Soa Technology

MCQs + Interview Questions on Cookies & Sessions in PHP

by

aditya singh
in

🧠 MCQs (Multiple Choice Questions)

🔹 Basic Level

1. Where are cookies stored?

A) Server
B) Browser ✅
C) Database
D) Cache

2. Which function is used to create a cookie in PHP?

A) create_cookie()
B) setcookie() ✅
C) cookie_set()
D) addcookie()

3. What is the default storage of sessions?

A) Browser
B) Server ✅
C) Client cache
D) Local storage

4. Which superglobal is used for cookies?

A) $_SESSION
B) $_POST
C) $_COOKIE ✅
D) $_GET

5. Which function is required to start a session?

A) session_create()
B) start_session()
C) session_start() ✅
D) init_session()

🔹 Intermediate Level

6. What happens if you call setcookie() after HTML output?

A) Works fine
B) Throws warning/error ✅
C) Deletes cookie
D) Page reloads

7. How to delete a cookie?

A) unset($_COOKIE)
B) setcookie with past time ✅
C) delete_cookie()
D) session_destroy()

8. Which is more secure?

A) Cookies
B) Sessions ✅
C) Both equal
D) None

9. What does session_destroy() do?

A) Deletes one variable
B) Deletes all session data ✅
C) Stops session temporarily
D) Clears cookies

10. What is the purpose of session_regenerate_id()?

A) Create new session
B) Destroy session
C) Prevent session hijacking ✅
D) Extend session

🔹 Advanced Level

11. Which cookie flag prevents JavaScript access?

A) secure
B) httponly ✅
C) samesite
D) path

12. Which value helps prevent CSRF attacks?

A) secure
B) domain
C) samesite ✅
D) expire

13. Session data is stored in:

A) Cookies
B) Server files ✅
C) Browser memory
D) HTML

14. What is session timeout used for?

A) Increase speed
B) Auto logout user ✅
C) Store data
D) Encrypt data

15. Which is TRUE?

A) Cookies are safer than sessions
B) Sessions are stored in browser
C) Cookies are limited in size ✅
D) Sessions cannot expire

🎯 Interview Questions (with Answers)

🔹 Basic

1. What is the difference between cookies and sessions?

👉 Cookies are stored in the browser, sessions are stored on the server. Sessions are more secure.

2. What is a session in PHP?

👉 A session is a way to store user data on the server across multiple pages.

3. What is a cookie?

👉 A small file stored in the user’s browser to save data like preferences or login info.

🔹 Intermediate

4. Why must session_start() be called at the top?

👉 Because headers must be sent before any output, and sessions use headers.

5. Can cookies be accessed using JavaScript?

👉 Yes, unless HttpOnly flag is set.

6. How do you make cookies secure?

👉 Use:

  • secure (HTTPS only)
  • httponly (no JS access)
  • samesite (CSRF protection)

7. How to destroy a session?

session_start();
session_destroy();

🔹 Advanced

8. What is session hijacking?

👉 When an attacker steals a session ID to impersonate a user.

9. How to prevent session hijacking?

👉

  • Use session_regenerate_id()
  • Use HTTPS
  • Validate user agent / IP
  • Set session timeout

10. What is the role of SameSite in cookies?

👉 Prevents cross-site request forgery (CSRF) attacks.

11. Can sessions work without cookies?

👉 Yes, using URL-based session IDs (but not recommended for security).

12. Where are sessions stored in PHP?

👉 Usually in server files (like /tmp folder), but can be stored in DB.

🚀 Bonus Tip (For Teaching / Exams)

Ask students this practical question:
👉 “Build login system using sessions and remember user using cookies”

🇮🇳 Amazon India 🌍 Amazon Global