-3

I studied basic concepts of Cookies in PHP but couldn't get how they are used or helpful in Session Management.

Can someone please explain me how the cookies are used in session management or session processing specifically in PHP only?

If you could accompany your answer with some working "VALID" example it would be good for understanding.

Thanks.

PHPLover
  • 1
  • 51
  • 158
  • 311
  • the cookie `PHPSESSID` is used to identify the client so the server knows *which* session to load. without cookies, the server has to fallback using $_GET - which makes the URL ugly, is prone to errors and a huge security risk. – Franz Gleichmann Dec 20 '16 at 15:11
  • 2
    Possible duplicate of [cookie-vs-session](http://stackoverflow.com/questions/6253633/cookie-vs-session) or [how-do-cookies-and-sessions-work](http://stackoverflow.com/questions/11142882/how-do-cookies-and-sessions-work) – GiftZwergrapper Dec 20 '16 at 15:12
  • @GiftZwergrapper : My question is different. I have checked the link you provided. Please remove the tag of Possible Duplicate from my question. Thanks. – PHPLover Dec 20 '16 at 15:14
  • Lets say it simple: Instead of setting yourself the SEESIONID via GET parameter in the URL, this is done by PHP. And PHP uses Cookies for that. That the connection, nothing more. You can do this by yourself, but then you have to check for yourself, if the current request comes from the same user (Browser check/ IP Check ....) to use the right session with the right user. And as note: cookies data can be set by any user and so it is possible to highjack sessiondata from another user. – JustOnUnderMillions Dec 20 '16 at 15:15

1 Answers1

0

Cookies are a mechanism for storing data in the remote browser and thus tracking or identifying return users.

You could use a cookie for a login system that has the option of "Remember me" for example. Once the login has been validated, you could store a cookie auto_login with the encrypted id of the user. Then next time if the user access the website and the session is over, you could auto login for him with the cookie's id.

I'm not saying it's the right way to do it; just a quick example.

Chin Leung
  • 14,621
  • 3
  • 34
  • 58