SlideShare a Scribd company logo

Lecture 11 - PHP - Part 5 - CookiesSessions.ppt

Download as ppt, pdf
S
SreejithVP7

PHP uses sessions and cookies to introduce state into the stateless HTTP protocol. Sessions allow servers to remember stateful information about individual users from page request to page request, while cookies store small amounts of data on the client side. The setcookie() function and $_COOKIE superglobal array are used to create and access cookies, while sessions are managed through the $_SESSION superglobal array after starting a session with session_start(). Cookies and sessions both provide methods for persistence across multiple page loads or visits.

1 of 35
Download to read offline
1
PHP – Cookies and Sessions
2
The need for persistence  Consider these examples  Counting the number of “hits” on a website  i.e. how many times does a client load your web page source  The questionnaire on computing experience  Somehow your .php needs to remember previous instances of it being requested by a client
3
Persistence  Persistence is the ability of data to outlive the execution of the program that created them.  An obvious way of achieving persistence is to simply save the data in a file
4
Persistence and HTTP Recall http is a stateless protocol. It remembers nothing about previous transfers Two ways to achieve persistence:  PHP cookies  PHP sessions HTTP server Client Cookie Session
5
HTTP Cookies In internet programming, a cookie is a packet of information sent from the server to client, and then sent back to the server each time it is accessed by the client. Introduces state into HTTP (remember: HTTP is stateless) Cookies are transferred between server and client according to http. PHP supports http cookies Cookies can also be thought of as tickets used to identify clients and their orders
6
How Cookies are implemented  Cookies are sent from the server to the client via “Set- Cookie” headers Set-Cookie: NAME=VALUE; expires=DATE; path=PATH; domain=DOMAIN_NAME; secure  The NAME value is a URL-encoded name that identifies the cookie.  The PATH and DOMAIN specify where the cookie applies
7
setcookie(name,value,expire,path,domain,secure) Parameter Description name (Required). Specifies the name of the cookie value (Required). Specifies the value of the cookie expire (Optional). Specifies when the cookie expires. e.g. time()+3600*24*30 will set the cookie to expire in 30 days. If this parameter is not set, the cookie will expire at the end of the session (when the browser closes). path (Optional). Specifies the server path of the cookie. If set to "/", the cookie will be available within the entire domain. If set to "/phptest/", the cookie will only be available within the test directory and all sub-directories of phptest. The default value is the current directory that the cookie is being set in. domain (Optional). Specifies the domain name of the cookie. To make the cookie available on all subdomains of example.com then you'd set it to ".example.com". Setting it to www.example.com will make the cookie only available in the www subdomain secure (Optional). Specifies whether or not the cookie should only be transmitted over a secure HTTPS connection. TRUE indicates that the cookie will only be set if a secure connection exists. Default is FALSE.
8
Cookies from HTTP GET /*.html HTTP/1.1 Host: it026954.domain GET /*.html HTTP/1.1 Host: it026945.domain Cookie: name=value Accept: */* HTTP/1.1 200 OK Content-type: text/html Set-Cookie: name=value (content of page) Client (e.g. Firefox) it026945
9
Creating PHP cookies Cookies can be set by directly manipulating the HTTP header using the PHP header() function <?php header(“Set-Cookie: mycookie=myvalue; path=/; domain=.coggeshall.org”); ?>
10
Creating cookies with setcookie() Use the PHP setcookie() function: Setcookie (name,value,expire, path, domain, secure) e.g. <?php setcookie("MyCookie", $value, time()+3600*24); setcookie("AnotherCookie", $value, time()+3600); ?>  Name: name of the file  Value: data stored in the file  Expire: data string defining the life time  Path: subset of URLs in a domain where it is valid  Domain: domain for which the cookie is valid  Secure: set to '1' to transmit in HTTPS
11
Reading cookies <?php foreach ($_COOKIE as $key=>$val) { print $key . " => " . $val . "<br/>"; } ?> To access a cookie received from a client, use the PHP $_COOKIE superglobal array Each key in the array represents a cookie - the key name is the cookie name.
12
Creating and using cookies example <?php setcookie("MyCookie", $value, time()+7200); setcookie("AnotherCookie", $value, time()+7); ?> <?php foreach ($_COOKIE as $key=>$val) { print $key . " => " . $val . "<br/>"; } ?>  Cookies only become visible on the next page load
13
Using headers (wrong approach!) <!DOCTYPE html PUBLIC "=//W3C//DTD XHMTL 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhmtl" xml:lang="en"> <head><title>PHP Script using Cookies</title> <meta http-equiv="Content-Type" content="text/html; chatset=ISO-8859-1" /> </head> <body> <?php $strValue = "This is my first cookie"; setcookie ("mycookie", $strValue); echo "Cookie set<br>"; ?> </body> </html> Gets an error!: Warning: Cannot modify header information - headers already sent by (output started at /var/www/html/TESTandre/159339/PHP/cookie_with_headers.php:9) in /var/www/html/TESTandre/159339/PHP/cookie_with_headers.php on line 11 (adapted from Stobart & Parsons (2008))
14
Using headers setcookie() did not run before information was sent to the browser... Cookies have to be sent before the heading elements
15
Using headers (correct approach) <?php $strValue = "This is my first cookie"; setcookie ("mycookie", $strValue); echo "Cookie set<br>"; ?> <!DOCTYPE html PUBLIC "=//W3C//DTD XHMTL 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhmtl" xml:lang="en"> <head><title>PHP Script using Cookies</title> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> </head> <body> <?php echo “<p> A cookie has been set. </p>”; ?> </body> </html> This is the correct approach!
16
Deleting a cookie  Set the cookie with its name only: setcookie(“mycookie”);
17
Multiple data items  Use explode() e.g. <?php $strAddress = $_SERVER['REMOTE_ADDR']; $strBrowser = $_SERVER['HTTP_USER_AGENT']; $strOperatingSystem = $_ENV['OS']; $strInfo = "$strAddress::$strBrowser::$strOperatingSystem"; setcookie ("somecookie4",$strInfo, time()+7200); ?> <?php $strReadCookie = $_COOKIE["somecookie4"]; $arrListOfStrings = explode ("::", $strReadCookie); echo "<p>$strInfo</p>"; echo "<p>Your IP address is: $arrListOfStrings[0] </p>"; echo "<p>Client Browser is: $arrListOfStrings[1] </p>"; echo "<p>Your OS is: $arrListOfStrings[2] </p>"; ?>
18
Where is the cookie stored?
19
Where is the cookie stored  Depends on the browser...  e.g., firefox/mozilla under /home/a________  Look for cookies.txt in .mozilla directory  Usually under:  /home/a______/.mozilla/firefox/asdkfljy.default  Cookie is stored only if there is an expiry date  Otherwise it is deleted when leaving browser  Persistent only if an expiry date is set
20
PHP Session
21
You can store user information (e.g. username, items selected, etc.) in the server side for later use using PHP session. Sessions work by creating a unique id (UID) for each visitor and storing variables based on this UID. The UID is either stored in a cookie or is propagated in the URL. PHP Sessions
22
When should you use sessions?  Need for data to stored on the server  Unique session information for each user  Transient data, only relevant for short time  Data does not contain secret information  Similar to Cookies, but it is stored on the server  More secure, once established, no data is sent back and forth between the machines  Works even if cookies are disabled  Example: we want to count the number of “hits” on our web page.
23
<?php session_start(); ?> <html> <body> </body> </html> session_start() function must appear BEFORE the <html> tag. Before you can store user information in your PHP session, you must first start up the session.
24
PHP Sessions  Starting a PHP session: <?php session_start(); ?> • This tells PHP that a session is requested. • A session ID is then allocated at the server end. • session ID looks like: sess_f1234781237468123768asjkhfa7891234g
