Cookies and Sessions
Cookies and Sessions
applications
Steve ‘131(CIVE)
Objectives
• Learn about Cookies
• Learn about Sessions
2
The need for persistence
Consider these examples
Counting the number of “hits” on a website
i.e. how many times does a client load your web page source
The questionnaire on computing experience
Somehow your .php needs to remember previous
instances of it being requested by a client
3
Persistence
Persistence is the ability of data to outlive the execution of the
program that created them.
An obvious way of achieving persistence is to simply save the
data in a file
4
Persistence and HTTP
Recall http is a stateless protocol. It remembers nothing about
previous transfers
Clien HTTP
t server
Session 5
Cookie
HTTP Cookies
In internet programming, a cookie is a packet of information sent from the
server to client, and then sent back to the server each time it is accessed by
the client.
Cookies can also be thought of as tickets used to identify clients and their
orders
6
How Cookies are implemented
Cookies are sent from the server to the client via “Set-Cookie”
headers
The NAME value is a URL-encoded name that identifies the
cookie.
The PATH and DOMAIN specify where the cookie applies
7
setcookie(name,value,expire,path,domain,secure)
Parameter Description
name (Required). Specifies the name of the cookie
value (Required). Specifies the value of the cookie
expire (Optional). Specifies when the cookie expires.
e.g. time()+3600*24*30 will set the cookie to expire in 30 days.
If this parameter is not set, the cookie will expire at the end of the session (when the
browser closes).
path (Optional). Specifies the server path of the cookie.
If set to "/", the cookie will be available within the entire domain.
If set to "/phptest/", the cookie will only be available within the test directory and all
sub-directories of phptest.
The default value is the current directory that the cookie is being set in.
<?php
header(“Set-Cookie: mycookie=myvalue; path=/; domain=.coggeshall.org”);
?>
10
Creating cookies with
setcookie()
Use the PHP setcookie() function:
Setcookie (name,value,expire, path, domain, secure)
e.g.
<?php
setcookie("MyCookie", $value, time()+3600*24);
setcookie("AnotherCookie", $value, time()+3600);
?>
Name: name of the file
Value: data stored in the file
Expire: data string defining the life time
Path: subset of URLs in a domain where it is valid
Domain: domain for which the cookie is valid
11
Secure: set to '1' to transmit in HTTPS
Reading cookies
To access a cookie received from a client, use the PHP
$_COOKIE superglobal array
<?php
?>
<?php
foreach ($_COOKIE as $key=>$val) {
print $key . " => " . $val . "<br/>";
}
?>
Cookies only become visible on the next page load 13
Using headers (wrong
approach!)
• <!DOCTYPE html PUBLIC "=//W3C//DTD XHMTL 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
• <html xmlns="http://www.w3.org/1999/xhmtl" xml:lang="en">
• <head><title>PHP Script using Cookies</title>
• <meta http-equiv="Content-Type" content="text/html; chatset=ISO-
8859-1" />
• </head>
• <body>
• <?php
• $strValue = "This is my first cookie";
• setcookie ("mycookie", $strValue);
• echo "Cookie set<br>";
• ?>
• </body>
• </html>
Gets an error!:
15
Using headers (correct
approach)
• <?php
• $strValue = "This is my first cookie";
• setcookie ("mycookie", $strValue);
• echo "Cookie set<br>";
• ?>
setcookie(“mycookie”);
17
Multiple data items
Use explode() e.g.
<?php
$strAddress = $_SERVER['REMOTE_ADDR'];
$strBrowser = $_SERVER['HTTP_USER_AGENT'];
$strOperatingSystem = $_ENV['OS'];
$strInfo = "$strAddress::$strBrowser::$strOperatingSystem";
setcookie ("somecookie4",$strInfo, time()+7200);
?>
<?php
$strReadCookie = $_COOKIE["somecookie4"];
$arrListOfStrings = explode ("::", $strReadCookie);
echo "<p>$strInfo</p>";
echo "<p>Your IP address is: $arrListOfStrings[0] </p>";
echo "<p>Client Browser is: $arrListOfStrings[1] </p>";
echo "<p>Your OS is: $arrListOfStrings[2] </p>";
?> 18
Where is the cookie stored?
19
Where is the cookie stored
Depends on the browser...
e.g., firefox/mozilla under /home/a________
Look for cookies.txt in .mozilla directory
Usually under:
/home/a______/.mozilla/firefox/asdkfljy.default
Cookie is stored only if there is an expiry date
Otherwise it is deleted when leaving browser
Persistent only if an expiry date is set
20
21
PHP Sessions
22
When should you use
sessions?
Need for data to stored on the server
Unique session information for each user
Transient data, only relevant for short time
Data does not contain secret information
Similar to Cookies, but it is stored on the server
More secure, once established, no data is sent back and forth
between the machines
Works even if cookies are disabled
Example: we want to count the number of “hits” on our web page.
23
Before you can store user information in your PHP session,
you must first start up the session.
<html>
<body>
</body>
</html>
24
PHP Sessions
Starting a PHP session:
<?php
session_start();
?>
25
Session variables
$_SESSION
e.g., $_SESSION[“intVar”] = 10;
Testing if a session variable has been set:
session_start();
if(!$_SESSION['intVar']) {...} //intVar is set or not
26
Make your own session variables
With session_start() a default session variable is created - the
name extracted from the page name
To create your own session variable just add a new key to the
$_SESSION superglobal
$_SESSION[‘dug’]
$_SESSION = “a talking dog.”;
27
sset($_SESSION[$sessionName])) {
$_SESSION[$sessionName] = 0;
print "This is the first time you have visited this page<br/>";
$_SESSION[$sessionName]++;
session_destroy()
– Destroys all data registered to a session
– does not unset session global variables and cookies associated
with the session
–Not normally done - leave to timeout
30
Destroying a session
completely
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) { // Returns the value of the configuration option
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"], returns the name of the
$params["secure"], $params["httponly"] current session
);
}
31
// Finally, destroy the session.
session_destroy();
?> http://nz2.php.net/manual/en/function.session-destroy.php
Session Example 3
• <?php
• session_start();
• if(isset($_POST["submit"]) ) {
• $strColourBg = $_POST["strNewBg"];
• $strColourFg = $_POST["strNewFg"];
• $_SESSION['strColourBg'] = $strColourBg;
• $_SESSION['strColourFg'] = $strColourFg;
• echo "<br>New Settings";
• }
• else {
• $strColourBg = $_SESSION['strColourBg'];
• $strColourFg = $_SESSION['strColourFg'];
• echo "<br>Keep old settings";
• } 32
• ?>
Session Example 3 (cont.)
• <head> <style type="text/css">
• body {background-color: <?php echo $strColourBg ?>}
• p {color: <?php echo $strColourFg?>}
• h2 {color: <?php echo $strColourFg?>}
• </style></head>
• <body>
• <h2>h2 colour</h2>
• <form action = '<?php echo $SERVER["PHP_SELF"] ?>'
method='post'>
• <label for="strNewBg"> Background colour: </label>
• <select name='strNewBg' id='strNewBg'>
• <option>red</option> ... <option>grey</option>
• </select>
• <label for="strNewFg"> Text colour: </label>
• <select name='strNewFg' id='strNewFg'>
• <option>yellow</option> ... <option>grey</option>
• </select> 33
• <input type='submit' name='submit'/>
• </form></body>
Summary
34