In Internet Explorer, for example, you can enable first party cookies, third party cookies and allow session cookies.
I know the difference between:
- a first party cookie and a third party cookie, and
- a PHP session and a cookie.
But what is a session cookie? And how can you set one using PHP?
For example, you cannot log into Facebook without cookies enabled. However, if you allow session cookies, you can log into Facebook.
So, how does a session cookie differ from other kinds of cookies?
A cookie has a lifetime, after which it will expire (As denoted by the
Expires directive). If you don’t set a timeout, the browser will expire the cookie when you close the browser. This is called a session cookie.
These kind of cookies are often used to track a users current session state on the server side (E.g. php’s sessions), but there is not a strong relation between the two uses of the word “session”
A session cookie holds the unique identifier that PHP generates when
session_start() is called, so that each client can be associated with a session, and no two sessions can have the same ID at the same time.
The session cookie is usually destroyed when the browser window is closed, or can be done manually using
Older definition: (2011-12-17)
A session cookie is created when no Expires directive is provided when
the cookie is created.
A session cookie, also known as an in-memory cookie or transient
cookie, exists only in temporary memory while the user navigates the
website. Web browsers normally delete session cookies when the
user closes the browser. Unlike other cookies, session cookies do
not have an expiration date assigned to them, which is how the browser
knows to treat them as session cookies.
In PHP, when you use
session_start() it creates a session, this will create a session cookie in the client browser, PHP needs the client to send this info back with each request so that PHP can tell the session ID.