Course/Module 9/Topic 1 of 3Advanced

Sessions, Cookies & security - Concepts

Explore the key concepts of sessions, cookies & security with practical examples and exercises.

45 min•By Priygop Team•Last updated: Feb 2026

Introduction to Sessions, Cookies & security

In this section, we cover the fundamental aspects of sessions, cookies & security. You'll learn core concepts, see real-world examples, and understand how to apply them in your projects.

Key Concepts

Understanding the core principles of sessions, cookies & security
Practical applications and real-world use cases
Step-by-step implementation guides
Common patterns and best practices
Tips for debugging and troubleshooting
Performance optimization techniques

Sessions, Cookies & security - Code Example

Example

<?php
// Sessions
session_start();
$_SESSION["user"] = "Alice";
$_SESSION["role"] = "admin";

echo "User: " . ($_SESSION["user"] ?? "Guest") . "\n";

// Cookies
setcookie("theme", "dark", time() + 86400 * 30, "/");
$theme = $_COOKIE["theme"] ?? "light";

// CSRF Protection
function generateToken(): string {
    $token = bin2hex(random_bytes(32));
    $_SESSION["csrf_token"] = $token;
    return $token;
}

function validateToken(string $token): bool {
    return hash_equals($_SESSION["csrf_token"] ?? "", $token);
}

// Password Hashing
$hash = password_hash("secret123", PASSWORD_DEFAULT);
echo "Valid: " . (password_verify("secret123", $hash) ? "Yes" : "No") . "\n";
?>

Try It Yourself: Sessions, Cookies & security

Try It Yourself: Sessions, Cookies & securityJavaScript⚠ 1 error

⚠ Syntax Issues (1)

Line 1: JS Error: Unexpected token '<'

💡 Missing or extra {}()[] or operator near the error.

JavaScript Editor

✕ 1 errorTab = 2 spaces

<?php
// Input validation & sanitization
function sanitize(string $input): string {
    return htmlspecialchars(trim($input), ENT_QUOTES, "UTF-8");
}

function validateEmail(string $email): bool {
    return filter_var($email, FILTER_VALIDATE_EMAIL) !== false;
}

// Test
$inputs = [
    "name" => "  <script>alert(1)</script>  ",
    "email" => "user@example.com",
    "bad_email" => "not-an-email"
];

echo "Clean name: " . sanitize($inputs["name"]) . "\n";
echo "Valid email: " . (validateEmail($inputs["email"]) ? "Yes" : "No") . "\n";
echo "Bad email: " . (validateEmail($inputs["bad_email"]) ? "Yes" : "No") . "\n";

$hash = password_hash("mypassword", PASSWORD_DEFAULT);
echo "Hash: $hash\n";
echo "Verify: " . (password_verify("mypassword", $hash) ? "Yes" : "No") . "\n";
?>

Result

Click ▶ Run to see the result

Edit the code on the left, then click Run

JavaScript|25 lines|782 chars|1 error, 0 warnings

UTF-8

Quick Quiz: Sessions, Cookies & security

Chat on WhatsAppPriygop - Leading Professional Development Platform | Expert Courses & Interview Prep