PHP Session and Cookie Configuration Tutorial


Published on

Learn the basics of configuring cookies and sessions in php. This tutorial covers the basics of configuring session and cookies in normal php and Prodigyview.

1 Comment
1 Like
  • Thanks for helpful information. Thanks for sharing this information of session and cookies.
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

PHP Session and Cookie Configuration Tutorial

  1. 1. Session and Cookies
  2. 2. OverviewObjectiveLearn the basic configuration of a sessions and cookies inphp.Requirements A server with PHPEstimated Time10 Minutes
  3. 3. Follow Along With Code Example1. Download a copy of the example code at Install the system in an environment you feel comfortable testing in.3. Proceed to examples/system/Session_Basics.php
  4. 4. Apply to Normal PHPWhile the configuration in this tutorial applies to ProdigyView,the concepts apply to normal cookies and sessions in php. Youmay use these concepts with these two php functions.session_set_cookie_params
  5. 5. What is a SessionSessions is information that relates to a user and is storedon the server. A session will no longer exist once thebrowser closes. Sessions do not have a size limit.Sensitive information should be stored in the session. User retrieves session infomration User saves session information
  6. 6. What is a CookieCookies is data the stored in the user’s browser. Unlikesessions, cookies will last if a user closes their browser.Cookies have a size limit set by the browser. Sensitiveinformation should not be stored in the cookie. Stored on user’s computer
  7. 7. ConfigurationIn ProdigyView we can configure sessions and cookies to act a certainway. Below, we are disabling the session configuration in the bootstrapand adding our own configuration. We will explain the passed variablesin other slides.1. Disable init inbootstrap2. Set cookie andsession defaults3. Initialize thesession class
  8. 8. Cookie Path & Session PathThe cookie path and session is path on your server that you cookieor session will be accessible. Example: If you make your cookie path‘/store/products’, the cookie will only be available on‘’.Using ‘/’ will make the cookie or session available in any directory.
  9. 9. Cookie Domain and Session DomainThe cookie and session domain is the domain the cookie/sessionis available on. If your domain is, settingyou’re cookie/session to that domain will make is only accessibleunder If it was set, it will only be available the domain to ‘’ will make thesession/cookie available under all subdomains.
  10. 10. Cookie Secure & Session SecureCookie Secure and Session Secure will ensure that yourdata for a session/cookie will only save over an httpsconnection.It is up to you, the developer, to make sure the value isread only over an https connection.
  11. 11. Cookie and Session HTTP OnlyIn some situations, the requirement may be having this cookieonly accessible from a http connection. Setting this value totrue will ensure that the cookie/session will NOT be accessiblethrough JavaScript, java(ex: .jar files) and other non-http/https protocols.
  12. 12. Cookie And Session LifetimeCookie and sessions do not last forever and nor should they. Acookie can be set for years but the average person will probablyswitch computers every 4-5 years.When setting the amount of time a session/cookie will last, youare passing in the amount of seconds. So if you want thecookie/session to expire in 5 minutes, set it to ’60*5’;
  13. 13. Hash Cookie/SessionThe option hash a cookie/session is an option only availablein ProdigyView and not in normal php. Setting this value totrue will encrypt the cookie/session when saving it. This willmake it more difficult to tell what the saved data is.
  14. 14. Review1. Cookie/Session Path: Sets the path that the cookie/session will be accessible from.2. Cookie/Session Domain: Set what domain the cookie/session will be available on.3. Cookie/Session Secure: Set if the cookie is writable only over a secure connection.4. Cookie/Session Lifetime: Set how the long the cookie/session will last.5. Hash Cookie/Session: Encrypt the cookie/session when saving it.
  15. 15. API ReferenceFor a better understanding of the sessions, visit the api byclicking on the link below.PVSession More TutorialsFor more tutorials, please visit: