First Name Last Name Please enter your logon information: John Submit Chen Web Server Login.php Web Server Hello John Chen Greetings. php Please enter.

Slides:



Advertisements
Similar presentations
PHP Form and File Handling
Advertisements

PHP I.
CookiesPHPMay-2007 : [‹#›] Maintaining State in PHP Part I - Cookies.
UFCE8V-20-3 Information Systems Development 3 (SHAPE HK)
Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
PHP and the Web: Session : 4. Predefined variables PHP provides a large number of predefined global variables to any script which it runs also called.
Chapter 10 Managing State Information PHP Programming with MySQL.
Using Session Control in PHP tMyn1 Using Session Control in PHP HTTP is a stateless protocol, which means that the protocol has no built-in way of maintaining.
CSE 154 LECTURE 13: SESSIONS. Expiration / persistent cookies setcookie("name", "value", expiration); PHP $expireTime = time() + 60*60*24*7; # 1 week.
Chapter 10 Maintaining State Information Using Cookies.
Objectives Learn about state information
Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.
Sys Prog & Scripting - HW Univ1 Systems Programming & Scripting Lecture 15: PHP Introduction.
PHP Tutorials 02 Olarik Surinta Management Information System Faculty of Informatics.
Modified from Moseley ’s sli desWeb Applications Development. Lecture 6 Slide 1 Lecture 6: More PHP Instructor: Dr. Mohammad Anwar Hossain.
Reading Data in Web Pages tMyn1 Reading Data in Web Pages A very common application of PHP is to have an HTML form gather information from a website's.
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.
Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.
CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.
Comp2513 Forms and CGI Server Applications Daniel L. Silver, Ph.D.
CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.
JavaScript, Fourth Edition
Session 10: Managing State. Overview State Management Types of State Management Server-Side State Management Client-Side State Management The Global.asax.
Week 9 PHP Cookies and Session Introduction to JavaScript.
CSE 154 LECTURE 12: COOKIES. Including files: include include("filename"); PHP include("header.html"); include("shared-code.php"); PHP inserts the entire.
Chapter 8 Cookies And Security JavaScript, Third Edition.
School of Computing and Information Systems CS 371 Web Application Programming PHP – Forms, Cookies, Sessions and Database.
Lecture 8 – Cookies & Sessions SFDV3011 – Advanced Web Development 1.
Cookies Web Browser and Server use HTTP protocol to communicate and HTTP is a stateless protocol. But for a commercial website it is required to maintain.
1 Chapter 9 – Cookies, Sessions, FTP, and More spring into PHP 5 by Steven Holzner Slides were developed by Jack Davis College of Information Science.
PHP2. PHP Form Handling The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input. Name: Age:
Cookies & Session Web Technology
Variables and ConstantstMyn1 Variables and Constants PHP stands for: ”PHP: Hypertext Preprocessor”, and it is a server-side programming language. Special.
PHP Workshop ‹#› Maintaining State in PHP Part II - Sessions.
CSC 2720 Building Web Applications Server-side Scripting with PHP.
STATE MANAGEMENT.  Web Applications are based on stateless HTTP protocol which does not retain any information about user requests  The concept of state.
SessionsPHPApril 2010 : [‹#›] Maintaining State in PHP Part II - Sessions.
PHP Programming with MySQL Slide 10-1 CHAPTER 10 Managing State Information.
Sessions in PHP – Page 1 of 13CSCI 2910 – Client/Server-Side Programming CSCI 2910 Client/Server-Side Programming Topic: Sessions in PHP Reading: Williams.
Cookies and Sessions IDIA 618 Fall 2014 Bridget M. Blodgett.
Sessions and Cookies State Management, Cookies, Sessions, Hidden Fields SoftUni Team Technical Trainers Software University
8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.
How to maintain state in a stateless web Shirley Cohen
SESSIONS 27/2/12 Lecture 8. ? Operator Similar to the if statement but returns a value derived from one of two expressions by a colon. Syntax: (expression)
Since you’ll need a place for the user to enter a search query. Every form must have these basic components: – The submission type defined with the method.
PHP and Sessions. Session – a general definition The GENERAL definition of a session in the “COMPUTER WORLD” is: The interactions (requests and responses)
 A cookie is often used to identify a user. A cookie is a small file that the server embeds on the user's computer. Each time the same computer requests.
ITM © Port,Kazman 1 ITM 352 Cookies. ITM © Port,Kazman 2 Problem… r How do you identify a particular user when they visit your site (or any.
1 PHP HTTP After this lecture, you should be able to know: How to create and process web forms with HTML and PHP. How to create and process web forms with.
Web Page Designing With Dreamweaver MX\Session 1\1 of 9 Session 3 PHP Advanced.
Cookies and Sessions in PHP. Arguments for the setcookie() Function There are several arguments you can use i.e. setcookie(‘name’, ‘value’, expiration,
Unit-6 Handling Sessions and Cookies. Concept of Session Session values are store in server side not in user’s machine. A session is available as long.
Sessions and cookies (part 2) MIS 3501, Fall 2015 Brad N Greenwood, PhD Department of MIS Fox School of Business Temple University 11/19/2015.
Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.
HTTP Transactions 1. 2 Client-Server Model 3 HTTP HyperText Transport Protocol Native protocol for WWW Sits on top of internet’s TCP/IP protocol HTTP.
PHP: Further Skills 02 By Trevor Adams. Topics covered Persistence What is it? Why do we need it? Basic Persistence Hidden form fields Query strings Cookies.
Programming for the Web Cookies & Sessions Dónal Mulligan BSc MA
© Copyright 2012 Hidaya Trust (Pakistan) ● A Non-Profit Organization ● / www,histpk.org Hidaya Institute of Science & Technology
The need for persistence Consider these examples  Counting the number of “hits” on a website  i.e. how many times does a client load your web page source.
CSE 154 Lecture 20: Cookies.
CHAPTER 5 SERVER SIDE SCRIPTING
19.10 Using Cookies A cookie is a piece of information that’s stored by a server in a text file on a client’s computer to maintain information about.
ITM 352 Cookies.
Open Source Programming
<?php require("header.htm"); ?>
CSE 154 Lecture 21: Sessions.
Web Programming Language
SESSION TRACKING BY DINESH KUMAR.R.
PHP-II.
Presentation transcript:

