Cookies ni files ndogo zinazo hifadhiwa kwenye browser ya user.
Zinaweza kutumika pamoja na sessions kwa:

Kuweka session ID salama kwenye browser.

Persistent login (Remember Me).

Kuthibitisha user bila ku-login mara nyingi.

βš™οΈ 2. Kuanza Session na Cookie
<?php
// Start session
session_start();

// Set session variables
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $user['username'];

// Set a cookie for "Remember Me" (optional)
$cookie_name = "rememberme";
$cookie_value = $user['id'];
$expiry_time = time() + (30 * 24 * 60 * 60); // 30 days

setcookie($cookie_name, $cookie_value, $expiry_time, "/", "", true, true);
?>


πŸ’‘ Maelezo:

true, true = secure & httponly flags kwa security zaidi.

Cookie hufanya login persist hata baada ya browser kufungwa.

🧩 3. Checking Cookie on Page Load
<?php
session_start();

// Check if session exists
if(!isset($_SESSION['user_id'])){
// Check if remember me cookie exists
if(isset($_COOKIE['rememberme'])){
$user_id = $_COOKIE['rememberme'];

// Fetch user from database
$stmt = $pdo->prepare("SELECT * FROM users WHERE id=:id");
$stmt->execute(['id'=>$user_id]);
$user = $stmt->fetch(PDO::FETCH_ASSOC);

if($user){
// Restore session
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $user['username'];
}
}
}
?>


Hii inaruhusu automatic login kwa user aliyechagua "Remember Me".

πŸ”‘ 4. Destroying Session and Cookies
<?php
session_start();

// Clear all session variables
$_SESSION = array();

// Destroy session
session_destroy();

// Delete cookie
setcookie("rememberme", "", time() - 3600, "/", "", true, true);

header("Location: login.php");
exit;
?>


πŸ’‘ Maelezo:

Hakikisha cookies zinafutwa wakati user ana logout.

Session_destroy() inakomesha session server-side.

🧠 5. Vidokezo vya Usalama

HTTPS – Hakikisha cookies ni secure (secure=true) ili ziwe encrypted.

HttpOnly flag – Inazuia JavaScript ku-access cookie.

Regenerate session ID – session_regenerate_id(true) baada ya login.

Limit cookie lifespan – Hakikisha cookies hazidumu milele.

Store minimal data – Usihifadhi sensitive info kwenye cookie.

βœ… 6. Hitimisho

Cookies na sessions hufanya authentication na user experience iwe bora.

Inaruhusu persistent login na kudhibiti access kwa salama.

Best practice: secure, httponly, regenerate session ID, minimal data.

πŸ”— Tembelea:

πŸ‘‰ https://www.faulink.com/

Kwa mafunzo zaidi ya PHP, sessions, cookies, na web security.