We Keep Coding

Session Cookie vs Persistent Cookie

I understand the normal application of a persistent cookie vs a session cookie. But if you can specify the expiration time of a session cookie to behave like a persistent cookie and vice-versa. Is there any benefit to using session cookies besides them being obfuscated from the user and the session is stored on the server?
session_set_cookie_params() function allows you to set a specific expiration time for a session. You can set the time in a persistent cookie in the setcookie() function.
I already pulled up the threads
Cookie VS Session and Session cookies and persistent cookies, and didn't find my answer.

But if you can specify the expiration time of a session cookie to
behave like a persistent cookie and vice-versa.
Not true, the difference between a session cookie and a persistent cookie is whether or not the an expires value is given. A session cookie can't have an expiration time by definition.
Is there any benefit to using session cookies besides them being
obfuscated from the user and the session is stored on the server?
A session ID for something like PHP sessions can be stored in either a session cookie or a persistent cookie, and session cookies can contain other information besides session IDs. They both use the word "session" but are separate things.
A session cookie is the right choice if you want the cookie to disappear when the user closes their browser. A good example is online banking - the cookie that authenticates you should be destroyed when you close the browser so someone can't sneak onto your computer, reopen the browser, and start making transfers. Ever had your facebook status or something like that changed as a prank?

Are cookies and sessions are depend on each other?

Are cookies and sessions depend on each other in PHP?
Does deleting or clearing either one of them affect the other?
Does by disabling either one of them in the browser affect the other?
P.S. I am newbie.
Edit: I was newbie at time of writing question. This question is faced by many newbies.

They are totally independent...
Cookies cannot store unlimited value, sessions can
You cannot store data in a cookie if user browser cookie is disabled where in session you can, because session id can append to URL
It is better to store data in sessions than to store in cookies because cookies can be tempered
If you delete cookies, then only those functionalities in your site will be disabled in which you are retrieving these cookies data but you'll be logged in and if you delete session cookie, you'll be logged out.. (1)
Cookies are stored on client machine where session are stored on your server
A session is ended if you close you browser while cookies stay there unless they are manually removed by the user or till they are expired
Inshort you've better control over sessions than on cookies
(1) For example if you are setting a cookie name demo and you are using a splash screen unless and until the demo is set you'll show a splash screen
if(!isset($_COOKIE['demo'])) { //Now this will show lightbox always if user has disabled his cookies
<script>...</script>
}
Articles
http://www.klovera.com/php-sessions-vs-cookies/
Reference
Session
Cookies

Sessions are stored on server, while cookies are on client. You can disable only cookies from your browser. Cookies can't affect session at all. In case of disabled cookies session id is passed via URL. If your cookies are enabled and session id is stored in cookie by deleting cookie you will not be able to access your session (It's still on server but you can't access it)
Also session can't affect cookies.

They are not connected, but by default PHP stores the session id within a cookie, The directive session.use_cookies is defaulted to 1
If cookies are disabled it uses URL. This can be set with session_use_trans_id. (default is disabled)
But if you delete a session cookie on the client, the next request to the server will not be able to find its associated session
Clearing session will not affect the cookies as cookies are attached with the HTTP request from the client to the server. A cookie can be set to expire after x amount of time, after which it is deleted on the client side.

All the answers are correct, just wanted to add this - If you do not set the timestamp for cookie, then the cookie is dependent on session and it will expire as soon as session ends.

How a cookies will maintain session state?

Cookies allow your applications to store a small amount of textual data (typically,
4-6kB) on a Web client. There are a number of possible uses for cookies, although
their most common one is maintaining session state.Cookies are typically set by the server using a response header, and subsequently made available by the client as a request header.
this is from zce study guide.
My questions are
1. how a session state is maintained by cookie?
2. what happens to these cookies when we use session_destroy()?