First Name Last Name Please enter your logon information: John Submit Chen Web Server Login.php Web Server Hello John Chen Greetings. php Please enter your logon information: John Submit Chen Hello Greetings. php I forget who you are!! First Name Last Name Without State Management With State Management

Server-Side State Management Client-Side State Management Management Application state Information is available to all users of a Web application Cookies Text file stores information to maintain state Session state Information is available only to a user of a specific session The ViewState property Retains values between multiple requests for the same page Database In some cases, use database support to maintain state on your Web site Query strings Information appended to the end of a URL

 Application state is a global storage mechanism accessible from all pages in the Web application  Session state is limited to the current browser session  Values are preserved through the use of application and session variables  Scalability  ASP.NET session is identified by the SessionID string Web Server Client Computer Application and Session variables SessionI D

 Uses cookies to maintain state  Persistent cookies  Temporary/ Non-persistent cookies  Less reliable than server-side state management options  User can delete cookies  Less secure than server-side state management options  Limited amount of information  Client-side restrictions on file sizes Web Server Client Computer Cookie s

While the configuration in this tutorial applies to ProdigyView, the concepts apply to normal cookies and sessions in php. You may use these concepts with these two php functions. session_set_cookie_params setcookie

You can insert the content of one file into another file before the server executes it, with the require() function. The require() function is used to create functions, headers, footers, or elements that will be reused on multiple pages.

Client-server connection is not permanent => Cannot be saved in program memory There are many clients connecting simultaneously => Cannot be saved in file (you cannot identify clients as well sometimes)......

 Cookies  Cookies are a mechanism for storing data in the remote browser and thus tracking or identifying return users.  Sessions  Session support in PHP consists of a way to preserve certain data across subsequent accesses. This enables you to build more customized applications and increase the appeal of your web site.

To maintain state means the ability to retain values of variables and to keep track of users who are logged into the system.

  HTTP is a stateless protocol. This means that each request is handled independently of all the other requests and it means that a server or a script cannot remember if a user has been there before.   However, knowing if a user has been there before is often required and therefore something known as cookies and sessions have been implemented.

