Do sessions use cookies?

It is possible to use PHP sessions without a cookie by adding the session ID to url’s, however by default it is done by a single cookie being stored with a unique session ID. The server stores the actual session values, the users browser stores their unique ID for the server to request each time.

PHP sessions uses a cookie called PHPSESSID and is typically stored in the /tmp/ directory on the web server itself. The way the server knows to associate a given session with a given request is that it’s also stored in an HTTP cookie

Using sessions within PHP code

In a standard PHP application, a session would be started using the session_start function at the very top of the PHP scripting

if ( !isset($_SESSION))

Session Timeout

Sessions timeout by default after 24 minutes. You can change this via php.ini, but it is done this way to protect against hackers trying to hijack old sessions so consider if you should.


  $_SESSION['my_session_name'] = "YES";
  if (isset($_SESSION['my_session_name']) && ($_SESSION['my_session_name'] == 'YES'))
    $Something = 1;

Clearing all $_SESSION values for a user

You don’t call session_destroy() from usual code, instead do this:

  //Unset all of the session variables
  $_SESSION = array();
Feel free to comment if you can add help to this page or point out issues and solutions you have found. I do not provide support on this site, if you need help with a problem head over to stack overflow.


Your email address will not be published.