Piye carane sessions lan cookies gawe ing PHP?

Question

Accepted Answer

**Cookies** minangka potongan data cilik sing disimpen ing **browser** lan dikirim karo saben request; **sessions** nyimpen data ing **server**, diidentifikasi dening session ID cookie. Bebarengan-barengan padha ngaktifake state sabarang protokol HTTP sing stateless — penting kanggo login, keranjang, lan preferensi. ## Cookies — data sing disimpen client-side ```php time() + 86400, // 1 day "httponly" => true, // ❗ not readable by JavaScript (XSS protection) "secure" => true, // ❗ only sent over HTTPS "samesite" => "Strict", // ❗ CSRF protection ]); // read it on subsequent requests $theme = $_COOKIE["theme"] ?? "light"; ``` Cookies manggon ing browser lan dikirim karo saben request. Flag keamanan iku penting: **`httponly`** (blok akses JS — cegah pencurian XSS), **`secure`** (HTTPS mung), **`samesite`** (proteksi CSRF). ## Sessions — data sing disimpen server-side ```php Wiwit manajemen session/cookie sing salah ndadekake kerentanan serius (session hijacking, fixation, XSS, CSRF), lan wiwit njaga state user minangka kabutuhan universal meh, nanggungo piye sessions lan cookies gawe lan piye nggunaaken padha kanthi aman minangka penting, pengetahuan relevan keamanan kanggo developer PHP apa-apa sing mbangun aplikasi karo akun user utawa state persistent. (Framework kaya Laravel nangani akeh-akehe iki kanthi aman dening default, nanging nanggungo mekanik dasar lan keprihatinan keamanan tetep penting.)

Piye carane sessions lan cookies gawe ing PHP?

Cookies — data sing disimpen client-side

Sessions — data sing disimpen server-side

Cookies vs sessions

Praktik keamanan paling apik

Apa sing penting