MCQs on Class 14: Sessions and Cookies

 Multiple Choice Questions 

Class 14: Sessions and Cookies

Here are 100 multiple-choice questions (MCQs) on the topic of sessions and cookies in PHP, including answers and explanations where applicable.

Questions 1-20: Sessions

1. What is a session in PHP?
• A) A way to store data in the database
• B) A mechanism to persist data across pages
• C) A method for sending data via email
• D) A type of database query
  Answer: B
  Explanation: A session is a mechanism to store data across multiple pages during a user's visit to a website.
2. How do you start a session in PHP?
• A) session_start();
• B) start_session();
• C) begin_session();
• D) create_session();
  Answer: A
  Explanation: The session_start() function initializes a new session or resumes an existing one.
3. Which superglobal array is used to store session variables?
• A) $_POST
• B) $_GET
• C) $_SESSION
• D) $_COOKIE
  Answer: C
  Explanation: Session variables are stored in the $_SESSION superglobal array.
4. What function is used to destroy a session in PHP?
• A) session_destroy();
• B) destroy_session();
• C) session_end();
• D) end_session();
  Answer: A
  Explanation: The session_destroy() function is used to terminate a session.
5. How can you unset a session variable?
• A) unset($_SESSION['var_name']);
• B) remove($_SESSION['var_name']);
• C) delete($_SESSION['var_name']);
• D) clear($_SESSION['var_name']);
  Answer: A
  Explanation: The unset() function is used to remove a specific session variable.
6. What is the default lifetime of a session in PHP?
• A) 15 minutes
• B) 30 minutes
• C) Until the browser is closed
• D) 24 hours
  Answer: C
  Explanation: By default, sessions last until the browser is closed.
7. Which of the following functions is used to regenerate session ID?
• A) session_regenerate_id();
• B) regenerate_session_id();
• C) reset_session_id();
• D) session_id_regenerate();
  Answer: A
  Explanation: The session_regenerate_id() function is used to generate a new session ID.
8. What happens if you call session_start() twice?
• A) It throws an error
• B) It creates a new session
• C) It resumes the existing session
• D) It does nothing
  Answer: C
  Explanation: Calling session_start() multiple times resumes the existing session.
9. Where are session data stored by default?
• A) In a database
• B) In a file on the server
• C) In a cookie
• D) In memory
  Answer: B
  Explanation: By default, session data is stored in temporary files on the server.
10. Which function is used to set a session variable?
• A) $_SESSION['var_name'] = value;
• B) set_session('var_name', value);
• C) create_session_variable('var_name', value);
• D) add_session_variable('var_name', value);
  Answer: A
  Explanation: You can set a session variable by directly assigning a value to $_SESSION['var_name'].
11. What is the purpose of the session_id() function?
• A) To retrieve the session ID
• B) To set a new session ID
• C) To create a session
• D) To destroy a session
  Answer: A
  Explanation: The session_id() function is used to retrieve the current session ID.
12. How can you change the session storage path?
• A) By using session_save_path();
• B) By modifying the php.ini file
• C) By using set_session_path();
• D) Both A and B
  Answer: D
  Explanation: You can change the session storage path using session_save_path(); or by modifying the php.ini file.
13. Which of the following is a security concern with sessions?
• A) Session fixation
• B) Session hijacking
• C) Both A and B
• D) None of the above
  Answer: C
  Explanation: Both session fixation and session hijacking are security concerns related to sessions.
14. What should you do before accessing session variables?
• A) Check if the session is active
• B) Call session_start();
• C) Initialize the session variable
• D) Set a cookie
  Answer: B
  Explanation: You must call session_start(); before accessing or setting session variables.
15. Which function would you use to retrieve all session variables?
• A) get_session();
• B) $_SESSION;
• C) session_get_all();
• D) session_variables();
  Answer: B
  Explanation: The $_SESSION array contains all session variables.
16. How do you ensure session data is not stored on the client-side?
• A) Use cookies
• B) Use a database
• C) Store it on the server
• D) All of the above
  Answer: C
  Explanation: Session data is stored on the server to ensure it is not accessible on the client-side.
17. What is the session ID used for?
• A) To identify the user session
• B) To track user activity
• C) To store user preferences
• D) To set cookies
  Answer: A
  Explanation: The session ID uniquely identifies a user session on the server.
18. When is a session automatically destroyed?
• A) After 10 minutes of inactivity
• B) When the browser is closed
• C) When session_destroy() is called
• D) Both B and C
  Answer: D
  Explanation: A session is automatically destroyed when the browser is closed or when session_destroy() is explicitly called.
19. Which of the following best practices helps secure sessions?
• A) Use long and complex session IDs
• B) Store sensitive data in sessions
• C) Disable session timeouts
• D) Share session IDs across sites
  Answer: A
  Explanation: Using long and complex session IDs makes it harder for attackers to guess or brute-force them.
20. What is the purpose of session cookies?
• A) To store session data permanently
• B) To track user preferences
• C) To manage sessions without saving on the server
• D) To identify users across different websites
  Answer: C
  Explanation: Session cookies are temporary and used to manage sessions without storing data permanently on the server.

