会话控制机制

<?php 

if (isset($_SESSION['username'])){
   echo "<script>alert('您已经登陆！');window.location.href='admin.php'</script>";
   exit();
}
?>
<!DOCTYPE html>
<html>
<head>
	<title>登陆界面</title>
	<meta charset="utf-8">
</head>
<body>

	<form action="logincheck.php" method="post" accept-charset="utf-8">	
	<label>邮箱：</label>
	<input type="email" name="email" id="email"><br><br>
	<label>密码</label>
	<input type="password" name="password" value="" placeholder=""><br><br>
	<input type="submit" name="" value="登陆">
</form>
</body>
</html>

login.php页面

admin.php页面

<?php
session_start(); 
if(!isset($_SESSION['username'])){
  echo "<script>alert('请登陆！');window.location.href='login.php'</script>";
exit();
}
$username=$_SESSION['username'];
?>
<!DOCTYPE html>
<html>
<head>
	<title>管理界面</title>
	<meta charset="utf-8">
</head>
<body>
	<p>欢迎您：<?=$username?></p>
	<a href="logout.php">退出</a>
	<form action="upload.php" method="post" accept-charset="utf-8" enctype="multipart/form-data">
		<input type="file" name="file" value="" placeholder="请选择上传的文件">
		<input type="submit" name="submit" value="提交">
	</form>

</body>
</html>

logout.php页面

<?php
session_start();
if (!isset($_SESSION['username'])){
   echo "<script>alert('你没登陆过，请先登陆！');window.location.href='login.php'</script>";
}else{
	session_destroy(); //清楚会话。
 	echo "<script>alert('退出成功！');window.location.href='login.php'</script>";
}

?>

logincheck.php页面

<?php 
session_start(); //开启会话


$email=$_POST['email'];
$password = $_POST['password'];

include __DIR__."/pdo.php";
$sql = "SELECT * FROM `user` WHERE `email`=:email AND `password`=:password";
// echo $sql;
$stmt = $dbh->prepare($sql);
$stmt ->bindparam(':email',$email,PDO::PARAM_STR);
$stmt ->bindparam(':password',$password,PDO::PARAM_STR);
$stmt ->execute();
$user = $stmt->fetch(PDO::FETCH_ASSOC);

if ($user){
 	$_SESSION['username']=$user['name'];
 	echo "<script>location.assign('admin.php')</script>";
}else{
	echo "<script>alert('用户名密码错误');window.history.back()</script>";
}



?>

总结

COOKIE是客户端记录的，session是服务器端生成的。都是用来识别身份的，session相对存储在服务器安全性高些。