🔹 1. What Are Sessions?

A session stores temporary data about a user while they’re browsing your website.

✅ Example uses:

• Keep users logged in
• Store shopping cart data
• Track preferences

PHP identifies each user with a unique session ID stored on the server.

🧩 How to Start a Session

<?php
session_start(); // Must be at the top of the page
$_SESSION["username"] = "Yogi";
echo "Session started for " . $_SESSION["username"];
?>

✅ $_SESSION works like an array that persists across pages.

🧩 Accessing Session Data on Another Page

<?php
session_start();
echo "Welcome back, " . $_SESSION["username"];
?>

✅ The user’s name carries over — even on a different page.

🧩 Destroying a Session

<?php
session_start();
session_unset();   // Removes session variables
session_destroy(); // Destroys session
echo "Session ended.";
?>

🧠 This is typically used for logging users out.

🔹 2. What Are Cookies?

A cookie is a small text file stored on the user’s computer.
It can persist long after they leave your site — great for “Remember Me” features or saving preferences.

🧩 Setting a Cookie

<?php
setcookie("username", "Yogi", time() + (86400 * 7)); // 7 days
echo "Cookie set!";
?>

✅ time() + (86400 * 7) means it expires in 7 days.

🧩 Accessing a Cookie

<?php
if (isset($_COOKIE["username"])) {
    echo "Welcome back, " . $_COOKIE["username"];
} else {
    echo "Hello, new visitor!";
}
?>

🧩 Deleting a Cookie

<?php
setcookie("username", "", time() - 3600); // Past time = deleted
echo "Cookie removed.";
?>

🔹 3. Sessions vs Cookies

🧠 Tip: Use sessions for sensitive data; cookies for convenience.

🔹 4. Building a Simple Login System

Let’s build a small authentication workflow.

Step 1: login.php

<?php
session_start();

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $username = $_POST["username"];
    $password = $_POST["password"];

    // Dummy credentials
    if ($username == "admin" && $password == "1234") {
        $_SESSION["user"] = $username;
        header("Location: dashboard.php");
        exit;
    } else {
        $error = "Invalid credentials!";
    }
}
?>
<h2>StreetGeek Login</h2>
<form method="POST" action="">
  Username: <input type="text" name="username" required><br>
  Password: <input type="password" name="password" required><br>
  <input type="submit" value="Login">
</form>

<?php if (isset($error)) echo "<p style='color:red;'>$error</p>"; ?>

✅ Submitting correct credentials takes you to dashboard.php.

Step 2: dashboard.php

<?php
session_start();

if (!isset($_SESSION["user"])) {
    header("Location: login.php");
    exit;
}
?>
<h2>Welcome, <?php echo $_SESSION["user"]; ?>!</h2>
<p>This is your dashboard.</p>
<a href="logout.php">Logout</a>

✅ Only accessible when logged in.

Step 3: logout.php

<?php
session_start();
session_destroy();
header("Location: login.php");
exit;
?>

✅ Logs out the user and clears the session.

🔹 5. Adding “Remember Me” Using Cookies

In login.php, modify the form handling section:

if ($username == "admin" && $password == "1234") {
    $_SESSION["user"] = $username;

    if (!empty($_POST["remember"])) {
        setcookie("username", $username, time() + (86400 * 7)); // 1 week
    }
    header("Location: dashboard.php");
    exit;
}

And in the login form:

<input type="checkbox" name="remember"> Remember Me

Now, if they check the box, their name persists via cookie.

✅ When they revisit login.php, you can auto-fill the username:

<input type="text" name="username"
       value="<?php echo $_COOKIE["username"] ?? ''; ?>">

🔹 6. Security Considerations

• Never store raw passwords in sessions or cookies.
• Always hash passwords using password_hash().
• Regenerate session IDs after login: session_regenerate_id(true);
• Use HTTPS to secure cookie data transmission.
• Always sanitize input (htmlspecialchars() or filter_input()).

🧩 Hands-On Practice

Exercise 1: Create and Access Session

session-demo.php:

<?php
session_start();
$_SESSION["academy"] = "StreetGeek Academy";
echo "Session set!";
?>

Then open session-check.php:

<?php
session_start();
echo "Welcome to " . $_SESSION["academy"];
?>

✅ Displays the session value from another page.

Exercise 2: Cookie Demo

cookie-demo.php:

<?php
setcookie("student", "Yogi", time() + 3600);
echo "Cookie set!";
?>

Then cookie-check.php:

<?php
if (isset($_COOKIE["student"])) {
    echo "Welcome back, " . $_COOKIE["student"];
}
?>

Exercise 3: Simple Login

Create login.php, dashboard.php, logout.php using examples above.
✅ Test logging in/out and see how the session persists.

🎯 Mini Project – Secure Member Login System

Goal: Build a complete login/logout flow using sessions, cookies, and input validation.

Steps:

• Create a file login-system.php.
• Use this code:

<?php
session_start();

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $username = htmlspecialchars($_POST["username"]);
    $password = htmlspecialchars($_POST["password"]);

    // Basic validation
    if ($username == "admin" && $password == "1234") {
        $_SESSION["user"] = $username;
        session_regenerate_id(true);

        if (!empty($_POST["remember"])) {
            setcookie("user", $username, time() + (86400 * 7));
        }

        header("Location: member.php");
        exit;
    } else {
        $error = "Invalid username or password!";
    }
}
?>
<h2>Member Login</h2>
<form method="POST" action="">
  Username: <input type="text" name="username"
             value="<?php echo $_COOKIE["user"] ?? ''; ?>"><br>
  Password: <input type="password" name="password"><br>
  <input type="checkbox" name="remember"> Remember Me<br>
  <input type="submit" value="Login">
</form>
<?php if (isset($error)) echo "<p style='color:red;'>$error</p>"; ?>

Create member.php:

<?php
session_start();
if (!isset($_SESSION["user"])) {
    header("Location: login-system.php");
    exit;
}
?>
<h3>Welcome, <?php echo $_SESSION["user"]; ?>!</h3>
<a href="logout.php">Logout</a>

Create logout.php:

<?php
session_start();
session_destroy();
setcookie("user", "", time() - 3600);
header("Location: login-system.php");
exit;
?>

✅ You now have a functional session + cookie-based authentication system.

🧾 Module 10 Quiz

💪 Challenge Task – Protected Dashboard System

Objective: Expand your login project into a real-world protected dashboard app.

Requirements:

• Login form with username & password validation
• Session storage for logged-in users
• Dashboard page accessible only if session is active
• Logout button that clears both session & cookie
• “Remember Me” feature that uses cookies for 7-day login persistence

✅ When a user revisits the site:

• If session exists → show dashboard
• If session doesn’t exist but cookie exists → auto-login
• Otherwise → show login page

🧾 Submission Checklist

• ✅ session-demo.php → works across pages
• ✅ cookie-demo.php → sets and retrieves cookie
• ✅ login.php + dashboard.php + logout.php → working login/logout system
• ✅ Challenge project completed
• ✅ Quiz finished

🏁 Next Step: In Module 11, you’ll master Error Handling and Debugging — learning to catch and manage PHP errors like a pro. You’ll explore try/catch, logging, and practical debugging techniques used in production WordPress environments.