Put simply, the session cookie ties a remote session to your browser as you navigate a given site. It contains a string usually along the lines of PHPSESSID=3432DFGDFG43523 which the remote server identifies as a session that it is managing.
From the PHP website:
A visitor accessing your web site is assigned a unique id, the
so-called session id. This is either stored in a cookie on the user
side or is propagated in the URL.
The session support allows you to store data between requests in the
$_SESSION superglobal array. When a visitor accesses your site, PHP
will check automatically (if session.auto_start is set to 1) or on
your request (explicitly through session_start() or implicitly through
session_register()) whether a specific session id has been sent with
the request. If this is the case, the prior saved environment is
recreated.
http://www.php.net/manual/en/intro.session.php
When session_destroy() is called, it doesn't quite behave as you'd expect. The session is destroyed remotely but the local cookie isn't removed. To do this you'd need to call setcookie(<session cookie name>) with a negative date to destroy it on the client side. Again, from the PHP website:
session_destroy() destroys all of the data associated with the current
session. It does not unset any of the global variables associated with
the session, or unset the session cookie. To use the session variables
again, session_start() has to be called.
In order to kill the session altogether, like to log the user out, the
session id must also be unset. If a cookie is used to propagate the
session id (default behavior), then the session cookie must be
deleted. setcookie() may be used for that.
http://www.php.net/manual/en/function.session-destroy.php

Very short:
A session id is created which is sent over to the client on each request, this is stored in a cookie usually called PHPSESSID. The client responds with this session id to tell the server which session it belongs to.
session_destroy only unsets the data, not the identity. So cookies are not touched using that method.

Session cookies = cookies?

I wonder if cookies are the same as session cookies?

A cookie is a cookie.
"Session cookie" can refer to one of two things:
A cookie with unspecified timeout, which will be discarded as soon as the browser is closed. I.e. the browser will only retain it for the current "browsing session."
A cookie containing a session id.
Sometimes it means both. It's not a very well defined term.
As such, the correct description would be session cookie ⊆ cookie,
instead of session cookie = cookie. ;o)

All session cookies are cookies, but not all cookies are session cookies.
Session cookies are cookies whose only purpose is to maintain session state in your site. They typically disappear the moment you close your browser, whereas other cookies that contain some other data tend to persist across sessions.

I wonder if cookies are the same as session cookies?
No. There are different types of cookies.
Session cookies usually used for tracking sessions. They are deleted by a browser when you close it.
Persistent cookies saved on your hard drive. Persistent cookies expire (deleted by browser) when expiry date is reached.
First party cookies are set/retrieved by a website which you actually visit.
Third party cookies are set/retrieved by a different domain. Usually used for advertising and info sharing between websites.
There are also HTTP Only, Secure, and zombie cookies.

The main difference between cookies and sessions is that cookies are stored in the user's browser, and sessions are not. This difference determines what each is best used for.
A cookie can keep information in the user's browser until deleted. If a person has a login and password, this can be set as a cookie in their browser so they do not have to re-login to your website every time they visit. You can store almost anything in a browser cookie. The trouble is that a user can block cookies or delete them at any time. If, for example, your website's shopping cart utilized cookies, and a person had their browser set to block them, then they could not shop at your website.
Sessions are not reliant on the user allowing a cookie. They work instead like a token allowing access and passing information while the user has their browser open. The problem with sessions is that when you close your browser you also lose the session. So, if you had a site requiring a login, this couldn't be saved as a session like it could as a cookie, and the user would be forced to re-login every time they visit.
You can of course get the best of both worlds! Once you know what each does, you can use a combination of cookies and sessions to make your site work exactly the way you want it to.

What is difference between session and cookie in php?

Hi I would like to know the difference between a php session and a cookie

The main difference being that session data is stored on the server, while cookie data is stored on the client. Therefore, a client can easily modify the cookie contents, but will have to work way harder to modify the session contents.

Cookies are a means to store information in the end-user's browser, so that the server can track the end-user.
Sessions are also implemented by using cookies, but the actual data is not in the browser; rather, it is stored in the user's session record on the server. In the case of sessions, cookies are used to identify a particular end-user's session identifier on the server records. Hence, they are a more secure way of storing user information.

