MCQs on Sessions and Cookies | PHP Intermediate

Strengthen your PHP session and cookie management skills with this set of 30 multiple-choice questions. Explore key topics like session management, cookie handling, and security concerns, crucial for web development.

Topic 1: PHP Sessions – Starting, Storing, and Destroying (10 Questions)

1. Which PHP function is used to start a session?
   A) session_start()
   B) start_session()
   C) begin_session()
   D) session_initialize()
2. What does the $_SESSION array hold in PHP?
   A) Server variables
   B) Cookies data
   C) User session data
   D) File data
3. How do you store a value in a session variable?
   A) $_SESSION[“key”] = “value”;
   B) session_store(“key”, “value”);
   C) store_session(“key”, “value”);
   D) session_set(“key”, “value”);
4. Which function is used to destroy a session in PHP?
   A) session_destroy()
   B) end_session()
   C) session_end()
   D) destroy_session()
5. What will happen if session_start() is not called at the beginning of a PHP script?
   A) Session data will not be accessible
   B) The script will throw an error
   C) The script will run normally without sessions
   D) It will automatically start the session
6. What is the default session expiration time in PHP?
   A) 15 minutes
   B) 30 minutes
   C) 60 minutes
   D) No expiration time
7. How can you regenerate a session ID in PHP for security purposes?
   A) session_regenerate_id()
   B) regenerate_id()
   C) session_reset_id()
   D) session_create_id()
8. What does the session_unset() function do in PHP?
   A) Deletes a session
   B) Clears all session variables
   C) Ends the session
   D) Regenerates the session ID
9. How do you access a session variable in PHP?
   A) $_SESSION[]
   B) session_get()
   C) $_SESSION{}
   D) session_array[]
10. Which of the following is true about session_destroy()?
    A) It removes all session variables but keeps the session active
    B) It clears the session and deletes the session file
    C) It ends the session and redirects the user
    D) It starts a new session

Topic 2: Cookies – Setting, Retrieving, and Deleting (10 Questions)

11. Which function is used to set a cookie in PHP?
    A) setcookie()
    B) cookie_set()
    C) create_cookie()
    D) add_cookie()
12. How do you retrieve the value of a cookie in PHP?
    A) $_COOKIE[“cookie_name”]
    B) cookie_get(“cookie_name”)
    C) $_COOKIE[]
    D) get_cookie(“cookie_name”)
13. Which of the following is required when setting a cookie?
    A) Cookie name
    B) Cookie value
    C) Expiration time
    D) All of the above
14. What will happen if the expiration time for a cookie is set to a past time?
    A) The cookie will be deleted
    B) The cookie will never be set
    C) The cookie will expire immediately
    D) The cookie will be stored forever
15. How long will a cookie last if the expiration time is set to 0?
    A) Until the session ends
    B) Until the browser is closed
    C) 1 year
    D) 30 days
16. Which of the following is correct for deleting a cookie in PHP?
    A) setcookie(“cookie_name”, “”, time() – 3600);
    B) delete_cookie(“cookie_name”);
    C) unset_cookie(“cookie_name”);
    D) clear_cookie(“cookie_name”);
17. What is the default path value when setting a cookie in PHP?
    A) /
    B) /cookie/
    C) /user/
    D) null
18. Which function can be used to check if a cookie is set in PHP?
    A) isset()
    B) check_cookie()
    C) cookie_exists()
    D) is_cookie_set()
19. Can cookies be accessed by JavaScript?
    A) Yes, cookies are accessible via JavaScript
    B) No, cookies are only accessible by PHP
    C) Only for secure cookies
    D) Only on the server side
20. Which of the following affects cookie storage in PHP?
    A) HTTP only flag
    B) Secure flag
    C) Expiration time
    D) All of the above

Topic 3: Session Management (5 Questions)

21. What does the session_start() function do in PHP?
    A) Starts a new session or resumes an existing one
    B) Initializes a session array
    C) Creates a cookie for session
    D) Initializes the session storage
22. Where are session variables stored by default in PHP?
    A) In the database
    B) In browser cookies
    C) In server-side files
    D) In the session variable array
23. What is the main purpose of session_regenerate_id()?
    A) To restart a session
    B) To generate a new session ID for the current session
    C) To clear all session data
    D) To validate session data
24. What does session_destroy() do?
    A) Destroys the current session and all its variables
    B) Deletes the session file
    C) Ends the current session
    D) Both A and B
25. Can you change session variables after calling session_start()?
    A) Yes, session variables can be modified
    B) No, they are read-only
    C) You can only delete them
    D) You can only add new variables

Topic 4: Security Concerns with Sessions and Cookies (5 Questions)

26. Which PHP function can help protect session data from session fixation attacks?
    A) session_regenerate_id()
    B) session_unset()
    C) session_destroy()
    D) session_start()
27. What is the primary security risk with cookies?
    A) They can be read by the client-side script
    B) They can be stored on the server
    C) They are not encrypted
    D) They are not necessary for session management
28. How can you make cookies more secure in PHP?
    A) By setting the secure flag and HTTP only flag
    B) By using encryption
    C) By setting short expiration times
    D) By using session cookies only
29. What does the httponly flag in cookies do?
    A) Prevents JavaScript from accessing the cookie
    B) Makes the cookie accessible only via the browser
    C) Makes the cookie persistent
    D) Encrypts the cookie
30. What is the risk of not using secure cookies for sensitive data?
    A) Data can be exposed to man-in-the-middle attacks
    B) Data can be stored forever
    C) The session will expire immediately
    D) Cookies cannot be used with sessions

Answer Key