 Cookies  Sessions  Passing [hidden] variables

Cookies is data the stored in the user’s browser. Unlike sessions, cookies will last if a user closes their browser. Cookies have a size limit set by the browser. Sensitive information should not be stored in the cookie. Stored on user’s computer

Cookies are simple text strings of the form of name=value which are stored persistently on the client’s machine. A URL is stored with each cookie and it is used by the browser to determine whether it should send the cookie to the web server. A cookie is a small file that the server embeds on the user's computer. Each time the same computer requests for a page with a browser, it will send the cookie too. With PHP, you can both create and retrieve cookie values.

 setcookie(name [,value [,expire [,path [,domain [,secure]]]]])  name = cookie name  value = data to store (string)  expire = UNIX timestamp when the cookie expires. Default is that cookie expires when browser is closed.  path = Path on the server within and below which the cookie is available on.  domain = Domain at which the cookie is available for.  secure = If cookie should be sent over HTTPS connection only. Default false.

The setcookie() function is used to create cookies. Note: The setcookie() function must appear BEFORE the tag. setcookie(name, [value], [expire], [path], [domain], [secure]); This sets a cookie named "uname" - that expires after ten hours. …

 setcookie(‘name’,’Robert’)  This command will set the cookie called name on the user’s PC containing the data Robert. It will be available to all pages in the same directory or subdirectory of the page that set it (the default path and domain). It will expire and be deleted when the browser is closed (default expire).

 setcookie(‘age’,’20’,time()+60*60*24*30)  This command will set the cookie called age on the user’s PC containing the data 20. It will be available to all pages in the same directory or subdirectory of the page that set it (the default path and domain). It will expire and be deleted after 30 days.

 setcookie(‘gender’,’male’,0,’/’)  This command will set the cookie called gender on the user’s PC containing the data male. It will be available within the entire domain that set it. It will expire and be deleted when the browser is closed.

  All cookie data is available through the superglobal $_COOKIE:  $variable = $_COOKIE[‘cookie_name’]  or  $variable = $HTTP_COOKIE_VARS[‘cookie_name’]; e.g.  $age = $_COOKIE[‘age’]

 To access a cookie you just refer to the cookie name as a variable or use $_COOKIE array  Tip: Use the isset() function to find out if a cookie has been set. <?php if (isset($uname)) echo "Welcome ". $uname. "! "; else echo "You are not logged in! "; ?>

<?php $count++; setCookie(“count”, $count); ?> Welcome! You’ve seen this site

  To remove a cookie, simply overwrite the cookie with a new one with an expiry time in the past…  setcookie(‘cookie_name’,’’,time()-6000)   Note that theoretically any number taken away from the time() function should do, but due to variations in local computer times, it is advisable to use a day or two.

 -> Values of the text typed in user form is passed to other HTML and/or server side script is called parameter passing.  -> A session refers to all the connections that a single client might make to a server in the course of viewing any pages associated with a given application.[1]  -> Maintenance of user's state during session(e.g.login to logout) is called a Session Tracking.

 Visible form parameters  Hidden form parameters  Cookies  Session  URL Rewriting

Methods of passing parameters with  GET (smaller data i.e.1024 bytes)  POST(bigger data, as well as file upload) PHP uses predefined variables  $_GET['varname']  $_POST['varname']

PHP provides a large number of predefined variables represent everything from external variables to built-in environment variables, last error messages to last retrieved headers to all scripts. Superglobals — Superglobals are built-in variables that are always available in all scopes $GLOBALS — References all variables available in global scope $_SERVER — Server and execution environment information $_GET — HTTP GET variables $_POST — HTTP POST variables $_FILES — HTTP File Upload variables

$_REQUEST — HTTP Request variables $_SESSION — Session variables $_ENV — Environment variables $_COOKIE — HTTP Cookies $php_errormsg — The previous error message $HTTP_RAW_POST_DATA — Raw POST data $http_response_header — HTTP response headers $argc — The number of arguments passed to script $argv — Array of arguments passed to script

Values of predefined variables can be seen with <?php phpinfo() ?>

 The session support allows you to register arbitrary numbers of variables to be preserved across requests.  A visitor accessing your web site is assigned an unique id, the so-called session id. This is either stored in a cookie on the user side or is propagated in the URL.