25
Session variables  $_SESSION  e.g., $_SESSION[“intVar”] = 10;  Testing if a session variable has been set: session_start(); if(!$_SESSION['intVar']) {...} //intVar is set or not
26
Registering session variables  Instead of setting superglobals, one can register one’s own session variables <?php $barney = “A big purple dinosaur.”; $myvar_name = “barney”; session_register($myvar_name); ?> • $barney can now be accessed “globally” from session to session  This only works if the register_globals directive is enabled in php.ini - nowadays this is turned off by default Use of session_register() is deprecated!
27
Make your own session variables  With session_start() a default session variable is created - the name extracted from the page name  To create your own session variable just add a new key to the $_SESSION superglobal $_SESSION[‘dug’] = “a talking dog.”; Use of $_SESSION is preferred, as of PHP 4.1.0.
28
Session Example 1 <?php session_start(); if (!isset($_SESSION["intVar"]) ){ $_SESSION["intVar"] = 1; } else { $_SESSION["intVar"]++; } echo "<p>In this session you have accessed this page " . $_SESSION["intVar"] . "times.</p>"; ?>
29
<?php session_start();?> <?php $thisPage = $_SERVER['PHP_SELF']; $pageNameArray = explode('/', $thisPage); $pageName = $pageNameArray[count($pageNameArray) - 1]; print "The name of this page is: $pageName<br/>"; $nameItems = explode(‘.', $pageName); $sessionName = $nameItems[0]; print "The session name is $sessionName<br/>"; if (!isset($_SESSION[$sessionName])) { $_SESSION[$sessionName] = 0; print "This is the first time you have visited this page<br/>"; } else { $_SESSION[$sessionName]++; } print "<h1>You have visited this page " . $_SESSION[$sessionName] . " times</h1>"; ?> Session Example 2
30
Ending sessions unset($_SESSION[‘name’]) –Remove a session variable session_destroy() – Destroys all data registered to a session – does not unset session global variables and cookies associated with the session –Not normally done - leave to timeout
31
Destroying a session completely <?php // Initialize the session. // If you are using session_name("something"), don't forget it now! session_start(); // Unset all of the session variables. $_SESSION = array(); // If it's desired to kill the session, also delete the session cookie. // Note: This will destroy the session, and not just the session data! if (ini_get("session.use_cookies")) { // Returns the value of the configuration option $params = session_get_cookie_params(); setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"] ); } // Finally, destroy the session. session_destroy(); ?> http://nz2.php.net/manual/en/function.session-destroy.php returns the name of the current session
32
Session Example 3 <?php session_start(); if(!isset($_SESSION['strColourBg'])) $_SESSION['strColourBg'] = "red"; else echo "Currently Bg set to " . $_SESSION['strColourBg'] . "<br>"; if(!isset($_SESSION['strColourFg'])) $_SESSION['strColourFg'] = "yellow"; else echo "Currently Fg set to " . $_SESSION['strColourFg']; if(isset($_POST["submit"]) ) { $strColourBg = $_POST["strNewBg"]; $strColourFg = $_POST["strNewFg"]; $_SESSION['strColourBg'] = $strColourBg; $_SESSION['strColourFg'] = $strColourFg; echo "<br>New Settings"; } else { $strColourBg = $_SESSION['strColourBg']; $strColourFg = $_SESSION['strColourFg']; echo "<br>Keep old settings"; } ?>
33
Session Example 3 (cont.) <head> <style type="text/css"> body {background-color: <?php echo $strColourBg ?>} p {color: <?php echo $strColourFg?>} h2 {color: <?php echo $strColourFg?>} </style></head> <body> <h2>h2 colour</h2> <form action = '<?php echo $SERVER["PHP_SELF"] ?>' method='post'> <label for="strNewBg"> Background colour: </label> <select name='strNewBg' id='strNewBg'> <option>red</option> ... <option>grey</option> </select> <label for="strNewFg"> Text colour: </label> <select name='strNewFg' id='strNewFg'> <option>yellow</option> ... <option>grey</option> </select> <input type='submit' name='submit'/> </form></body> (adapted from Stobart & Parsons, 2008)
34
Examples php_imagefields.php php_retention.php upload.html upload.php php_imagefields.php php_imagecreation.php php_truetypefonts.php php_file_get_contents.php php_cookie_multipledata.php cookie1.php cookie_with_headers.php session1.php session2.php php_session_colours2.php php_session_destroy.php
35
Summary PHP sessions and cookies are mechanisms for introducing state into HTTP transactions.
PHP – Cookies and Sessions
The need for persistence  Consider these examples  Counting the number of “hits” on a website  i.e. how many times does a client load your web page source  The questionnaire on computing experience  Somehow your .php needs to remember previous instances of it being requested by a client
Persistence  Persistence is the ability of data to outlive the execution of the program that created them.  An obvious way of achieving persistence is to simply save the data in a file
Persistence and HTTP Recall http is a stateless protocol. It remembers nothing about previous transfers Two ways to achieve persistence:  PHP cookies  PHP sessions HTTP server Client Cookie Session
HTTP Cookies In internet programming, a cookie is a packet of information sent from the server to client, and then sent back to the server each time it is accessed by the client. Introduces state into HTTP (remember: HTTP is stateless) Cookies are transferred between server and client according to http. PHP supports http cookies Cookies can also be thought of as tickets used to identify clients and their orders
How Cookies are implemented  Cookies are sent from the server to the client via “Set- Cookie” headers Set-Cookie: NAME=VALUE; expires=DATE; path=PATH; domain=DOMAIN_NAME; secure  The NAME value is a URL-encoded name that identifies the cookie.  The PATH and DOMAIN specify where the cookie applies
setcookie(name,value,expire,path,domain,secure) Parameter Description name (Required). Specifies the name of the cookie value (Required). Specifies the value of the cookie expire (Optional). Specifies when the cookie expires. e.g. time()+3600*24*30 will set the cookie to expire in 30 days. If this parameter is not set, the cookie will expire at the end of the session (when the browser closes). path (Optional). Specifies the server path of the cookie. If set to "/", the cookie will be available within the entire domain. If set to "/phptest/", the cookie will only be available within the test directory and all sub-directories of phptest. The default value is the current directory that the cookie is being set in. domain (Optional). Specifies the domain name of the cookie. To make the cookie available on all subdomains of example.com then you'd set it to ".example.com". Setting it to www.example.com will make the cookie only available in the www subdomain secure (Optional). Specifies whether or not the cookie should only be transmitted over a secure HTTPS connection. TRUE indicates that the cookie will only be set if a secure connection exists. Default is FALSE.
Cookies from HTTP GET /*.html HTTP/1.1 Host: it026954.domain GET /*.html HTTP/1.1 Host: it026945.domain Cookie: name=value Accept: */* HTTP/1.1 200 OK Content-type: text/html Set-Cookie: name=value (content of page) Client (e.g. Firefox) it026945
Creating PHP cookies Cookies can be set by directly manipulating the HTTP header using the PHP header() function <?php header(“Set-Cookie: mycookie=myvalue; path=/; domain=.coggeshall.org”); ?>
Creating cookies with setcookie() Use the PHP setcookie() function: Setcookie (name,value,expire, path, domain, secure) e.g. <?php setcookie("MyCookie", $value, time()+3600*24); setcookie("AnotherCookie", $value, time()+3600); ?>  Name: name of the file  Value: data stored in the file  Expire: data string defining the life time  Path: subset of URLs in a domain where it is valid  Domain: domain for which the cookie is valid  Secure: set to '1' to transmit in HTTPS
Reading cookies <?php foreach ($_COOKIE as $key=>$val) { print $key . " => " . $val . "<br/>"; } ?> To access a cookie received from a client, use the PHP $_COOKIE superglobal array Each key in the array represents a cookie - the key name is the cookie name.