---

Questions 21-40: Cookies

21. What is a cookie in PHP?
• A) A file stored on the server
• B) A small piece of data stored on the client-side
• C) A method to send data via forms
• D) A type of database
  Answer: B
  Explanation: A cookie is a small piece of data sent from a server and stored on the client-side.
22. How do you create a cookie in PHP?
• A) setcookie('name', 'value', time() + 3600);
• B) cookie_set('name', 'value', time() + 3600);
• C) create_cookie('name', 'value', time() + 3600);
• D) add_cookie('name', 'value', time() + 3600);
  Answer: A
  Explanation: The setcookie() function is used to create a cookie in PHP.
23. What is the maximum size of a cookie?
• A) 512 bytes
• B) 1 KB
• C) 4 KB
• D) 8 KB
  Answer: C
  Explanation: The maximum size of a single cookie is 4 KB.
24. How long does a cookie last if you set it to expire in one hour?
• A) 30 minutes
• B) 1 hour
• C) Until the browser is closed
• D) 24 hours
  Answer: B
  Explanation: If you set a cookie to expire in one hour, it will last for that duration.
25. Which of the following functions retrieves a cookie value?
• A) getcookie('name');
• B) $_COOKIE['name'];
• C) cookie_value('name');
• D) read_cookie('name');
  Answer: B
  Explanation: You can access cookie values using the $_COOKIE superglobal array.
26. How can you delete a cookie in PHP?
• A) unsetcookie('name');
• B) setcookie('name', '', time() - 3600);
• C) delete_cookie('name');
• D) remove_cookie('name');
  Answer: B
  Explanation: To delete a cookie, you set its expiration time to a past time using setcookie().
27. Which of the following is true about cookies?
• A) They are stored on the server.
• B) They can only store string data.
• C) They are always secure.
• D) They can track user preferences.
  Answer: D
  Explanation: Cookies can store user preferences and other information for tracking purposes.
28. What happens if you try to set a cookie after outputting HTML?
• A) The cookie is set successfully.
• B) It throws an error.
• C) The cookie is not set.
• D) It depends on the browser.
  Answer: C
  Explanation: Cookies must be set before any HTML output, or they won't be set.
29. Which attribute should be set to secure a cookie?
• A) secure
• B) httpOnly
• C) SameSite
• D) All of the above
  Answer: D
  Explanation: Setting secure, httpOnly, and SameSite attributes helps enhance cookie security.
30. What is the default lifetime of a cookie if no expiration time is set?
• A) Until the browser is closed
• B) 1 hour
• C) 24 hours
• D) Forever
  Answer: A
  Explanation: By default, cookies last until the browser is closed if no expiration is set.
31. How do you set a cookie that is accessible across all pages of a website?
• A) setcookie('name', 'value', time() + 3600, '/');
• B) setcookie('name', 'value', time() + 3600, '');
• C) setcookie('name', 'value', time() + 3600, 'domain.com');
• D) setcookie('name', 'value', time() + 3600, '*');
  Answer: A
  Explanation: The '/' parameter indicates that the cookie is available across the entire website.
32. Which of the following is NOT a use case for cookies?
• A) Storing user preferences
• B) Tracking user sessions
• C) Sending data to the server
• D) Managing server-side databases
  Answer: D
  Explanation: Cookies are not used for managing server-side databases.
33. What does the httpOnly flag do when set for a cookie?
• A) Makes the cookie secure
• B) Prevents JavaScript from accessing the cookie
• C) Sets a custom expiration time
• D) Makes the cookie persistent
  Answer: B
  Explanation: The httpOnly flag prevents JavaScript from accessing the cookie, enhancing security.
34. What does the SameSite attribute do for cookies?
• A) Limits cookie access to same-origin requests
• B) Allows cross-origin requests
• C) Enables third-party cookies
• D) None of the above
  Answer: A
  Explanation: The SameSite attribute restricts how cookies are sent with cross-origin requests, helping to prevent CSRF attacks.
35. What happens if you set a cookie with an invalid domain?
• A) The cookie is set for the current domain.
• B) The cookie is ignored.
• C) It throws an error.
• D) The cookie is set for all subdomains.
  Answer: B
  Explanation: If a cookie is set with an invalid domain, it will be ignored.
36. Which method is used to check if a cookie exists?
• A) isset($_COOKIE['name']);
• B) check_cookie('name');
• C) cookie_exists('name');
• D) $_COOKIE['name'] !== null;
  Answer: A
  Explanation: The isset() function checks if a cookie exists.
37. What will happen if the setcookie() function is called after a header has been sent?
• A) The cookie will be set.
• B) It will throw a warning.
• C) The cookie will not be set.
• D) It depends on the PHP version.
  Answer: C
  Explanation: Calling setcookie() after outputting headers will prevent the cookie from being set.
38. What is the maximum number of cookies that can be set per domain?
• A) 20
• B) 50
• C) 100
• D) 300
  Answer: B
  Explanation: Most browsers limit the number of cookies per domain to around 50.
39. Which of the following statements about cookies is false?
• A) Cookies are stored on the client-side.
• B) Cookies can store more than 4 KB of data.
• C) Cookies can expire after a specified time.
• D) Cookies are sent with every HTTP request.
  Answer: B
  Explanation: A single cookie can only store up to 4 KB of data.
40. What happens when a user clears their browser cookies?
• A) The session is destroyed.
• B) All stored cookies are removed.
• C) Only expired cookies are removed.
• D) Cookies are retained until the browser is closed.
  Answer: B
  Explanation: Clearing browser cookies removes all stored cookies.