Sessions are just like cookies, except they store the user’s data on the web server. Every request has a unique session id. Sessions are more reliable than cookies.

Sessions is information that relates to a user and is stored on the server. A session will no longer exist once the browser closes. Sessions do not have a size limit. Sensitive information should be stored in the session. User saves session information User retrieves session information

The session_start () function is used to create cookies. <?php session_start(); ?>

Register Session variable session_register('var1','var2',...); // will also create a session PS:Session variable will be created on using even if you will not register it! Use it <?php session_start(); if (!isset($_SESSION['count'])) $_SESSION['count'] = 0; else $_SESSION['count']++; ?>

?php // start the session session_start(); // Get the user's input from the form $name = $_POST['name']; // Register session key with the value $_SESSION['name'] = $name; ?>

 One of the standard examples used to demonstrate how a session works is the hit counter application.  The example of coding:  With above code, the counter will increases by 1 on each subsequent page load.  If two browser windows are open, and request the same page in each one, PHP will maintain and increment individual session counters for each browser instance.

 In this example:- Required to log in. Then stored the login name and session start time as two session variables.  This information is used to display the total number of minutes the session has been active.

" method="post"> here to refresh the page."; } else { echo "ERROR: Please enter your name!"; } } else if (isset($_SESSION['name'])) { // if a previous session exists // calculate elapsed time since session start and now echo "Welcome back, ". $_SESSION['name']. ". This session was activated ". round((time() - $_SESSION['start']) / 60). " minute(s) ago. Click here to refresh the page."; } ?> session_starttimeroundtime

 The session start time is recorded in $_SESSION['start'] with the time() function.  Then, the value stored in $_SESSION['start'] is compared with the most current value of time() to calculate and display an (approximate) display of elapsed time.  The call to session_start() must appear first, before any output is generated by the script.  This is because the PHP session handler internally uses in-memory cookies to store session data, and the cookie creation headers must be transmitted to the client browser before any output.

 Every session has a unique session ID – used by PHP to keep track of different clients.  This session ID is a long alphanumeric string, which is automatically passed by PHP from page to page so that the continuity of the session is maintained.  Use the session_id() function, as in this simple example:

 When the user shuts down the client browser and destroys the session, the $_SESSION array will be flushed of all session variables.  A session can also explicitly be destroy.  For example, when a user logs out - by calling the session_destroy() function.  Consider the given example below:-  Before calling a session_destroy() to destroy a session, session_start() is called first to recreate it.  $_SESSION is a superglobal – can use it inside and outside functions without needing to declare it as global first.

 PHP offers a single function for cookie manipulation – setcookie().  This function allows a read and write of cookie files. setcookiemktime

 The setcookie() function accepts six arguments: i. name: the name of the cookie ii. value: the value of the cookie iii. expires: the date and time at which the cookie expires iv. path: the top-level directory on the domain from which cookie data can be accessed v. domain: the domain for which the cookie is valid vi. secure: a Boolean flag indicating whether the cookie should be transmitted only over a secure HTTP connection  Cookie values are automatically sent to PHP from the client.  Then, converted to key-value pairs in the $_COOKIE variable, a superglobal array similar to $_SESSION.  Values can be retrieved using standard associative array notation.

" method="post"> Enter your address: "> $days day(s) since last submission"; } ?> <?php }roundtime

else { // if form has been submitted // set cookies with form value and timestamp // both cookies expire after 30 days if (!empty($_POST[' '])) { setcookie(" ", $_POST[' '], mktime()+(86400*30), "/"); setcookie("lastsave", time(), mktime()+(86400*30), "/"); echo "Your address has been recorded."; } else { echo "ERROR: Please enter your address!"; } } ?> setcookiemktimesetcookietimemktime

 The value entered into the form is stored as a cookie called .  It will automatically retrieved to pre-fill the form field on all subsequent requests.  The time at which the data was entered is stored as a second cookie, and used to calculate the time elapsed between successive entries.