Creating and using cookies example <?php setcookie("MyCookie", $value, time()+7200); setcookie("AnotherCookie", $value, time()+7); ?> <?php foreach ($_COOKIE as $key=>$val) { print $key . " => " . $val . "<br/>"; } ?>  Cookies only become visible on the next page load
Using headers (wrong approach!) <!DOCTYPE html PUBLIC "=//W3C//DTD XHMTL 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhmtl" xml:lang="en"> <head><title>PHP Script using Cookies</title> <meta http-equiv="Content-Type" content="text/html; chatset=ISO-8859-1" /> </head> <body> <?php $strValue = "This is my first cookie"; setcookie ("mycookie", $strValue); echo "Cookie set<br>"; ?> </body> </html> Gets an error!: Warning: Cannot modify header information - headers already sent by (output started at /var/www/html/TESTandre/159339/PHP/cookie_with_headers.php:9) in /var/www/html/TESTandre/159339/PHP/cookie_with_headers.php on line 11 (adapted from Stobart & Parsons (2008))
Using headers setcookie() did not run before information was sent to the browser... Cookies have to be sent before the heading elements
Using headers (correct approach) <?php $strValue = "This is my first cookie"; setcookie ("mycookie", $strValue); echo "Cookie set<br>"; ?> <!DOCTYPE html PUBLIC "=//W3C//DTD XHMTL 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhmtl" xml:lang="en"> <head><title>PHP Script using Cookies</title> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> </head> <body> <?php echo “<p> A cookie has been set. </p>”; ?> </body> </html> This is the correct approach!
Deleting a cookie  Set the cookie with its name only: setcookie(“mycookie”);
Multiple data items  Use explode() e.g. <?php $strAddress = $_SERVER['REMOTE_ADDR']; $strBrowser = $_SERVER['HTTP_USER_AGENT']; $strOperatingSystem = $_ENV['OS']; $strInfo = "$strAddress::$strBrowser::$strOperatingSystem"; setcookie ("somecookie4",$strInfo, time()+7200); ?> <?php $strReadCookie = $_COOKIE["somecookie4"]; $arrListOfStrings = explode ("::", $strReadCookie); echo "<p>$strInfo</p>"; echo "<p>Your IP address is: $arrListOfStrings[0] </p>"; echo "<p>Client Browser is: $arrListOfStrings[1] </p>"; echo "<p>Your OS is: $arrListOfStrings[2] </p>"; ?>
Where is the cookie stored?
Where is the cookie stored  Depends on the browser...  e.g., firefox/mozilla under /home/a________  Look for cookies.txt in .mozilla directory  Usually under:  /home/a______/.mozilla/firefox/asdkfljy.default  Cookie is stored only if there is an expiry date  Otherwise it is deleted when leaving browser  Persistent only if an expiry date is set
PHP Session
You can store user information (e.g. username, items selected, etc.) in the server side for later use using PHP session. Sessions work by creating a unique id (UID) for each visitor and storing variables based on this UID. The UID is either stored in a cookie or is propagated in the URL. PHP Sessions
When should you use sessions?  Need for data to stored on the server  Unique session information for each user  Transient data, only relevant for short time  Data does not contain secret information  Similar to Cookies, but it is stored on the server  More secure, once established, no data is sent back and forth between the machines  Works even if cookies are disabled  Example: we want to count the number of “hits” on our web page.
<?php session_start(); ?> <html> <body> </body> </html> session_start() function must appear BEFORE the <html> tag. Before you can store user information in your PHP session, you must first start up the session.
PHP Sessions  Starting a PHP session: <?php session_start(); ?> • This tells PHP that a session is requested. • A session ID is then allocated at the server end. • session ID looks like: sess_f1234781237468123768asjkhfa7891234g
Session variables  $_SESSION  e.g., $_SESSION[“intVar”] = 10;  Testing if a session variable has been set: session_start(); if(!$_SESSION['intVar']) {...} //intVar is set or not
Registering session variables  Instead of setting superglobals, one can register one’s own session variables <?php $barney = “A big purple dinosaur.”; $myvar_name = “barney”; session_register($myvar_name); ?> • $barney can now be accessed “globally” from session to session  This only works if the register_globals directive is enabled in php.ini - nowadays this is turned off by default Use of session_register() is deprecated!
Make your own session variables  With session_start() a default session variable is created - the name extracted from the page name  To create your own session variable just add a new key to the $_SESSION superglobal $_SESSION[‘dug’] = “a talking dog.”; Use of $_SESSION is preferred, as of PHP 4.1.0.
Session Example 1 <?php session_start(); if (!isset($_SESSION["intVar"]) ){ $_SESSION["intVar"] = 1; } else { $_SESSION["intVar"]++; } echo "<p>In this session you have accessed this page " . $_SESSION["intVar"] . "times.</p>"; ?>
<?php session_start();?> <?php $thisPage = $_SERVER['PHP_SELF']; $pageNameArray = explode('/', $thisPage); $pageName = $pageNameArray[count($pageNameArray) - 1]; print "The name of this page is: $pageName<br/>"; $nameItems = explode(‘.', $pageName); $sessionName = $nameItems[0]; print "The session name is $sessionName<br/>"; if (!isset($_SESSION[$sessionName])) { $_SESSION[$sessionName] = 0; print "This is the first time you have visited this page<br/>"; } else { $_SESSION[$sessionName]++; } print "<h1>You have visited this page " . $_SESSION[$sessionName] . " times</h1>"; ?> Session Example 2
Ending sessions unset($_SESSION[‘name’]) –Remove a session variable session_destroy() – Destroys all data registered to a session – does not unset session global variables and cookies associated with the session –Not normally done - leave to timeout
Destroying a session completely <?php // Initialize the session. // If you are using session_name("something"), don't forget it now! session_start(); // Unset all of the session variables. $_SESSION = array(); // If it's desired to kill the session, also delete the session cookie. // Note: This will destroy the session, and not just the session data! if (ini_get("session.use_cookies")) { // Returns the value of the configuration option $params = session_get_cookie_params(); setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"] ); } // Finally, destroy the session. session_destroy(); ?> http://nz2.php.net/manual/en/function.session-destroy.php returns the name of the current session
Session Example 3 <?php session_start(); if(!isset($_SESSION['strColourBg'])) $_SESSION['strColourBg'] = "red"; else echo "Currently Bg set to " . $_SESSION['strColourBg'] . "<br>"; if(!isset($_SESSION['strColourFg'])) $_SESSION['strColourFg'] = "yellow"; else echo "Currently Fg set to " . $_SESSION['strColourFg']; if(isset($_POST["submit"]) ) { $strColourBg = $_POST["strNewBg"]; $strColourFg = $_POST["strNewFg"]; $_SESSION['strColourBg'] = $strColourBg; $_SESSION['strColourFg'] = $strColourFg; echo "<br>New Settings"; } else { $strColourBg = $_SESSION['strColourBg']; $strColourFg = $_SESSION['strColourFg']; echo "<br>Keep old settings"; } ?>
Session Example 3 (cont.) <head> <style type="text/css"> body {background-color: <?php echo $strColourBg ?>} p {color: <?php echo $strColourFg?>} h2 {color: <?php echo $strColourFg?>} </style></head> <body> <h2>h2 colour</h2> <form action = '<?php echo $SERVER["PHP_SELF"] ?>' method='post'> <label for="strNewBg"> Background colour: </label> <select name='strNewBg' id='strNewBg'> <option>red</option> ... <option>grey</option> </select> <label for="strNewFg"> Text colour: </label> <select name='strNewFg' id='strNewFg'> <option>yellow</option> ... <option>grey</option> </select> <input type='submit' name='submit'/> </form></body> (adapted from Stobart & Parsons, 2008)
Examples php_imagefields.php php_retention.php upload.html upload.php php_imagefields.php php_imagecreation.php php_truetypefonts.php php_file_get_contents.php php_cookie_multipledata.php cookie1.php cookie_with_headers.php session1.php session2.php php_session_colours2.php php_session_destroy.php
Summary PHP sessions and cookies are mechanisms for introducing state into HTTP transactions.
Ad

