PHP Cookies and Session
PHP Cookies and Session
PHP
Cookies and Sessions
HTTP - a ‘Stateless’ Environment
stateless
(adj.) Having no information about what occurred previously.
HTTP
Client server
Session
Cookie
Is PHP Stateless?
Variables are destroyed as soon as the page script
finishes executing.
The script can access the ‘referrer’, the address of the
previous page, although this can’t really be trusted.
$_SERVER['HTTP_REFERER']
It is possible to add data to a database/text file to add
persistent data, although this is not connected with a
particular user…
Cookies
What is a Cookie?
HTTP cookies are data which a server-side script sends
to a web client to keep for a period of time.
a small text file that is stored on a user’s computer
$cookie_name = "user";
$cookie_value = "John Doe";
setcookie($cookie_name, $cookie_value, time() + (86400 * 30), "/");
?>
Before <html><body> and output 86400 = 1 day
<html><body>
<?php
if(!isset($_COOKIE[$cookie_name])) {
echo "Cookie named '" . $cookie_name . "' is not set!";}
else {
echo "Cookie '" . $cookie_name . "' is set!<br>";
echo "Value is: " . $_COOKIE[$cookie_name];}
?>
</body></html> PHP
<?php
# use explode() to retrieve the 4 pieces of data
$strReadCookie = $_COOKIE["cookie4"];
$arrListOfStrings = explode ("::", $strReadCookie);
echo "<p>$strInfo</p>";;
echo "<p>Your IP address is: $arrListOfStrings[1] </p>";
echo "<p>Client Browser is: $arrListOfStrings[2] </p>";
echo "<p>Server name is: $arrListOfStrings[3] </p>";
?>
PHP
Wrap-up Example: greeting.php
First visit: form with a text field for user’s name
Subsequent visits: Welcome message with the name
Store the name field in a cookie:
Key: “name”; value: the user’s name input into the form
Remember: when a cookie is set (the setcookie() function call
is made), the cookie can only be accessed on the next request
if(isset($_COOKIE["name"])) {
$cookie_exp = time()+60*60; // one hour
$name = $_COOKIE["name"];
setcookie("name", $name, $cookie_exp);
if (isset($_COOKIE["visits"])) { $num_visits =
$_COOKIE["visits"]+1;
setcookie("visits", $num_visits, $cookie_exp);
}
echo "Welcome $name! ";
if (isset($_COOKIE["visits"])) {
echo "You've visited $num_visits times"; }
} PHP
Case 2&3: First and Second Visits
# case 2: upon submission of form
else if (isset($_GET["name"])) {
$name = $_GET["name"];
setcookie("name", $name, $cookie_exp);
setcookie("visits", 2, $cookie_exp);
echo "Welcome $name! This is your second visit.";
}
# case 3: first visit: need to show form
else {
# HereDoc
# Complex data types in strings must be surrounded by {} for
them to be parsed as variables
$form = <<< FORM
<form action="{$_SERVER["PHP_SELF"]}" method="get">
Enter your name here: <input type="text" name="name" />
<br /><input type="submit" />
</form>
FORM;
echo $form; PHP
Sessions
Cookies vs. Sessions
A session is a semi-permanent interactive information
interchange, between two or more communicating devices
<?php
session_start();
?>
<html>
<body>
</body>
</html> PHP
If found
Initializes the data
If not found
Create new session ID at the server end
Session ID looks 26fe536a534d3c7cde4297abb45e275a to
make it unique
PHP Session Access
Access data using the $_SESSION superglobal, just like
$_COOKIE, $_GET, or $_POST
<?php
#visitCountSession.php
session_start();
if (isset($_SESSION["count"])) {
$_SESSION["count"] += 1;
echo "You have visited here {$_SESSION["count"]} times";
}
else {
$_SESSION["count"] = 1;
echo "You have visited once";
}
?> PHP
PHP Session Propagation
Sessions need to pass the session id between pages as a
user browses to track the session.
It can do this in two ways:
Cookie propagation
URL propagation
</body>
</html> PHP