Cookies & Sessions in PHP: What are they, and what's the difference?

Рет қаралды 37,964

Codecourse

Күн бұрын

Пікірлер: 51

@yusyus9837 5 жыл бұрын

You sir could do what several days at college and a college teacher could not. I finally understand the differences.

@TheSp0rki 10 жыл бұрын

Great video, I'm taking my zend php certification exam in february and videos like these are perfect for revising the basics.

@firepants20 10 жыл бұрын

Glad you are going back to the basics! I needed this!

@Festerbestertester6 6 жыл бұрын

Very good! I finally found a video that mentions that the session id is saved as a cookie.

@diskmandata4 8 жыл бұрын

Nice to listen, very clear and straightforward! Thank you!

@jack2ky 10 жыл бұрын

Awesome.... more please. especially about using both cookies and sessions for login session please.

@khanhpd3129 4 жыл бұрын

Thank you, i think i understand more read docs after this videos

@edmundfianko-lartey714 7 жыл бұрын

Fantastic introductory tutorial

@md.shafayatulhaque6273 10 жыл бұрын

thanks for giving me a clear idea of session and cookies

@lagyerto 10 жыл бұрын

How you say, not brilliant but spiffing ! Amazing Alex! It's just what I need. I mean this topic is my very weak point. Big thanks!

@adonisjose07 7 жыл бұрын

Excellent, a really enjoyable demo.

@ezekielthemack 10 жыл бұрын

Excellent video Alex. Many thanks.

@ranafaizahmad1391 10 жыл бұрын

Awesome! although I already knew what sessions and cookies are, your videos are very interesting!

@drmalamas 5 жыл бұрын

Excellent video. Is it possible to use sessions without cookies?

@Vagelis_Prokopiou 5 жыл бұрын

Very nice video. Thanks.

@kshayk0 10 жыл бұрын

the session has an expiration time. it usually lasts for 24 minutes but it can easily modified with the php.ini

@MASSIVE850 10 жыл бұрын

Many thanks.Precise explanation.Keep up the excellent work.

@jeffersonpfz 8 жыл бұрын

Good night, Great your video but it was with a doubt in a shop situation that user browses the store and only at the end of the purchase is that it logs in or do not effect the registration, what value I give the session to this user if they are not logged in.

@hehehaha819 8 жыл бұрын

did you have a tutorial for creating a secure sessions and cookies ?

@Ajinkya89288 9 жыл бұрын

awesome tutorial. thanks .

@moaazbhnas886 7 жыл бұрын

awesome demo ❤️

@robson200000006 9 жыл бұрын

Nice class! Thx.

@AbdelElrafa 10 жыл бұрын

Alex, as always thanks. Could you show us how to use database sessions and if there is any advantages?

@LarsMoelleken 10 жыл бұрын

Hi, here a small PHP-Class that stores your SESSION to db. github.com/voku/session2db it use the "session_set_save_handler()"-function from php -> devzone.zend.com/413/trick-out-your-session-handler/ Mfg Lars

@mysterion4105 10 жыл бұрын

You can also try Zebra Session: stefangabos.ro/php-libraries/zebra-session

@FlevasGR 9 жыл бұрын

2 questions. Is it possible to access cookies from an other domain? Can i modify my cookie which stores my session id with an other user's id?

@sunbang9000 9 жыл бұрын

FlevasGR 1.no,you can;t access another domain cookies.2. Yes,you can modify your cookies,but cookies are encrypted in the real world,so you can't know user'id which is a long random string,including yourself's.

@Turjak_art 8 жыл бұрын

thank you

@TeeWoTeebay 10 жыл бұрын

Great, Video! Thank you :-) I've got a short question: which editor are you using? Or may everyone else answer this question? Thank you!

@Timooooooooooooooo 10 жыл бұрын

He's using Sublime Text, if I'm not mistaking

@NileshKhalas 8 жыл бұрын

Hello sir, this is very good informative tutorial. but i have one question is that if session is stored on server then why user is going logout when any user close the browser?

@ahmadaziz1800 7 жыл бұрын

great video :)

@nChauhan91 10 жыл бұрын

Thank you. That cleared a lot of things :)

@westfield90 6 жыл бұрын

Very helpful

@karandeepsingh6977 10 жыл бұрын

Thank.

@MrOxinova 10 жыл бұрын

Could it happen that i change my local cookie to point to another user's session? Is there some protection there?

@sunbang9000 9 жыл бұрын

MrOxinova All cookies are encrypted.You can't know what is it

@bookercodes 9 жыл бұрын

MrOxinova Yes, this is absolutely possible. It is an attack called session hijacking and there are two common attack vectors. 1. An attacker will try and guess someone else's session ID. It is for this reason that you must use an unpredictable and secure session ID. 2. When authentication is involved, session cookies are basically bearer token. In other words, you are correct, anyone who has this cookie can make authenticated requests. XSS vulnerabilities are commonly exploited to execute JS on a victims web page. That JS could read the document.cookies and send them to the attacker's server. Obviously you want to prevent against XSS in the first place but as a last line of defence, you can mark the cookie as "HttpOnly". You are pretty much screwed if someone has physical or remote (think malware) access to your machine. The attacker could open your developer tools, copy the cookie and provided you're session is still alive, authenticate.

@bookercodes 9 жыл бұрын

Nika S There are two types of sessions: server-side sessions and client-side sessions. I believe PHP uses server-side sessions. In the case of server-side sessions, only the session ID is stored in the cookie. There is nothing to encrypt and so, nothing is encrypted.

@singatias 9 жыл бұрын

+Nika S (邦邦) no they are not if the developer did not encrypt them.

@masoudgolchin 10 жыл бұрын

Can u take a photo from your recording room and share it with us?

@shubhamgoel7303 6 жыл бұрын

Why {} is used to echo $_COOKIE['language'];

@waex7089 6 жыл бұрын

thank you

@irfannian1502 7 жыл бұрын

Where's my Team DISM at?

@EpicAnimationGuy 10 жыл бұрын

Lol, I read 'cookiesandsessions' as cookie sanspd sessions :P

@BruceLee-rr5xe 8 жыл бұрын

I honestly think your shit is beautifull. You explain it sooo perfect for ME (as an individual who does self study) to understand. few questions(ikr, 2016, vid from 2014, little chance of getting answers :) ): 1) 19:41 why, after setting the sessions, it wont be destroyed(unset) with session_destroy after declaring them. why is the declaration overpowering it? 2) that file being created server side for the sessions. Is it per ip (per client side) or is it for all ip's (ALL the visitors) of a server request? 3) Nilesh Khalas' question that I would like to rephrase, to confirm my question #2: If I close the brower, the session is gone, alias, the cookie is gone. Why is that, since it's server side. Does php Destroy the file and delete the cookie client side onBeforeClose of the browser? p.s. I just reread my questions. lol. "it's beyond the scope of this tutorial" is the answer I'm hearing :p keep it up man, you're a great tutor. Thank You.