows who you are.
How to Use Cookies in PHP
You create a cookie using the setcookie() function. It's important to call this function before any HTML is output to the browser.
<?php
$cookie_name = "user";
$cookie_value = "John Doe";
// Set the cookie to expire in 1 hour (current time + 3600 seconds)
setcookie($cookie_name, $cookie_value, time() + 3600, "/");
?>
<html>
<body>
<?php
// Read the cookie using the $_COOKIE superglobal array
if(isset($_COOKIE[$cookie_name])) {
echo "Cookie '" . $cookie_name . "' is set!<br>";
echo "Value is: " . $_COOKIE[$cookie_name];
} else {
echo "Cookie named '" . $cookie_name . "' is not set!";
}
?>
</body>
</html>Cookies are useful for non-sensitive data like user preferences (e.g., light/dark mode), but because they are stored on the user's computer, they should never be used to store sensitive information like passwords.
2. What are Sessions? (The Secure Way)
Sessions are the modern, secure way to manage user data across multiple pages. Here's how they work:
- When a user starts a session, PHP generates a unique, random ID for them.
- This unique ID is stored in a cookie on the user's browser.
- The actual user data (like their username, email, etc.) is stored in a temporary file on the server, linked to that unique ID.
Think of it like a locker key. The server gives you a key with a number on it (the session ID in a cookie), but your valuable items (the data) are stored safely in a locker on the server. This is much more secure because the sensitive data never leaves the server.
3. How to Use Sessions in PHP
Using sessions is a fundamental part of building any application with a login system.
Step 1: Start the Session
To use sessions, you must call the session_start() function at the very top of every single page that needs access to session data, before any whitespace or HTML.
Step 2: Store and Access Data
You can store and access session data using the $_SESSION superglobal array. It works just like any other associative array.
login.php (Page 1)
<?php
// Start the session
session_start();
// Store information in the session
$_SESSION["username"] = "Alex";
$_SESSION["fav_color"] = "green";
echo "Session variables are set.";
?>profile.php (Page 2)
<?php
// Start the session to access the data
session_start();
?>
<!DOCTYPE html>
<html>
<body>
<?php
// Echo session variables that were set on the previous page
echo "Welcome back, " . $_SESSION["username"] . "!<br>";
echo "Your favorite color is " . $_SESSION["fav_color"] . ".";
?>
</body>
</html>Step 3: Destroying a Session (Logging Out)
When a user logs out, you should destroy their session data.
<?php
session_start();
// Unset all of the session variables
session_unset();
// Destroy the session
session_destroy();
echo "You have been logged out.";
?>Understanding sessions is key to creating personalized and secure web applications. We'll rely on them heavily when we start building features that interact with the database.