Scribd
Upload
26 views5 pages

COOKIES

Uploaded by

irfaniyman0403
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
26 views5 pages

COOKIES

Uploaded by

irfaniyman0403
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 5

SESSION & COOKIES

COOKIES & SESSIONS LAB


Please follow the steps carefully

Step 1: Set cookies and session


Script 9.1 login.php

The login.php script creates cookies upon a successful login.

// Set the cookies & redirect.


setcookie ('user_id', $row[0]);
setcookie ('first_name', $row[1]);

Step 2: Accessing cookies


Script 9.2 logged.in

The loggedin.php script prints a greeting to a user based upon a stored cookie.

4 // If no cookie is present, redirect the user.


5 if (!isset($_COOKIE['user_id'])) {

22 // Print a customized message.


23 echo "<h1>Logged In!</h1>
24 <p>You are now logged in,
{$_COOKIE['first_name']}!</p>

Step 3: Setting cookie parameters


Script 9,3 login.php

The login.php script now uses every argument the setcookie() function can take

35 // Set the cookies & redirect.


36 setcookie ('user_id', $row[0], time()+3600, '/', '',
0);
37 setcookie ('first_name', $row[1], time()+3600, '/', '',
0);

ICB36503 INFRASTRUCTURE FOR E-COMMERCE


ICB41503 E-COMMERCE DEVELOPMENT
IEB40403 E-COMMERCE WEB SITE ENGINEERING Page 1 of 5
SESSION & COOKIES

Step 4: Deleting cookies


Script 9.4 logout.php

The logout.php script deletes the previously established cookies.

17 } else { // Delete the cookies.


18 setcookie ('first_name', '', time()-300, '/', '', 0);
19 setcookie ('user_id', '', time()-300, '/', '', 0);
20 }

Step 5: To create the logout link


Script 9.5 header.html

The header.html file now displays either a login or a logout link depending upon the
user’s current status.

19 <li><?php
20 // Create a login/logout link.
21 if ( (isset($_SESSION['user_id'])) && (!
strpos($_SERVER['PHP_SELF'], 'logout.php')) ) {
22 echo '<a href="logout.php" title="Logout">Logout</a>';
23 } else {
24 echo '<a href="login.php" title="Login">Login</a>';
25 }
26 ?></li>

Step 6: Using Sessions


Script 9.6 login.php

The login.php script now uses sessions instead of cookies

35 // Set the session data & redirect.


36 session_start();
37 $_SESSION['user_id'] = $row[0];
38 $_SESSION['first_name'] = $row[1];

ICB36503 INFRASTRUCTURE FOR E-COMMERCE


ICB41503 E-COMMERCE DEVELOPMENT
IEB40403 E-COMMERCE WEB SITE ENGINEERING Page 2 of 5
SESSION & COOKIES

Step 7: Accessing Session Variables


Script 9.7 loggedin.php

4 session_start(); // Start the session.

6 // If no session value is present, redirect the user.


7 if (!isset($_SESSION['user_id'])) {

24 // Print a customized message.


25 echo "<h1>Logged In!</h1>
26 <p>You are now logged in, {$_SESSION['first_name']}!</p>
27 <p><br /><br /></p>";

Step 8: Accessing Session Variables


Scrip 9.8 header.html

The header.html now also references $_SESSION

20 // Create a login/logout link.


21 if ( (isset($_SESSION['user_id'])) && (!
strpos($_SERVER['PHP_SELF'], 'logout.php')) ) {
22 echo '<a href="logout.php" title="Logout">Logout</a>';
} else {
echo '<a href="login.php" title="Login">Login</a>';
}
?></li>

Step 9: Deleting Session Variables


Script 9.9 logout.php

Destroying a session requires special syntax

4 session_start(); // Access the existing session.

19 } else { // Cancel the session.


20 $_SESSION = array(); // Destroy the
variables.
21 session_destroy(); // Destroy the session
itself.
22 setcookie ('PHPSESSID', '', time()-300,
'/', '', 0); // Destroy the cookie.
}

ICB36503 INFRASTRUCTURE FOR E-COMMERCE


ICB41503 E-COMMERCE DEVELOPMENT
IEB40403 E-COMMERCE WEB SITE ENGINEERING Page 3 of 5
SESSION & COOKIES

Step 10: Changing the session behavior


Script 9.10 login.php

35 // Set the session data & redirect.


36 session_name ('YourVisitID');
37 session_start();
38 $_SESSION['user_id'] = $row[0];
39 $_SESSION['first_name'] = $row[1];

Step 11: Changing the session behavior


Script 9.11 loggedin.php
The same session name (YourVisitID) must be used across every script

4 session_name ('YourVisitID');
5 session_start(); // Start the session.

Step 12: Changing the session behavior


Script 9.12 logout.php
The logout.php page uses the session_name()function to also determine the name of the
cookie to be sent
4 session_name ('YourVisitID');
5 session_start(); // Access the existing session.

22 session_destroy(); // Destroy the session itself


23 setcookie (session_name(), ‘’, time()-300, ‘/’, ‘’, 0);
// Destroy the cookie
24 }
25

Step 13: To change the session cookie settings


Script 9.13 login.php

This version of the login.php script sets explicit cookie parameters.

35 // Set the session data & redirect.


36 session_name ('YourVisitID');
37 session_set_cookie_params (900, '/ch09/',
'www.domain.com');
38 session_start();
39 $_SESSION['user_id'] = $row[0];
40 $_SESSION['first_name'] = $row[1];

ICB36503 INFRASTRUCTURE FOR E-COMMERCE


ICB41503 E-COMMERCE DEVELOPMENT
IEB40403 E-COMMERCE WEB SITE ENGINEERING Page 4 of 5
SESSION & COOKIES

Step 14: To use sessions without cookies


Script 9.14 login.php

This version of the login.php script does not use cookies at all, instead maintaining the
state by passing the session ID in the URL

35 // Set the session data & redirect.


36 session_name ('YourVisitID');
37 ini_set('session.use_cookies', 0); // Don't
use cookies.
38 session_start();
39 $_SESSION['user_id'] = $row[0];
40 $_SESSION['first_name'] = $row[1];

49 // Add the page.


50 $url .= '/loggedin.php?' . SID; // Add the
session name & ID.

Step 15: Improving Security Session


Script 9.15 login.php

This final version of the login.php script also stores an encrypted form of the user’s
HTTP_USER_AGENT (the browser and the operating system of the client) in a session.

35 // Set the session data & redirect.


36 session_name ('YourVisitID');
37 session_start();
38 $_SESSION['user_id'] = $row[0];
39 $_SESSION['first_name'] = $row[1];
40 $_SESSION['agent'] =
md5($_SERVER['HTTP_USER_AGENT']);

49 // Add the page.


50 $url .= '/loggedin.php';

Step 16: Improving Security Session (cont’)


Script 9.16 loggedin.php

This loggedin.php script now confirms that the user accessing this page has the same
HTTP_USER_AGENT as they did when they logged in.

7 // If no session value is present, redirect the user


8 if (!isset($_SESSION[‘agent’]) OR ($_SESSION[‘agent’] !
=md5($_SERVER[‘HTTP_USER_AGENT’])) ) {

ICB36503 INFRASTRUCTURE FOR E-COMMERCE


ICB41503 E-COMMERCE DEVELOPMENT
IEB40403 E-COMMERCE WEB SITE ENGINEERING Page 5 of 5

You might also like