Recommended

Lecture 11 - PHP - Part 5 - CookiesSessions.ppt
Lecture 11 - PHP - Part 5 - CookiesSessions.pptLecture 11 - PHP - Part 5 - CookiesSessions.ppt
Lecture 11 - PHP - Part 5 - CookiesSessions.ppt
pondypaiyan
 
PHP-Cookies-Sessions.pdf
PHP-Cookies-Sessions.pdfPHP-Cookies-Sessions.pdf
PHP-Cookies-Sessions.pdf
HumphreyOwuor1
 
Lecture8 php page control by okello erick
Lecture8 php page control by okello erickLecture8 php page control by okello erick
Lecture8 php page control by okello erick
okelloerick
 
4.4 PHP Session
4.4 PHP Session4.4 PHP Session
4.4 PHP Session
Jalpesh Vasa
 
PHP SESSIONS & COOKIE.pptx
PHP SESSIONS & COOKIE.pptxPHP SESSIONS & COOKIE.pptx
PHP SESSIONS & COOKIE.pptx
ShitalGhotekar
 
Sessions and cookies
Sessions and cookiesSessions and cookies
Sessions and cookies
www.netgains.org
 
Manish
ManishManish
Manish
Manish Jain
 
season management in php (WT)
season management in php (WT)season management in php (WT)
season management in php (WT)
kunjan shah
 
Cookies and sessions
Cookies and sessionsCookies and sessions
Cookies and sessions
salissal
 
Sessions n cookies
Sessions n cookiesSessions n cookies
Sessions n cookies
baabtra.com - No. 1 supplier of quality freshers
 
Cookies & Session
Cookies & SessionCookies & Session
Cookies & Session
university of education,Lahore
 
Php session
Php sessionPhp session
Php session
argusacademy
 
Web app development_cookies_sessions_14
Web app development_cookies_sessions_14Web app development_cookies_sessions_14
Web app development_cookies_sessions_14
Hassen Poreya
 
Web application security
Web application securityWeb application security
Web application security
Ravi Raj
 
PHP COOKIES AND SESSIONS
PHP COOKIES AND SESSIONSPHP COOKIES AND SESSIONS
PHP COOKIES AND SESSIONS
Degu8
 
Php ssession - cookies -introduction
Php ssession - cookies -introductionPhp ssession - cookies -introduction
Php ssession - cookies -introduction
Programmer Blog
 
PHP Cookies and Sessions
PHP Cookies and SessionsPHP Cookies and Sessions
PHP Cookies and Sessions
Nisa Soomro
 
Php sessions & cookies
Php sessions & cookiesPhp sessions & cookies
Php sessions & cookies
baabtra.com - No. 1 supplier of quality freshers
 
Php with my sql
Php with my sqlPhp with my sql
Php with my sql
husnara mohammad
 
PHP SA 2014 - Releasing Your Open Source Project
PHP SA 2014 - Releasing Your Open Source ProjectPHP SA 2014 - Releasing Your Open Source Project
PHP SA 2014 - Releasing Your Open Source Project
xsist10
 
Cake php
Cake phpCake php
Cake php
Jyotisankar Pradhan
 
Download It
Download ItDownload It
Download It
webhostingguy
 
LAMP security practices
LAMP security practicesLAMP security practices
LAMP security practices
Amit Kejriwal
 
Caching the Uncacheable
Caching the UncacheableCaching the Uncacheable
Caching the Uncacheable
danrot
 
Php 07-cookies-sessions
Php 07-cookies-sessionsPhp 07-cookies-sessions
Php 07-cookies-sessions
YUSRA FERNANDO
 
Sessions in php
Sessions in php Sessions in php
Sessions in php
Mudasir Syed
 
4 php-advanced
4 php-advanced4 php-advanced
4 php-advanced
Achchuthan Yogarajah
 
lecture 12.pptx
lecture 12.pptxlecture 12.pptx
lecture 12.pptx
ITNet
 
Data Virtualization: Bringing the Power of FME to Any Application
Data Virtualization: Bringing the Power of FME to Any ApplicationData Virtualization: Bringing the Power of FME to Any Application
Data Virtualization: Bringing the Power of FME to Any Application
Safe Software
 
LSNIF: Locally-Subdivided Neural Intersection Function
LSNIF: Locally-Subdivided Neural Intersection FunctionLSNIF: Locally-Subdivided Neural Intersection Function
LSNIF: Locally-Subdivided Neural Intersection Function
Takahiro Harada
 

More Related Content

Similar to Lecture 11 - PHP - Part 5 - CookiesSessions.ppt (20)

