CHAPTER 5

Cookies and Sessions

COOKIES AND SESSIONS
Cookies
 You can store information in cookies and then retrieve it.

 You store cookies by using the setcookie function.

 The general format is as follows:

setcookie(“variable”,”value”);
 The variable is the variable name, but you do not include the
dollar sign ($).
 This statement stores the information only until the user leaves
your Web site.
  
 For example, the following statement stores the pair
city=Jimma in the cookie file on the user’s computer:
setcookie(“city”,”Jimma”);
COOKIES AND SESSIONS…
 When the user moves to the next page, the cookie information is
available in the built-in array called $_COOKIE.
 The next Web page can display the information from the cookie by
using the following statement.
echo “Your home city is “.$_COOKIE[‘city’];
 
 The output from this statement is as follows:
Your home city is Jimma
 
 Setting expiration dates
 If you want the information stored in a cookie to remain in a file
on the user’s computer after the user leaves your Web site, set your
cookie with an expiration time, as follows:
setcookie(“variable”,”value”,expiretime);
COOKIES AND SESSIONS…
 The expiretime value sets the time when the cookie expires.
 The value for expiretime is usually set by using either the time or mktime function as
follows:
 time: This function returns the current time in a format the computer can understand. You use
the time function plus a number of seconds to set the expiration time of the cookie:
setcookie(“state”, ”CA”, time()+3600); #expires in one hour
setcookie(“Name”, $Name, time()+(3*86400)) #expires 3 days
 
 mktime: This function returns a date and time in a format that the computer can understand.
You must provide the desired date and time in the following order: hour, minute, second,
month, day, and year. If any value is not included, the current value is used.
 
 This is shown in the following statements:
setcookie(“state”, ”CA”, mktime(3,0,0,4,1,2003)); #expires at 3:00 AM on April 1,
2003
setcookie(“state”, ”CA”, mktime(13,0,0,,,)); /#expires at 1:00 PM today
COOKIES AND SESSIONS…
 Deleting a Cookie
 Officially, to delete a cookie, you should call setcookie() with the name
argument only:
setcookie("vegetable");
 This approach does not always work well, however, and should not be
relied on.

 It is safest to set the cookie with a date you are sure has already expired:
setcookie("vegetable", "", time()-60);
 You should also ensure that you pass setcookie() the same path, domain,
and secure parameters as you did when originally setting the cookie.
COOKIES AND SESSIONS…
Session
 A session is the time that a user spends at your Web site.
 Users may view many Web pages between the time they enter your site and leave
it.
 Often you want information to be available for a complete session.
 
 After you create a session, the session variables are available for your use on any
other Web page.
 To make session information available, PHP does the following:
PHP assigns a session ID number.
The number is a really long number that is unique for the user and that no one could
possibly guess. The session ID is stored in a PHP system variable named PHPSESSID.
PHP stores the variables that you want saved for the session in a file on the server.
The file is named with the session ID number.
It’s stored in a directory specified by session.save_path in the php.ini file.
PHP passes the session ID number to every page.
COOKIES AND SESSIONS…
 If the user has cookies turned on, PHP passes the
session ID by using cookies.
 If the user has cookies turned off, PHP behavior
depends on whether trans-sid is turned on in php.ini.
 PHP gets the variables from the session file for each
new session page.
 Whenever a user opens a new page that is part of the
session, PHP gets the variables from the file by using
the session ID number that was passed from the
previous page.
 The variables are available in the $_SESSION array.
COOKIES AND SESSIONS…
Opening and closing sessions
 You should open a session at the beginning of each Web page.

 Open the session with the session_start function, as follows:

session_start();
 
 The function first checks for an existing session ID number.
 If it finds one, it sets up the session variables.

 If it doesn’t find one, it starts a new session by creating a new session ID

number.
 

 Because sessions use cookies, if the user has them turned on, session_start is
subject to the same limitation as cookies.
 That is, to avoid an error, the session_start function must be called before
any output is sent.
 This means that it is must be the first line code in your program.
COOKIES AND SESSIONS…
 You may want to restrict your site to users with a valid user ID and
password.
 For restricted sessions that users log into, you often want users to log out
when they’re finished.
 To close a session, use the following statement wherever to want to close the
session:
session_destroy();
 

Using PHP session variables

 To save a variable in a session so that it’s available on later Web pages, store the value in the
$_SESSION array, as follows:
$_SESSION[‘varname’] = “John Bonson”;
 When you open a session on any subsequent Web page, the values stored in the $_SESSION array are
available.

 If you want to stop storing any variable at any time, you can unset the variable by using the following
statement:
unset($_SESSION[‘varname’]);
COOKIES AND SESSIONS…
 The following two scripts show how to use sessions to pass information from one page
to the next.
<?php
/* Script name: sessionTest1.php */
session_start();
$_SESSION[‘fullName’] = “David John Antony”;
?>
<html>
<head><title>Testing Sessions page 1</title></head>
<body>
<p>This is a test of the sessions feature.
<form action=”sessionTest2.php” method=”POST”>
<input type=”text” name=”form_var” value=”testing”>
<input type=”submit” value=”Go to Next Page”>
</form>
</body>
COOKIES AND SESSIONS…
 In this script, a session is started and one session variable called fullName is
stored.
 A form is also displayed with one text field where the user can enter some text.
 When the submit button from this form, labeled “Go to Next Page” is clicked,
the sessionTest2.php script runs.
<?php
/* Script name: sessionTest2.php */
session_start();
$session_var = $_SESSION[‘fullName’];
$form_var = $_POST[‘form_var’];
echo “session_var = $session_var<br>\n”;
echo “form_var = $form_var<br>\n”;
?>
COOKIES AND SESSIONS…
 output:

session_var = “David John Antony”;

form_var = testing
COOKIES AND SESSIONS…
Restring pages by session
 In this case we may have different pages in our server and some
of the page may needs authentication before running and some
may not need authentication, to do this we can restrict via
session.
Eg if we write the following code at the first line of our php
script , it will go to login page if the page needs authentication
or if the session variable is not set.
<?php
session_start();
If (!isset($_SESSION[‘fullName’] ))
Header(“location:login.php”);
?>