A cookie is a ~piece of data stored on the client side.
Data stored in session is stored on the server side, and the various sessions are identified by cookies.

There are session and Cookies, both are used to store values or data. But there are some key differences between session and cookie: a cookie stores the data in your browser and a session is stored on the server. Cookie data is available in your browser up to expiration date and session data available for the browser run, after closing the browser we will lose the session information.

A cookie is often used to identify a user. A cookie is a small file that the server embeds on the user's computer. Each time the same computer requests a page with a browser, it will send the cookie too.
A session variable is used to store information about, or change settings for a user session. Session variables hold information about one single user, and are available to all pages in one application.

A cookie is an unique information that the user sends to the web server with each request in order to identify him. This unique id could be used to store information about this specific user on the server (session).

Cookies will only expire on expiry time or if you explicitly clean cookie / cache of your browser. Cookies will retain into the system even after you open your browser next day.
Cookies are stored on client's system so they are less secure.
Session will expire on its expiry time or if the browser has been closed. As session is stored on server so it is more secure.
So for a login module, a combination of session and cookie should be used

Cookies stored client side but session stored server side.
cookies is without sign out of the your email account and close it. once again can not enter username and password but your email account is open.
session is close the webpage once again open to starting page appier

best example to illustrate the difference bet. Session and Cookies is:-
when you Login as a member in any Site it Creates Sessions until you log out...
that is Session..
and Cookies when you browse websites the are stored on your computer's Main Memory that is Cookies
i-e Session is Server side
and cookies is Client side

We got three differences in general. The key difference would be cookies are stored in client side and sessions are stored in server side. The second difference would be cookies can only store strings. We can store our objects in sessions. Storing objects in sessions were really useful according to my experience. Another difference was that we could be save cookie for future reference, but session couldn’t. When users close their browser, they also lost the session.

PHP Sessions
PHP has built-in functions to save session variables. The variables are stored in state files. These state files need not be explicitly created and managed. The following are the steps for saving and retrieving values of session variables.
The setcookie() command must be issued before any printed output occurs because the cookie must be written as part of the HTTP header. PHP automatically parses any HTTP_COOKIE string into an associative array $_COOKIE. The value of the cookie can be retrieved from the cookie thus:
$_COOKIE["some_var"]

Cookie: A key/value pair that is stored by the user's browser and is available in the superglobal $_COOKIE array available in PHP. The cookie request is initiated with an explicitly defined expiration date. For example:
setcookie('cookieName', $some_value, time()+3600, "/", ".example.com")
On the next server request, $_COOKIE['cookieName'] will be available. If you use a browser tool to look at the cookie, it will have an expiration date.
Session Cookie: Identical to the above but defined without an expiration date. If you use the same browser tool it will say that the cookie expires at the end of the session; which is ultimately when you close your browser. For example:
setcookie('cookieName', $some_value);
PHP Session: a server side mechanism that will associate a bunch of data with a session id. Every time a session is invoked, it serializes/unserializes it. This could be more data than just a single key/value pair that a cookie supports, but the way of associating this data with a user is by creating a cookie (regular or session as described above) in their browser that contains the session id. This way, the right data can be retrieved for a given user based on the value of that cookie.

Both are super global, i.e, they can be used anywhere in the site.
Differences between sessions and cookies:
Cookies are stored in the browser (client side) while sessions are stored in the server (host).
Cookies are remembered till they are deleted while sessions are deleted when the user closes the tab/browser (depending on the browser).
Cookies can be seen by the user while sessions cannot.
Due to the reasons above, I would recommend to not store sensitive data in cookies and store the data that is to be remembered even after the user has left in cookies.

Cookie - Stored data in browser and will work on browser related and client side only...For example if you are trying to log in gmail account with username and password,After entered login successful if you close the current tab and after sometime opening same page the login page won't come it will open directly with login details..This is cookie..
Session - Stored data in server side for example same as cookie example after entered login details you will get notification as successful once you close the browser then open after some time it will ask again login details(more example shopping also)