This document discusses sessions and cookies in PHP. A session is a way to store data on the server that is associated with a user's session. It uses a cookie to track the session ID. Cookies are small files stored on a user's computer that allow servers to track state. Sessions can store more data than cookies and are deleted when the browser closes. Cookies persist until they expire. Sessions use the $_SESSION variable to store data while cookies use $_COOKIE.
This document discusses sessions and cookies in PHP. A session is a way to store data on the server that is associated with a user's session. It uses a cookie to track the session ID. Cookies are small files stored on a user's computer that allow servers to track state. Sessions can store more data than cookies and are deleted when the browser closes. Cookies persist until they expire. Sessions use the $_SESSION variable to store data while cookies use $_COOKIE.
This document discusses sessions and cookies in PHP. A session is a way to store data on the server that is associated with a user's session. It uses a cookie to track the session ID. Cookies are small files stored on a user's computer that allow servers to track state. Sessions can store more data than cookies and are deleted when the browser closes. Cookies persist until they expire. Sessions use the $_SESSION variable to store data while cookies use $_COOKIE.
This document discusses sessions and cookies in PHP. A session is a way to store data on the server that is associated with a user's session. It uses a cookie to track the session ID. Cookies are small files stored on a user's computer that allow servers to track state. Sessions can store more data than cookies and are deleted when the browser closes. Cookies persist until they expire. Sessions use the $_SESSION variable to store data while cookies use $_COOKIE.
What is a Session? A session is a global variable stored on the server. Each session is assigned a unique id which is used to retrieve stored values. Whenever a session is created, a cookie containing the unique session id is stored on the user’s computer and returned with every request to the server. Sessions have the capacity to store relatively large data compared to cookies. The session values are automatically deleted when the browser is closed. If you want to store the values permanently, then you should store them in the database. Session variables are stored in the $_SESSION array variable. the session must be started before any HTML tags. You want to store important information such as the user id more securely on the server where malicious users cannot temper with them. You want to pass values from one page to another. You want the alternative to cookies on browsers that do not support cookies. You want to store global variables in an efficient and more secure way compared to passing them in the URL You are developing an application such as a shopping cart,login page
Why and when to use Sessions? You want to store important information such as the user id more securely on the server where malicious users cannot temper with them. You want to pass values from one page to another. You want the alternative to cookies on browsers that do not support cookies. You want to store global variables in an efficient and more secure way compared to passing them in the URL You are developing an application such as a shopping cart,login page. Compiled By: Basanta Chapagain www.basantachapagain.com.np
Creating a Session
In order to create a session, you must first call the PHP session_start function and then store your values in the $_SESSION array variable. Let’s suppose we want to know the number of times that a page has been loaded, we can use a session to do that. The code below shows how to create and retrieve values from sessions
<?php
session_start(); //start the PHP_session function if(isset($_SESSION['page_count'])) { $_SESSION['page_count'] += 1; } else { $_SESSION['page_count'] = 1; } echo 'You are visitor number ' . $_SESSION['page_count']; ?>
Destroying Session Variables
The session_destroy() function is used to destroy the whole Php session variables. If you want to destroy only a session single item, you use the unset() function. The code below illustrates how to use both methods. <?php session_destroy(); //destroy entire session ?> <?php unset($_SESSION['product']); //destroy product session item ?> Session_destroy removes all the session data including cookies associated with the session. Compiled By: Basanta Chapagain www.basantachapagain.com.np
Unset only frees the individual session variables. Other data remains intact.
What is Cookie?
A cookie is a small file with the maximum size of 4KB that the web server stores on the client computer. Once a cookie has been set, all page requests that follow return the cookie name and value. A cookie can only be read from the domain that it has been issued from. For example, a cookie set using the domain www.example.com can not be read from the domain example1.com
Most of the websites on the internet display elements from other domains such as advertising. The domains serving these elements can also set their own cookies. These are known as third party cookies. A cookie created by a user can only be visible to them. Other users cannot see its value. Most web browsers have options for disabling cookies, third party cookies or both. If this is the case then PHP responds by passing the cookie token in the URL.
