#What is the difference between Session and Cookie in PHP?
1. Cookie data is stored in the client's browser, and Session data is stored in the server;
2. Session exists according to the browser process, and the cookie's survival time can be set And adjustments;
3. Session must use Cookie.
PHP Session Variable
When you operate an application on your computer, you open it and do something Change and then close it. It's a lot like a conversation. The computer knows who you are. It knows when you open and close apps. However, on the Internet a problem arises: since HTTP addresses cannot maintain state, the web server has no idea who you are and what you do.
PHP session solves this problem by storing user information on the server for subsequent use (such as user name, purchased items, etc.). However, session information is temporary and will be deleted after the user leaves the site. If you need to store information permanently, you can store the data in a database.
The working mechanism of Session is to create a unique id (UID) for each visitor and store variables based on this UID. The UID is stored in a cookie or passed through the URL.
Usage examples
<?php// 表单提交后...$posts = $_POST;// 清除一些空白符号foreach ($posts as $key => $value) {
$posts[$key] = trim($value);}$password = md5($posts["password"]);$username = $posts["username"]; $query = "SELECT `username` FROM `user` WHERE `password` = '$password' AND `username` = '$username'";// 取得查询结果$userInfo = $DB->getRow($query); if (!empty($userInfo)) {
// 当验证通过后,启动 Seindex.html> 验证 session里的`admin`是否为 `true`<?php// 防止全局变量造成安全隐患$admin = false;// 启动会话,这步必不可少session_start();// 判断是否登陆if (isset($_SESSION["admin"]) && $_SESSION["admin"] === true) {
echo "您已经成功登陆";} else {
// 验证失败,将 $_SESSION["admin"] 置为 false
$_SESSION["admin"] = false;
die("您无权访问");}?>Recommended tutorial: "PHP"
The above is the detailed content of What is the difference between Session and Cookie in PHP?. For more information, please follow other related articles on the PHP Chinese website!
ACID vs BASE Database: Differences and when to use each.Mar 26, 2025 pm 04:19 PMThe article compares ACID and BASE database models, detailing their characteristics and appropriate use cases. ACID prioritizes data integrity and consistency, suitable for financial and e-commerce applications, while BASE focuses on availability and
PHP Secure File Uploads: Preventing file-related vulnerabilities.Mar 26, 2025 pm 04:18 PMThe article discusses securing PHP file uploads to prevent vulnerabilities like code injection. It focuses on file type validation, secure storage, and error handling to enhance application security.
PHP Input Validation: Best practices.Mar 26, 2025 pm 04:17 PMArticle discusses best practices for PHP input validation to enhance security, focusing on techniques like using built-in functions, whitelist approach, and server-side validation.
PHP API Rate Limiting: Implementation strategies.Mar 26, 2025 pm 04:16 PMThe article discusses strategies for implementing API rate limiting in PHP, including algorithms like Token Bucket and Leaky Bucket, and using libraries like symfony/rate-limiter. It also covers monitoring, dynamically adjusting rate limits, and hand
PHP Password Hashing: password_hash and password_verify.Mar 26, 2025 pm 04:15 PMThe article discusses the benefits of using password_hash and password_verify in PHP for securing passwords. The main argument is that these functions enhance password protection through automatic salt generation, strong hashing algorithms, and secur
OWASP Top 10 PHP: Describe and mitigate common vulnerabilities.Mar 26, 2025 pm 04:13 PMThe article discusses OWASP Top 10 vulnerabilities in PHP and mitigation strategies. Key issues include injection, broken authentication, and XSS, with recommended tools for monitoring and securing PHP applications.
PHP XSS Prevention: How to protect against XSS.Mar 26, 2025 pm 04:12 PMThe article discusses strategies to prevent XSS attacks in PHP, focusing on input sanitization, output encoding, and using security-enhancing libraries and frameworks.
PHP Interface vs Abstract Class: When to use each.Mar 26, 2025 pm 04:11 PMThe article discusses the use of interfaces and abstract classes in PHP, focusing on when to use each. Interfaces define a contract without implementation, suitable for unrelated classes and multiple inheritance. Abstract classes provide common funct
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
WebStorm Mac version
Useful JavaScript development tools
Atom editor mac version download
The most popular open source editor
EditPlus Chinese cracked version
Small size, syntax highlighting, does not support code prompt function
DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software