Cookies and sessions
Cookies and sessionsCookies and sessions
Cookies and sessions
salissal
 
Sessions n cookies
Sessions n cookiesSessions n cookies
Sessions n cookies
baabtra.com - No. 1 supplier of quality freshers
 
Cookies & Session
Cookies & SessionCookies & Session
Cookies & Session
university of education,Lahore
 
Php session
Php sessionPhp session
Php session
argusacademy
 
Web app development_cookies_sessions_14
Web app development_cookies_sessions_14Web app development_cookies_sessions_14
Web app development_cookies_sessions_14
Hassen Poreya
 
Web application security
Web application securityWeb application security
Web application security
Ravi Raj
 
PHP COOKIES AND SESSIONS
PHP COOKIES AND SESSIONSPHP COOKIES AND SESSIONS
PHP COOKIES AND SESSIONS
Degu8
 
Php ssession - cookies -introduction
Php ssession - cookies -introductionPhp ssession - cookies -introduction
Php ssession - cookies -introduction
Programmer Blog
 
PHP Cookies and Sessions
PHP Cookies and SessionsPHP Cookies and Sessions
PHP Cookies and Sessions
Nisa Soomro
 
Php sessions & cookies
Php sessions & cookiesPhp sessions & cookies
Php sessions & cookies
baabtra.com - No. 1 supplier of quality freshers
 
Php with my sql
Php with my sqlPhp with my sql
Php with my sql
husnara mohammad
 
PHP SA 2014 - Releasing Your Open Source Project
PHP SA 2014 - Releasing Your Open Source ProjectPHP SA 2014 - Releasing Your Open Source Project
PHP SA 2014 - Releasing Your Open Source Project
xsist10
 
Cake php
Cake phpCake php
Cake php
Jyotisankar Pradhan
 
Download It
Download ItDownload It
Download It
webhostingguy
 
LAMP security practices
LAMP security practicesLAMP security practices
LAMP security practices
Amit Kejriwal
 
Caching the Uncacheable
Caching the UncacheableCaching the Uncacheable
Caching the Uncacheable
danrot
 
Php 07-cookies-sessions
Php 07-cookies-sessionsPhp 07-cookies-sessions
Php 07-cookies-sessions
YUSRA FERNANDO
 
Sessions in php
Sessions in php Sessions in php
Sessions in php
Mudasir Syed
 
4 php-advanced
4 php-advanced4 php-advanced
4 php-advanced
Achchuthan Yogarajah
 
lecture 12.pptx
lecture 12.pptxlecture 12.pptx
lecture 12.pptx
ITNet
 
Cookies and sessions
Cookies and sessionsCookies and sessions
Cookies and sessions
salissal
 
Sessions n cookies
Sessions n cookiesSessions n cookies
Sessions n cookies
baabtra.com - No. 1 supplier of quality freshers
 
Cookies & Session
Cookies & SessionCookies & Session
Cookies & Session
university of education,Lahore
 
Php session
Php sessionPhp session
Php session
argusacademy
 
Web app development_cookies_sessions_14
Web app development_cookies_sessions_14Web app development_cookies_sessions_14
Web app development_cookies_sessions_14
Hassen Poreya
 
Web application security
Web application securityWeb application security
Web application security
Ravi Raj
 
PHP COOKIES AND SESSIONS
PHP COOKIES AND SESSIONSPHP COOKIES AND SESSIONS
PHP COOKIES AND SESSIONS
Degu8
 
Php ssession - cookies -introduction
Php ssession - cookies -introductionPhp ssession - cookies -introduction
Php ssession - cookies -introduction
Programmer Blog
 
PHP Cookies and Sessions
PHP Cookies and SessionsPHP Cookies and Sessions
PHP Cookies and Sessions
Nisa Soomro
 
Php sessions & cookies
Php sessions & cookiesPhp sessions & cookies
Php sessions & cookies
baabtra.com - No. 1 supplier of quality freshers
 
Php with my sql
Php with my sqlPhp with my sql
Php with my sql
husnara mohammad
 
PHP SA 2014 - Releasing Your Open Source Project
PHP SA 2014 - Releasing Your Open Source ProjectPHP SA 2014 - Releasing Your Open Source Project
PHP SA 2014 - Releasing Your Open Source Project
xsist10
 
Cake php
Cake phpCake php
Cake php
Jyotisankar Pradhan
 
Download It
Download ItDownload It
Download It
webhostingguy
 
LAMP security practices
LAMP security practicesLAMP security practices
LAMP security practices
Amit Kejriwal
 
Caching the Uncacheable
Caching the UncacheableCaching the Uncacheable
Caching the Uncacheable
danrot
 
Php 07-cookies-sessions
Php 07-cookies-sessionsPhp 07-cookies-sessions
Php 07-cookies-sessions
YUSRA FERNANDO
 
Sessions in php
Sessions in php Sessions in php
Sessions in php
Mudasir Syed
 
4 php-advanced
4 php-advanced4 php-advanced
4 php-advanced
Achchuthan Yogarajah
 
lecture 12.pptx
lecture 12.pptxlecture 12.pptx
lecture 12.pptx
ITNet
 

Recently uploaded (20)

Data Virtualization: Bringing the Power of FME to Any Application
Data Virtualization: Bringing the Power of FME to Any ApplicationData Virtualization: Bringing the Power of FME to Any Application
Data Virtualization: Bringing the Power of FME to Any Application
Safe Software
 
LSNIF: Locally-Subdivided Neural Intersection Function
LSNIF: Locally-Subdivided Neural Intersection FunctionLSNIF: Locally-Subdivided Neural Intersection Function
LSNIF: Locally-Subdivided Neural Intersection Function
Takahiro Harada
 
How to Detect Outliers in IBM SPSS Statistics.pptx
How to Detect Outliers in IBM SPSS Statistics.pptxHow to Detect Outliers in IBM SPSS Statistics.pptx
How to Detect Outliers in IBM SPSS Statistics.pptx
Version 1 Analytics
 
Evaluation Challenges in Using Generative AI for Science & Technical Content
Evaluation Challenges in Using Generative AI for Science & Technical ContentEvaluation Challenges in Using Generative AI for Science & Technical Content
Evaluation Challenges in Using Generative AI for Science & Technical Content
Paul Groth
 
Cybersecurity Fundamentals: Apprentice - Palo Alto Certificate
Cybersecurity Fundamentals: Apprentice - Palo Alto CertificateCybersecurity Fundamentals: Apprentice - Palo Alto Certificate
Cybersecurity Fundamentals: Apprentice - Palo Alto Certificate
VICTOR MAESTRE RAMIREZ
 
Top 25 AI Coding Agents for Vibe Coders to Use in 2025.pdf
Top 25 AI Coding Agents for Vibe Coders to Use in 2025.pdfTop 25 AI Coding Agents for Vibe Coders to Use in 2025.pdf
Top 25 AI Coding Agents for Vibe Coders to Use in 2025.pdf
SOFTTECHHUB
 