---

Questions 41-60: General Concepts

41. How can you use cookies and sessions together?
• A) To track user preferences
• B) To store temporary data
• C) To maintain user login states
• D) All of the above
  Answer: D
  Explanation: Cookies and sessions can be used together for various purposes, including tracking user preferences and maintaining login states.
42. What is the difference between session data and cookie data?
• A) Session data is stored on the server; cookie data is stored on the client.
• B) Session data can be larger than cookie data.
• C) Cookie data is permanent, while session data is temporary.
• D) All of the above
  Answer: D
  Explanation: Session data is stored on the server, can be larger, and is typically temporary compared to cookies.
43. What is the primary use of sessions in web applications?
• A) To store large files
• B) To maintain user authentication
• C) To track analytics
• D) To create dynamic content
  Answer: B
  Explanation: Sessions are primarily used to maintain user authentication throughout a web application.
44. Which of the following can cause session data loss?
• A) Server restart
• B) Expiration of session cookies
• C) Manually calling session_destroy()
• D) All of the above
  Answer: D
  Explanation: All listed factors can lead to session data loss.
45. What will happen if a user tries to access session variables before starting a session?
• A) It will retrieve the session variable.
• B) It will throw an error.
• C) It will return null.
• D) It will create a new session.
  Answer: C
  Explanation: Accessing session variables before starting a session will return null.
46. Which of the following methods can be used to improve session security?
• A) Use HTTPS
• B) Regenerate session IDs regularly
• C) Store sensitive data in cookies
• D) Both A and B
  Answer: D
  Explanation: Using HTTPS and regenerating session IDs regularly enhances session security.
47. What is a session fixation attack?
• A) An attack that exploits session cookies
• B) An attack that tricks a user into using a specific session ID
• C) An attack that stores malicious data in sessions
• D) None of the above
  Answer: B
  Explanation: Session fixation attacks involve tricking a user into using a specific session ID, allowing attackers to hijack sessions.
48. When using cookies, what is the role of the expires attribute?
• A) To set a secure connection
• B) To specify the cookie's lifetime
• C) To limit access to the cookie
• D) To make the cookie accessible via JavaScript
  Answer: B
  Explanation: The expires attribute specifies how long the cookie should be stored.
49. How can session data be made persistent across multiple pages?
• A) Using cookies
• B) Storing it in a database
• C) Using hidden form fields
• D) Both A and B
  Answer: D
  Explanation: Session data can be made persistent across pages using cookies or storing it in a database.
50. Which of the following is NOT a benefit of using sessions?
• A) Improved security over cookies
• B) Persistent storage on the client-side
• C) Easy data retrieval
• D) Ability to store large amounts of data
  Answer: B
  Explanation: Sessions store data on the server-side, not the client-side.
51. What happens when a session is destroyed?
• A) All session data is removed.
• B) The user is logged out.
• C) Both A and B
• D) Nothing happens
  Answer: C
  Explanation: Destroying a session removes all session data and typically logs the user out.
52. Which function is used to start a session in PHP?
• A) start_session();
• B) session_start();
• C) initialize_session();
• D) begin_session();
  Answer: B
  Explanation: The function session_start() is used to initiate a session.
53. What is the purpose of the session_regenerate_id() function?
• A) To start a new session
• B) To create a unique session ID
• C) To destroy the current session
• D) To prevent session fixation
  Answer: D
  Explanation: This function helps prevent session fixation by creating a new session ID.
54. Which of the following is an example of session hijacking?
• A) A user clearing their cookies
• B) An attacker stealing a session ID
• C) A user logging out of a session
• D) All of the above
  Answer: B
  Explanation: Session hijacking involves an attacker stealing or guessing a user's session ID to gain unauthorized access.
55. What type of data is typically stored in a session?
• A) User preferences
• B) Login credentials
• C) Temporary data for user state
• D) None of the above
  Answer: C
  Explanation: Sessions are usually used to store temporary data related to user state, like login status.
56. What is the primary difference between cookies and sessions regarding data storage?
• A) Cookies are faster to access.
• B) Cookies are stored on the client, while sessions are stored on the server.
• C) Sessions can store more data than cookies.
• D) Both B and C
  Answer: D
  Explanation: Cookies are client-side, while sessions are server-side and can store larger data amounts.
57. How can session data be accessed in PHP?
• A) $_SESSION['key'];
• B) session_data('key');
• C) get_session('key');
• D) retrieve_session('key');
  Answer: A
  Explanation: Session data is accessed using the $_SESSION superglobal array.
58. When a cookie is set with the path attribute, what does it specify?
• A) The URL where the cookie is valid
• B) The expiration time of the cookie
• C) The domain of the cookie
• D) The security level of the cookie
  Answer: A
  Explanation: The path attribute defines the URL path for which the cookie is valid.
59. Which PHP function is used to destroy all session variables?
• A) clear_session();
• B) session_unset();
• C) session_destroy();
• D) destroy_session();
  Answer: C
  Explanation: The session_destroy() function is used to destroy all session variables and the session itself.
60. What is the maximum size of a cookie that can be set?
• A) 1 KB
• B) 2 KB
• C) 4 KB
• D) 8 KB
  Answer: C
  Explanation: The maximum size for a single cookie is 4 KB.

