php session vs cookie

Passing data from one page to the others is one of the most common feature in web programming such as: user logins, passing error messages, shopping carts…

Storing data across pages using PHP is done with two variables in the global scope, called $_SESSION and $_COOKIE, and although accomplishing the same end goal, the both go about it in very different ways. This article is to give a brief look into PHP SESSION vs COOKIE

PHP session vs cookie – General

Sessions are server-side that contain user information Cookies are client-side files that contain user information
Session Max life time can be configuredin php.ini file

session.gc_maxlifetime = 3600
We have to set cookie max life time manually with php code.

/* expire in 1 hour */
setcookie("email", '', time()+3600);
You can store as much data as you like with sessions. The only limits you can reach is the maximum memory a script can consume at one time, which by default is 128MB. We can configure in php.ini file

memory_limit = 128M
Official MAX Cookie size is 4KB
Session is dependent on COOKIE.
Because when you start session with session_start() then SESSIONID named key will be set in COOKIE with Unique Identifier Value for your system.
Independence from session
Session ends when user close his browser Cookie ends depends on the life time you set for it.

PHP session vs cookie – Pros Cons

  • Can store very large amounts of data easily.
  • Save bandwidth by passing only a reference to the session each pageload. A client-side cookie has to pass all of its data.
  • Data is stored on the web server. This makes sessions secure, because the data cannot be viewed or edited by the client.
  • Can last as long as the website needs. They will still be there even if the browser is closed and reopened.
  • Useful for “remember me” logins
  • Useful for storing temporary user settings.
  • Ends when the browser is closed unless you’ve configured php.ini to extend sessions’ cookie lifetime. Cannot last forever.
  • Stored in the users filesystem. This means that the user can tamper with it and view it.
  • Can only store a limited amount of data.
  • Must pass all data to the webserver each pageload. This takes up more bandwidth.

PHP session vs cookie – Usage

$_SESSION['userName'] = 'foo';
if(!isset($_COOKIE['userName']) {
  /* bool setcookie(string name [,string value[,int expire [,string path [, string domain [, int secure]]]]]) */
  setcookie('userName', $_POST['userName'], time() + 3600);
// Reading a session value
echo $_SESSION['userName'];

// Removing a session

// Ending session
// Checking value
echo (isset($_COOKIE['userName'])) ? $_COOKIE['userName'] : 'Cookie is not set';

// Deleting a cookie

PHP session vs cookie conclusion

So, as you can see, each have their own advantages, but it usually comes down one choice: do you want your data to work when you visitor comes back the next day? If so, then your only choice is cookies – if you have any particularly sensitive information, your best bet is to store it in a database, then use the cookie to store an ID number to reference the data of session. We hope this is helpful for you.

Related Post


  • Atif Shahab

    January 4, 2016

    I totally agree with the pros and cons demonstrated in this article. Both Session and Cookies have their own significance.


Leave a Reply