Boosting MySQL with Vector Search -THE VECTOR SEARCH CONFERENCE 2025 .pdf
Boosting MySQL with Vector Search -THE VECTOR SEARCH CONFERENCE 2025 .pdfBoosting MySQL with Vector Search -THE VECTOR SEARCH CONFERENCE 2025 .pdf
Boosting MySQL with Vector Search -THE VECTOR SEARCH CONFERENCE 2025 .pdf
Alkin Tezuysal
 
Establish Visibility and Manage Risk in the Supply Chain with Anchore SBOM
Establish Visibility and Manage Risk in the Supply Chain with Anchore SBOMEstablish Visibility and Manage Risk in the Supply Chain with Anchore SBOM
Establish Visibility and Manage Risk in the Supply Chain with Anchore SBOM
Anchore
 
The case for on-premises AI
The case for on-premises AIThe case for on-premises AI
The case for on-premises AI
Principled Technologies
 
AI Creative Generates You Passive Income Like Never Before
AI Creative Generates You Passive Income Like Never BeforeAI Creative Generates You Passive Income Like Never Before
AI Creative Generates You Passive Income Like Never Before
SivaRajan47
 
Jira Administration Training – Day 1 : Introduction
Jira Administration Training – Day 1 : IntroductionJira Administration Training – Day 1 : Introduction
Jira Administration Training – Day 1 : Introduction
Ravi Teja
 
Compliance-as-a-Service document pdf text
Compliance-as-a-Service document pdf textCompliance-as-a-Service document pdf text
Compliance-as-a-Service document pdf text
Earthling security
 
Introduction to Internet of things .ppt.
Introduction to Internet of things .ppt.Introduction to Internet of things .ppt.
Introduction to Internet of things .ppt.
hok12341073
 
How Advanced Environmental Detection Is Revolutionizing Oil & Gas Safety.pdf
How Advanced Environmental Detection Is Revolutionizing Oil & Gas Safety.pdfHow Advanced Environmental Detection Is Revolutionizing Oil & Gas Safety.pdf
How Advanced Environmental Detection Is Revolutionizing Oil & Gas Safety.pdf
Rejig Digital
 
End-to-end Assurance for SD-WAN & SASE with ThousandEyes
End-to-end Assurance for SD-WAN & SASE with ThousandEyesEnd-to-end Assurance for SD-WAN & SASE with ThousandEyes
End-to-end Assurance for SD-WAN & SASE with ThousandEyes
ThousandEyes
 
Agentic AI: Beyond the Buzz- LangGraph Studio V2
Agentic AI: Beyond the Buzz- LangGraph Studio V2Agentic AI: Beyond the Buzz- LangGraph Studio V2
Agentic AI: Beyond the Buzz- LangGraph Studio V2
Shashikant Jagtap
 
Developing Schemas with FME and Excel - Peak of Data & AI 2025
Developing Schemas with FME and Excel - Peak of Data & AI 2025Developing Schemas with FME and Excel - Peak of Data & AI 2025
Developing Schemas with FME and Excel - Peak of Data & AI 2025
Safe Software
 
Dancing with AI - A Developer's Journey.pptx
Dancing with AI - A Developer's Journey.pptxDancing with AI - A Developer's Journey.pptx
Dancing with AI - A Developer's Journey.pptx
Elliott Richmond
 
7 Salesforce Data Cloud Best Practices.pdf
7 Salesforce Data Cloud Best Practices.pdf7 Salesforce Data Cloud Best Practices.pdf
7 Salesforce Data Cloud Best Practices.pdf
Minuscule Technologies
 
Domino IQ – Was Sie erwartet, erste Schritte und Anwendungsfälle
Domino IQ – Was Sie erwartet, erste Schritte und AnwendungsfälleDomino IQ – Was Sie erwartet, erste Schritte und Anwendungsfälle
Domino IQ – Was Sie erwartet, erste Schritte und Anwendungsfälle
panagenda
 
Data Virtualization: Bringing the Power of FME to Any Application
Data Virtualization: Bringing the Power of FME to Any ApplicationData Virtualization: Bringing the Power of FME to Any Application
Data Virtualization: Bringing the Power of FME to Any Application
Safe Software
 
LSNIF: Locally-Subdivided Neural Intersection Function
LSNIF: Locally-Subdivided Neural Intersection FunctionLSNIF: Locally-Subdivided Neural Intersection Function
LSNIF: Locally-Subdivided Neural Intersection Function
Takahiro Harada
 
How to Detect Outliers in IBM SPSS Statistics.pptx
How to Detect Outliers in IBM SPSS Statistics.pptxHow to Detect Outliers in IBM SPSS Statistics.pptx
How to Detect Outliers in IBM SPSS Statistics.pptx
Version 1 Analytics
 
Evaluation Challenges in Using Generative AI for Science & Technical Content
Evaluation Challenges in Using Generative AI for Science & Technical ContentEvaluation Challenges in Using Generative AI for Science & Technical Content
Evaluation Challenges in Using Generative AI for Science & Technical Content
Paul Groth
 
Cybersecurity Fundamentals: Apprentice - Palo Alto Certificate
Cybersecurity Fundamentals: Apprentice - Palo Alto CertificateCybersecurity Fundamentals: Apprentice - Palo Alto Certificate
Cybersecurity Fundamentals: Apprentice - Palo Alto Certificate
VICTOR MAESTRE RAMIREZ
 
Top 25 AI Coding Agents for Vibe Coders to Use in 2025.pdf
Top 25 AI Coding Agents for Vibe Coders to Use in 2025.pdfTop 25 AI Coding Agents for Vibe Coders to Use in 2025.pdf
Top 25 AI Coding Agents for Vibe Coders to Use in 2025.pdf
SOFTTECHHUB
 
Boosting MySQL with Vector Search -THE VECTOR SEARCH CONFERENCE 2025 .pdf
Boosting MySQL with Vector Search -THE VECTOR SEARCH CONFERENCE 2025 .pdfBoosting MySQL with Vector Search -THE VECTOR SEARCH CONFERENCE 2025 .pdf
Boosting MySQL with Vector Search -THE VECTOR SEARCH CONFERENCE 2025 .pdf
Alkin Tezuysal
 
Establish Visibility and Manage Risk in the Supply Chain with Anchore SBOM
Establish Visibility and Manage Risk in the Supply Chain with Anchore SBOMEstablish Visibility and Manage Risk in the Supply Chain with Anchore SBOM
Establish Visibility and Manage Risk in the Supply Chain with Anchore SBOM
Anchore
 
The case for on-premises AI
The case for on-premises AIThe case for on-premises AI
The case for on-premises AI
Principled Technologies
 
AI Creative Generates You Passive Income Like Never Before
AI Creative Generates You Passive Income Like Never BeforeAI Creative Generates You Passive Income Like Never Before
AI Creative Generates You Passive Income Like Never Before
SivaRajan47
 
Jira Administration Training – Day 1 : Introduction
Jira Administration Training – Day 1 : IntroductionJira Administration Training – Day 1 : Introduction
Jira Administration Training – Day 1 : Introduction
Ravi Teja
 