---

Questions 61-80: Advanced Topics

61. How can you secure session data from cross-site scripting (XSS) attacks?
• A) Use cookies to store session data
• B) Validate and sanitize all user inputs
• C) Make session IDs predictable
• D) Use session fixation
  Answer: B
  Explanation: Validating and sanitizing inputs helps protect session data from XSS attacks.
62. What is the purpose of setting the domain attribute for a cookie?
• A) To limit the cookie's lifespan
• B) To restrict the cookie to a specific domain
• C) To enhance cookie security
• D) To specify the location of the cookie storage
  Answer: B
  Explanation: The domain attribute restricts the cookie to a specific domain.
63. In which scenario would you prefer using sessions over cookies?
• A) Storing large amounts of user data
• B) Maintaining user preferences
• C) Sharing data across different domains
• D) Storing non-sensitive data
  Answer: A
  Explanation: Sessions are better for storing larger amounts of data, especially sensitive information.
64. How can you implement session timeout in a web application?
• A) By setting a shorter expiration time for cookies
• B) By checking the last activity time of the user
• C) By disabling cookies
• D) By deleting all session data immediately
  Answer: B
  Explanation: Implementing session timeout involves checking the last activity time and logging the user out after a period of inactivity.
65. What happens if you set the SameSite=None attribute for a cookie?
• A) The cookie will only be sent for same-origin requests.
• B) The cookie will be sent with cross-origin requests.
• C) The cookie will be ignored.
• D) It increases the cookie's security.
  Answer: B
  Explanation: Setting SameSite=None allows cookies to be sent with cross-origin requests.
66. How do cookies differ from local storage?
• A) Cookies are stored on the server; local storage is on the client.
• B) Cookies have a size limit; local storage does not.
• C) Local storage persists across sessions; cookies can expire.
• D) Both B and C
  Answer: D
  Explanation: Cookies have size limits and expiration, while local storage can store larger amounts of data persistently.
67. What is the best practice for handling sensitive information in cookies?
• A) Store it as plain text
• B) Encrypt the data before storing it
• C) Set the httpOnly flag
• D) Both B and C
  Answer: D
  Explanation: Encrypting data and setting the httpOnly flag are best practices for sensitive information in cookies.
68. Which function would you use to retrieve a session variable?
• A) $_SESSION['variable'];
• B) get_session('variable');
• C) retrieve_session('variable');
• D) session_variable('variable');
  Answer: A
  Explanation: Session variables are accessed through the $_SESSION superglobal array.
69. What is a common method to ensure the security of cookies?
• A) Using HTTP instead of HTTPS
• B) Setting the secure attribute
• C) Avoiding httpOnly flag
• D) Making cookies accessible to JavaScript
  Answer: B
  Explanation: Setting the secure attribute ensures that cookies are only sent over HTTPS connections.
70. Which of the following is NOT a consequence of improper session management?
• A) Session hijacking
• B) Data leakage
• C) Enhanced user experience
• D) Account takeovers
  Answer: C
  Explanation: Enhanced user experience is not a consequence of improper session management.
71. How can you prevent cross-site request forgery (CSRF) attacks with cookies?
• A) Use SameSite attribute
• B) Enable JavaScript access to cookies
• C) Make cookies persistent
• D) Allow third-party cookies
