Is it still possible to use cookies or sessionStorage if sessions has been disabled on the server

Question

I am a little confused by the relationship between server-side sessions and client side cookies or sessionStorage. I am working on a project in which server-side sessions have been disabled. Does this mean that I cannot use cookies or DOM storage (e.g. sessionStorage)?

I get the impression there is some kind of link between serve-side sessions and client-side storage, but most articles I have found just talk about "what is a cookie" or "what is a session". Is it that a cookie needs a session ID so that the site can recognize it?

Answer 1

The "session" associated with web storage's sessionStorage has nothing to do with the PHP session. You can use sessionStorage whether or not your PHP server is doing sessions.

Cookies are also unrelated to PHP's sessions, other than that PHP will use a cookie to try to remember the session if you have sessions enabled.

Is it that a cookie needs a session ID so that the site can recognize it?

More the other way around: The PHP session's ID is stored in a cookie, if you use PHP sessions. Cookies relate to the domain, and persist for that domain until either their expiration time is reached, the user clears cookies, or the browser decides it needs to discard the cookie because it has too much cookie data.

So yes, you can use both cookies and sessionStorage even if PHP's sessions are turned off.