Compliance-as-a-Service document pdf text
Compliance-as-a-Service document pdf textCompliance-as-a-Service document pdf text
Compliance-as-a-Service document pdf text
Earthling security
 
Introduction to Internet of things .ppt.
Introduction to Internet of things .ppt.Introduction to Internet of things .ppt.
Introduction to Internet of things .ppt.
hok12341073
 
How Advanced Environmental Detection Is Revolutionizing Oil & Gas Safety.pdf
How Advanced Environmental Detection Is Revolutionizing Oil & Gas Safety.pdfHow Advanced Environmental Detection Is Revolutionizing Oil & Gas Safety.pdf
How Advanced Environmental Detection Is Revolutionizing Oil & Gas Safety.pdf
Rejig Digital
 
End-to-end Assurance for SD-WAN & SASE with ThousandEyes
End-to-end Assurance for SD-WAN & SASE with ThousandEyesEnd-to-end Assurance for SD-WAN & SASE with ThousandEyes
End-to-end Assurance for SD-WAN & SASE with ThousandEyes
ThousandEyes
 
Agentic AI: Beyond the Buzz- LangGraph Studio V2
Agentic AI: Beyond the Buzz- LangGraph Studio V2Agentic AI: Beyond the Buzz- LangGraph Studio V2
Agentic AI: Beyond the Buzz- LangGraph Studio V2
Shashikant Jagtap
 
Developing Schemas with FME and Excel - Peak of Data & AI 2025
Developing Schemas with FME and Excel - Peak of Data & AI 2025Developing Schemas with FME and Excel - Peak of Data & AI 2025
Developing Schemas with FME and Excel - Peak of Data & AI 2025
Safe Software
 
Dancing with AI - A Developer's Journey.pptx
Dancing with AI - A Developer's Journey.pptxDancing with AI - A Developer's Journey.pptx
Dancing with AI - A Developer's Journey.pptx
Elliott Richmond
 
7 Salesforce Data Cloud Best Practices.pdf
7 Salesforce Data Cloud Best Practices.pdf7 Salesforce Data Cloud Best Practices.pdf
7 Salesforce Data Cloud Best Practices.pdf
Minuscule Technologies
 
Domino IQ – Was Sie erwartet, erste Schritte und Anwendungsfälle
Domino IQ – Was Sie erwartet, erste Schritte und AnwendungsfälleDomino IQ – Was Sie erwartet, erste Schritte und Anwendungsfälle
Domino IQ – Was Sie erwartet, erste Schritte und Anwendungsfälle
panagenda
 