  Answer: A
  Explanation: The SameSite attribute helps prevent CSRF attacks by controlling when cookies are sent with requests.
72. What happens if you set the path attribute of a cookie to /?
• A) The cookie will be accessible only on the homepage.
• B) The cookie will be accessible across the entire domain.
• C) The cookie will not be stored.
• D) The cookie will expire immediately.
  Answer: B
  Explanation: Setting the path attribute to / allows the cookie to be accessible across the entire domain.
73. What is the impact of using session_start() multiple times in a script?
• A) It creates a new session each time.
• B) It throws an error.
• C) It has no effect; the existing session is reused.
• D) It resets the session data.
  Answer: C
  Explanation: Calling session_start() multiple times in the same script will reuse the existing session.
74. Which method can be used to delete a cookie?
• A) Set its expiration date to a future date
• B) Set its expiration date to a past date
• C) Use the unset() function
• D) Both B and C
  Answer: D
  Explanation: A cookie can be deleted by setting its expiration date to a past date or using the unset() function in PHP.
75. How can you make a cookie accessible only through the HTTP protocol?
• A) Set the secure attribute
• B) Set the httpOnly attribute
• C) Set the SameSite attribute
• D) Set the domain attribute
  Answer: B
  Explanation: The httpOnly attribute makes the cookie accessible only through the HTTP protocol, preventing access via JavaScript.
76. What is the main advantage of using PHP sessions over cookies?
• A) Sessions are stored on the client-side.
• B) Sessions can store larger amounts of data securely.
• C) Sessions are easier to use than cookies.
• D) Cookies can be shared across different domains.
  Answer: B
  Explanation: Sessions can securely store larger amounts of data compared to cookies, which have size limits.
77. When would you use both sessions and cookies together?
• A) For storing user preferences only
• B) To improve security
• C) For keeping track of user login states
• D) When you need to persist data across sessions
  Answer: D
  Explanation: Using both allows for persistent data storage across sessions while utilizing sessions for temporary data management.
78. What is the result of trying to access a cookie that has expired?
• A) The cookie value will be returned as null.
• B) An error will be thrown.
• C) The cookie will be deleted automatically.
• D) The cookie will still be accessible until the browser is closed.
  Answer: A
  Explanation: An expired cookie will not be accessible, and its value will return as null.
79. What type of data is best suited for storage in cookies?
• A) Sensitive user information
• B) Temporary session data
• C) User preferences and settings
• D) Large files
  Answer: C
  Explanation: Cookies are best for storing user preferences and settings, not sensitive information or large files.
80. How do you set the domain for a cookie in PHP?
• A) setcookie("name", "value", time() + 3600, "/", "example.com");
• B) setcookie("name", "value", time() + 3600, "example.com");
• C) setcookie("name", "value", time() + 3600);
• D) setcookie("name", "value", time() + 3600, "");
  Answer: A
  Explanation: The domain for a cookie is set in the setcookie() function as the fourth parameter.

---

This set of questions and answers should provide a comprehensive overview of the session management and cookies in PHP for your assignment. Adjust any content as needed!

4o mini

Top of Form

 

Bottom of Form

ChatGPT can make mistakes. Check important info.