What are sessions and cookies in php and where are they stored?

Question

What are sessions and cookies in php and where are they stored?

I searched but I can\'t find the exact answer.

Answer 1

HTTP is stateless. This means whenever you request something from a webserver, it will serve the requested page and forget you immediately.

Imagine a shopping cart:

You add something to the cart. The server will have some sort of data storage to remember that you put item X into the cart, but since HTTP is stateless, the next time you call the server, it won't remember it was you who put something into the cart. The webserver could create a form on the returned page and populate this with each and every item you added. Now you add another item, but also send, which item you already had added. Repeat. This is effectively transfering the entire state of your interaction on each and every request. But that's rather inefficient and insecure.

With Sessions enabled, the webserver will create a unique id, the so called Session ID for you. This will be used to link you and the cart on subsequent requests. Usually, the Session ID is sent to the browser in a Cookie. Technically, this happens through HTTP Headers:

Set-Cookie: PHP_SESS=abcdefg123456

The browser reads the headers and creates or updates the cookie file in the cookie storage inside the browser. Usually cookie files are nothing more but key/value stores in text files on your computer. If you want to have a look at them google for "where does [browsername] store my cookies".

On the next request to the same webserver, your browser will send the cookie along and the webserver is now able to associate this ID with some data store (whatever is set as the session save handler) on the server, for instance login information, the contents of a shopping cart, etc

See the reference to the PHP Manual I've linked below your question for further details.