Ad

Lecture 11 - PHP - Part 5 - CookiesSessions.ppt

  • 1. PHP – Cookies and Sessions
  • 2. The need for persistence  Consider these examples  Counting the number of “hits” on a website  i.e. how many times does a client load your web page source  The questionnaire on computing experience  Somehow your .php needs to remember previous instances of it being requested by a client
  • 3. Persistence  Persistence is the ability of data to outlive the execution of the program that created them.  An obvious way of achieving persistence is to simply save the data in a file
  • 4. Persistence and HTTP Recall http is a stateless protocol. It remembers nothing about previous transfers Two ways to achieve persistence:  PHP cookies  PHP sessions HTTP server Client Cookie Session
  • 5. HTTP Cookies In internet programming, a cookie is a packet of information sent from the server to client, and then sent back to the server each time it is accessed by the client. Introduces state into HTTP (remember: HTTP is stateless) Cookies are transferred between server and client according to http. PHP supports http cookies Cookies can also be thought of as tickets used to identify clients and their orders
  • 6. How Cookies are implemented  Cookies are sent from the server to the client via “Set- Cookie” headers Set-Cookie: NAME=VALUE; expires=DATE; path=PATH; domain=DOMAIN_NAME; secure  The NAME value is a URL-encoded name that identifies the cookie.  The PATH and DOMAIN specify where the cookie applies
  • 7. setcookie(name,value,expire,path,domain,secure) Parameter Description name (Required). Specifies the name of the cookie value (Required). Specifies the value of the cookie expire (Optional). Specifies when the cookie expires. e.g. time()+3600*24*30 will set the cookie to expire in 30 days. If this parameter is not set, the cookie will expire at the end of the session (when the browser closes). path (Optional). Specifies the server path of the cookie. If set to "/", the cookie will be available within the entire domain. If set to "/phptest/", the cookie will only be available within the test directory and all sub-directories of phptest. The default value is the current directory that the cookie is being set in. domain (Optional). Specifies the domain name of the cookie. To make the cookie available on all subdomains of example.com then you'd set it to ".example.com". Setting it to www.example.com will make the cookie only available in the www subdomain secure (Optional). Specifies whether or not the cookie should only be transmitted over a secure HTTPS connection. TRUE indicates that the cookie will only be set if a secure connection exists. Default is FALSE.
  • 8. Cookies from HTTP GET /*.html HTTP/1.1 Host: it026954.domain GET /*.html HTTP/1.1 Host: it026945.domain Cookie: name=value Accept: */* HTTP/1.1 200 OK Content-type: text/html Set-Cookie: name=value (content of page) Client (e.g. Firefox) it026945
  • 9. Creating PHP cookies Cookies can be set by directly manipulating the HTTP header using the PHP header() function <?php header(“Set-Cookie: mycookie=myvalue; path=/; domain=.coggeshall.org”); ?>
  • 10. Creating cookies with setcookie() Use the PHP setcookie() function: Setcookie (name,value,expire, path, domain, secure) e.g. <?php setcookie("MyCookie", $value, time()+3600*24); setcookie("AnotherCookie", $value, time()+3600); ?>  Name: name of the file  Value: data stored in the file  Expire: data string defining the life time  Path: subset of URLs in a domain where it is valid  Domain: domain for which the cookie is valid  Secure: set to '1' to transmit in HTTPS
  • 11. Reading cookies <?php foreach ($_COOKIE as $key=>$val) { print $key . " => " . $val . "<br/>"; } ?> To access a cookie received from a client, use the PHP $_COOKIE superglobal array Each key in the array represents a cookie - the key name is the cookie name.
  • 12. Creating and using cookies example <?php setcookie("MyCookie", $value, time()+7200); setcookie("AnotherCookie", $value, time()+7); ?> <?php foreach ($_COOKIE as $key=>$val) { print $key . " => " . $val . "<br/>"; } ?>  Cookies only become visible on the next page load
  • 13. Using headers (wrong approach!) <!DOCTYPE html PUBLIC "=//W3C//DTD XHMTL 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhmtl" xml:lang="en"> <head><title>PHP Script using Cookies</title> <meta http-equiv="Content-Type" content="text/html; chatset=ISO-8859-1" /> </head> <body> <?php $strValue = "This is my first cookie"; setcookie ("mycookie", $strValue); echo "Cookie set<br>"; ?> </body> </html> Gets an error!: Warning: Cannot modify header information - headers already sent by (output started at /var/www/html/TESTandre/159339/PHP/cookie_with_headers.php:9) in /var/www/html/TESTandre/159339/PHP/cookie_with_headers.php on line 11 (adapted from Stobart & Parsons (2008))
  • 14. Using headers setcookie() did not run before information was sent to the browser... Cookies have to be sent before the heading elements
  • 15. Using headers (correct approach) <?php $strValue = "This is my first cookie"; setcookie ("mycookie", $strValue); echo "Cookie set<br>"; ?> <!DOCTYPE html PUBLIC "=//W3C//DTD XHMTL 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhmtl" xml:lang="en"> <head><title>PHP Script using Cookies</title> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> </head> <body> <?php echo “<p> A cookie has been set. </p>”; ?> </body> </html> This is the correct approach!
  • 16. Deleting a cookie  Set the cookie with its name only: setcookie(“mycookie”);
  • 17. Multiple data items  Use explode() e.g. <?php $strAddress = $_SERVER['REMOTE_ADDR']; $strBrowser = $_SERVER['HTTP_USER_AGENT']; $strOperatingSystem = $_ENV['OS']; $strInfo = "$strAddress::$strBrowser::$strOperatingSystem"; setcookie ("somecookie4",$strInfo, time()+7200); ?> <?php $strReadCookie = $_COOKIE["somecookie4"]; $arrListOfStrings = explode ("::", $strReadCookie); echo "<p>$strInfo</p>"; echo "<p>Your IP address is: $arrListOfStrings[0] </p>"; echo "<p>Client Browser is: $arrListOfStrings[1] </p>"; echo "<p>Your OS is: $arrListOfStrings[2] </p>"; ?>
  • 18. Where is the cookie stored?
  • 19. Where is the cookie stored  Depends on the browser...  e.g., firefox/mozilla under /home/a________  Look for cookies.txt in .mozilla directory  Usually under:  /home/a______/.mozilla/firefox/asdkfljy.default  Cookie is stored only if there is an expiry date  Otherwise it is deleted when leaving browser  Persistent only if an expiry date is set
  • 21. You can store user information (e.g. username, items selected, etc.) in the server side for later use using PHP session. Sessions work by creating a unique id (UID) for each visitor and storing variables based on this UID. The UID is either stored in a cookie or is propagated in the URL. PHP Sessions
  • 22. When should you use sessions?  Need for data to stored on the server  Unique session information for each user  Transient data, only relevant for short time  Data does not contain secret information  Similar to Cookies, but it is stored on the server  More secure, once established, no data is sent back and forth between the machines  Works even if cookies are disabled  Example: we want to count the number of “hits” on our web page.
  • 23. <?php session_start(); ?> <html> <body> </body> </html> session_start() function must appear BEFORE the <html> tag. Before you can store user information in your PHP session, you must first start up the session.
  • 24. PHP Sessions  Starting a PHP session: <?php session_start(); ?> • This tells PHP that a session is requested. • A session ID is then allocated at the server end. • session ID looks like: sess_f1234781237468123768asjkhfa7891234g
  • 25. Session variables  $_SESSION  e.g., $_SESSION[“intVar”] = 10;  Testing if a session variable has been set: session_start(); if(!$_SESSION['intVar']) {...} //intVar is set or not
  • 26. Registering session variables  Instead of setting superglobals, one can register one’s own session variables <?php $barney = “A big purple dinosaur.”; $myvar_name = “barney”; session_register($myvar_name); ?> • $barney can now be accessed “globally” from session to session  This only works if the register_globals directive is enabled in php.ini - nowadays this is turned off by default Use of session_register() is deprecated!
  • 27. Make your own session variables  With session_start() a default session variable is created - the name extracted from the page name  To create your own session variable just add a new key to the $_SESSION superglobal $_SESSION[‘dug’] = “a talking dog.”; Use of $_SESSION is preferred, as of PHP 4.1.0.
  • 28. Session Example 1 <?php session_start(); if (!isset($_SESSION["intVar"]) ){ $_SESSION["intVar"] = 1; } else { $_SESSION["intVar"]++; } echo "<p>In this session you have accessed this page " . $_SESSION["intVar"] . "times.</p>"; ?>
  • 29. <?php session_start();?> <?php $thisPage = $_SERVER['PHP_SELF']; $pageNameArray = explode('/', $thisPage); $pageName = $pageNameArray[count($pageNameArray) - 1]; print "The name of this page is: $pageName<br/>"; $nameItems = explode(‘.', $pageName); $sessionName = $nameItems[0]; print "The session name is $sessionName<br/>"; if (!isset($_SESSION[$sessionName])) { $_SESSION[$sessionName] = 0; print "This is the first time you have visited this page<br/>"; } else { $_SESSION[$sessionName]++; } print "<h1>You have visited this page " . $_SESSION[$sessionName] . " times</h1>"; ?> Session Example 2
  • 30. Ending sessions unset($_SESSION[‘name’]) –Remove a session variable session_destroy() – Destroys all data registered to a session – does not unset session global variables and cookies associated with the session –Not normally done - leave to timeout
  • 31. Destroying a session completely <?php // Initialize the session. // If you are using session_name("something"), don't forget it now! session_start(); // Unset all of the session variables. $_SESSION = array(); // If it's desired to kill the session, also delete the session cookie. // Note: This will destroy the session, and not just the session data! if (ini_get("session.use_cookies")) { // Returns the value of the configuration option $params = session_get_cookie_params(); setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"] ); } // Finally, destroy the session. session_destroy(); ?> http://nz2.php.net/manual/en/function.session-destroy.php returns the name of the current session
  • 32. Session Example 3 <?php session_start(); if(!isset($_SESSION['strColourBg'])) $_SESSION['strColourBg'] = "red"; else echo "Currently Bg set to " . $_SESSION['strColourBg'] . "<br>"; if(!isset($_SESSION['strColourFg'])) $_SESSION['strColourFg'] = "yellow"; else echo "Currently Fg set to " . $_SESSION['strColourFg']; if(isset($_POST["submit"]) ) { $strColourBg = $_POST["strNewBg"]; $strColourFg = $_POST["strNewFg"]; $_SESSION['strColourBg'] = $strColourBg; $_SESSION['strColourFg'] = $strColourFg; echo "<br>New Settings"; } else { $strColourBg = $_SESSION['strColourBg']; $strColourFg = $_SESSION['strColourFg']; echo "<br>Keep old settings"; } ?>
  • 33. Session Example 3 (cont.) <head> <style type="text/css"> body {background-color: <?php echo $strColourBg ?>} p {color: <?php echo $strColourFg?>} h2 {color: <?php echo $strColourFg?>} </style></head> <body> <h2>h2 colour</h2> <form action = '<?php echo $SERVER["PHP_SELF"] ?>' method='post'> <label for="strNewBg"> Background colour: </label> <select name='strNewBg' id='strNewBg'> <option>red</option> ... <option>grey</option> </select> <label for="strNewFg"> Text colour: </label> <select name='strNewFg' id='strNewFg'> <option>yellow</option> ... <option>grey</option> </select> <input type='submit' name='submit'/> </form></body> (adapted from Stobart & Parsons, 2008)
  • 35. Summary PHP sessions and cookies are mechanisms for introducing state into HTTP transactions.