🧠 MCQs (Multiple Choice Questions)
🔹 Basic Level
1. Where are cookies stored?
A) Server
B) Browser ✅
C) Database
D) Cache
2. Which function is used to create a cookie in PHP?
A) create_cookie()
B) setcookie() ✅
C) cookie_set()
D) addcookie()
3. What is the default storage of sessions?
A) Browser
B) Server ✅
C) Client cache
D) Local storage
4. Which superglobal is used for cookies?
A) $_SESSION
B) $_POST
C) $_COOKIE ✅
D) $_GET
5. Which function is required to start a session?
A) session_create()
B) start_session()
C) session_start() ✅
D) init_session()
🔹 Intermediate Level
6. What happens if you call setcookie() after HTML output?
A) Works fine
B) Throws warning/error ✅
C) Deletes cookie
D) Page reloads
7. How to delete a cookie?
A) unset($_COOKIE)
B) setcookie with past time ✅
C) delete_cookie()
D) session_destroy()
8. Which is more secure?
A) Cookies
B) Sessions ✅
C) Both equal
D) None
9. What does session_destroy() do?
A) Deletes one variable
B) Deletes all session data ✅
C) Stops session temporarily
D) Clears cookies
10. What is the purpose of session_regenerate_id()?
A) Create new session
B) Destroy session
C) Prevent session hijacking ✅
D) Extend session
🔹 Advanced Level
11. Which cookie flag prevents JavaScript access?
A) secure
B) httponly ✅
C) samesite
D) path
12. Which value helps prevent CSRF attacks?
A) secure
B) domain
C) samesite ✅
D) expire
13. Session data is stored in:
A) Cookies
B) Server files ✅
C) Browser memory
D) HTML
14. What is session timeout used for?
A) Increase speed
B) Auto logout user ✅
C) Store data
D) Encrypt data
15. Which is TRUE?
A) Cookies are safer than sessions
B) Sessions are stored in browser
C) Cookies are limited in size ✅
D) Sessions cannot expire
🎯 Interview Questions (with Answers)
🔹 Basic
1. What is the difference between cookies and sessions?
👉 Cookies are stored in the browser, sessions are stored on the server. Sessions are more secure.
2. What is a session in PHP?
👉 A session is a way to store user data on the server across multiple pages.
3. What is a cookie?
👉 A small file stored in the user’s browser to save data like preferences or login info.
🔹 Intermediate
4. Why must session_start() be called at the top?
👉 Because headers must be sent before any output, and sessions use headers.
5. Can cookies be accessed using JavaScript?
👉 Yes, unless HttpOnly flag is set.
6. How do you make cookies secure?
👉 Use:
secure(HTTPS only)httponly(no JS access)samesite(CSRF protection)
7. How to destroy a session?
session_start();
session_destroy();
🔹 Advanced
8. What is session hijacking?
👉 When an attacker steals a session ID to impersonate a user.
9. How to prevent session hijacking?
👉
- Use
session_regenerate_id() - Use HTTPS
- Validate user agent / IP
- Set session timeout
10. What is the role of SameSite in cookies?
👉 Prevents cross-site request forgery (CSRF) attacks.
11. Can sessions work without cookies?
👉 Yes, using URL-based session IDs (but not recommended for security).
12. Where are sessions stored in PHP?
👉 Usually in server files (like /tmp folder), but can be stored in DB.
🚀 Bonus Tip (For Teaching / Exams)
Ask students this practical question:
👉 “Build login system using sessions and remember user using cookies”