Here, 1) A user requests for a page that stores cookies 2) The server sets the cookie on the user’s computer 3) Other page requests from the user will return the cookie name and value Why and when to use Cookies? Compiled By: Basanta Chapagain www.basantachapagain.com.np
HTTP is a stateless protocol; cookies allow us to track the state of the application using small files stored on the user’s computer. The path were the cookies are stored depends on the browser. Internet Explorer usually stores them in Temporal Internet Files folder. Personalizing the user experience – this is achieved by allowing users to select their preferences like change color of website for specific computer only. The page requested that follow are personalized based on the set preferences in the cookies. Tracking the pages visited by a user
Creating Cookies <?php setcookie(name, value, [expiry_time], [path], [domain], [secure], [httponly]); ?> HERE, Php “setcookie” is the PHP function used to create the cookie. “name” is the name of the cookie that the server will use when retrieving its value from the $_COOKIE array variable. It’s mandatory. “value” is the value of the cookie and its mandatory “[expiry_time]” is optional; it can be used to set the expiry time for the cookie such as 1 hour. The time is set using the PHP time() functions plus or minus a number of seconds greater than 0 i.e. time() + 3600 for 1 hour. “[path]” is optional; it can be used to set the cookie path on the server. The forward slash “/” means that the cookie will be made available on the entire domain. Sub directories limit the cookie access to the subdomain. “[domain]” is optional, it can be used to define the cookie access hierarchy i.e. www.example.com means entire domain while www.sub.example.com limits the cookie access to www.sub.example.com and its sub domains. Compiled By: Basanta Chapagain www.basantachapagain.com.np
“[secure]” is optional, the default is false. It is used to determine whether the cookie is sent via https if it is set to true or http if it is set to false. “[Httponly]” is optional. If it is set to true, then only client side scripting languages i.e. JavaScript cannot access them.
Example : We will create a basic program that allows us to store the user name in a cookie that expires after 30 seconds. <?php setcookie("user_name", "Admin", time()+ 30,'/'); // expires after 30 seconds echo 'the cookie has been set for 30 seconds'; ?> Retrieving the Cookie value Cookie is stored into $_COOKIE. To access user_name index we need to write: <?php $username = $_COOKIE[‘user_name’]; ?> Delete Cookies
If you want to destroy a cookie before its expiry time, then you set the expiry time to a time that has already passed. <?php setcookie("user_name", "", time() 360,'/'); ?>
Difference Between Session and Cookie
Cookies Session Compiled By: Basanta Chapagain www.basantachapagain.com.np
Cookies are stored in browser as Sessions are stored in server side. text file format. It is stored limit amount of data. It is stored unlimited amount of data It is only allowing It is holding the multiple variable in 4kb[4096bytes]. sessions. It is not holding the multiple It is holding the multiple variable in variable in cookies. sessions. we can accessing the cookies we cannot accessing the session values in values in easily. So it is less easily. So it is more secure. secure. setting the cookie time to expire using session_destory(), we we will the cookie. destroyed the sessions. <?php
//destroyed the entire sessions //set cookies for 1 hour time setcookie($cookie_uname, session_destroy(); $cookie_uvalue, 3600, "/");
//Destroyed the session //expire cookies variable "user". setcookie($cookie_uname,"", unset($_SESSION['user']); 3600); ?> ?> The session_start() function must be the The setcookie() function must very first thing in your document. Before appear BEFORE the <html> tag. any HTML tags. Use $_COOKIE super global Use $_SESSION super global variable to variable to store and retrieve store and retrieve cookie value cookie value Compiled By: Basanta Chapagain www.basantachapagain.com.np
How Sessions Work • Sessions in PHP are started by using the session_start( ) function. • Like the setcookie( ) function, the session_start( ) function must come before any HTML, including blank lines, on the page.It will look like this: <?php session_start( ); ?> <html> <head> ....... etc • The session_start( ) function generates a random Session Id and stores it in a cookie on the user's computer (this is the only session information that is actually stored on the client side.) • The default name for the cookie is PHPSESSID, although this can be changed in the PHP configuration files on the server (most hosting companies will leave it alone, however.) • To reference the session Id in you PHP code, you would therefore reference the variable $PHPSESSID (it's a cookie name; remember that from Cookies?) or session_id() function. • And what happens when you come to the second pass/call through your page and reach the session_start( ) function again. PHP knows that if there is already a session on progress and so ignores subsequent instances of the session_start( ). • Having established a session, you can now create, store and retrieve information pertaining to that session.You might want, for example, to keep track of loggedin user in your server. Information for sessions is stored in a special directory on the server; the path of that directory is specified in the server's PHP configuration files. • Information to be stored for a session is kept in session variables. .To use that information (on any page iteration in the session) you simply reference the variable just like you would any other variable. Here's an example: <?php session_start(); //start session $_SESSION[‘username’] = ‘Admin’; //store into session Compiled By: Basanta Chapagain www.basantachapagain.com.np
echo $_SESSION[‘username’]; ?> • In this example we have started a session and We then created a session variable called username and stored it’s value “Admin” with the " = " assignment operator and then displayed the value of that session variable. • We now have all the basic tools to establish a session, and to create and use variables.