 As HTTP is stateless protocol Session Tracking must be maintained by programmers with following ways: Hidden form parameters Cookies Session URL Rewriting

Parameter is passed from 1 page to other which is not visible from user. Can be retrieved in PHP by  $_GET[“username”]  $_POST[“username”]

Cookies are a mechanism for storing data in the remote browser and thus tracking or identifying return users. Set Cookie  bool setcookie ( string $name string $value, int $expire=0, string $path, string $domain, bool $secure=false, bool $httponly=false)  setcookie(“username”,”ami”,time()+300); Read Cookie  $_COOKIE['name']

session_cache_expire — Return current cache expire session_cache_limiter — Get and/or set the current cache limiter session_commit — Alias of session_write_close session_decode — Decodes session data from a string session_destroy — Destroys all data registered to a session session_encode — Encodes the current session data as a string session_get_cookie_params — Get the session cookie parameters session_id — Get and/or set the current session id session_is_registered — Find out whether a global variable is registered in a session session_module_name — Get and/or set the current session module session_name — Get and/or set the current session name session_regenerate_id — Update the current session id with a newly generated one session_register — Register one or more global variables with the current session session_save_path — Get and/or set the current session save path session_set_cookie_params — Set the session cookie parameters session_set_save_handler — Sets user- level session storage functions session_start — Initialize session data session_unregister — Unregister a global variable from the current session session_unset — Free all session variables session_write_close — Write session data and end session

File: Page1.php <?php session_start(); echo 'Welcome to page #1'; $_SESSION['favcolor'] = 'green'; $_SESSION['animal'] = 'cat'; $_SESSION['time'] = time(); session_set_cookie_params(10,"/","sun.com",true, false); ?>

Filename Page2.php session_start(); echo 'Welcome to page #2 '; echo $_SESSION['favcolor']; // green echo $_SESSION['animal']; // cat echo date('Y m d H:i:s', $_SESSION['time']);?> session_unset ();//releasing session data Echo $_SESSION['time'];//no output

The Apache server’s mod_rewrite module gives the ability to transparently redirect one URL to another by modifying URL (i.e. re-writing), without the user’s knowledge. Used in situations:- – Pass some information to other page – redirecting old URLs to new addresses Or - cleaning up the ‘dirty’ URLs coming from a poor publishing system

Following line must be uncommented available in /etc/httpd/conf/httpd.conf file LoadModule rewrite_module modules/mod_rewrite.so URL Rewriting examples – – i i

<?php if(isset($_SERVER['PATH_INFO'])){ echo $_SERVER['PATH_INFO'];} else if(isset($_GET['username'])) { echo $_GET['username']; } ?>

 It will expire or  Cookies must be deleted with the same parameters as they were set with. If the value argument is an empty string (""), and all other arguments match a previous call to setcookie, then the cookie with the specified name will be deleted from the remote client.

 To remove a cookie from the client, setcookie() is called.  With the same syntax used to originally set the cookie, but an expiry date in the past.  This will cause the cookie to be removed from the client system.

 session_unregister(´varname´); How to destroy a session:  session_destroy()

<?php // start the session session_start(); $_SESSION = array(); session_destroy(); if($_SESSION['name']) { print "The session is still active"; } else { echo "Ok, the session is no longer active! "; } ?>

The cookie path and session is path on your server that you cookie or session will be accessible. Example: If you make your cookie path ‘/store/products’, the cookie will only be available on ‘ Using ‘/’ will make the cookie or session available in any directory.

The cookie and session domain is the domain the cookie/session is available on. If your domain is setting you’re cookie/session to that domain will make is only accessible under If it was set to subdomain.example.com, it will only be available under subdomain.example.com..example.com Setting the domain to ‘.example.com’ will make the session/cookie available under all subdomains.

Cookie Secure and Session Secure will ensure that your data for a session/cookie will only save over an https connection. It is up to you, the developer, to make sure the value is read only over an https connection.

In some situations, the requirement may be having this cookie only accessible from a http connection. Setting this value to true will ensure that the cookie/session will NOT be accessible through JavaScript, java(ex:.jar files) and other non-http/https protocols.

 Can’t call setCookie() after output has been sent to the browser  Can’t have more than 20 cookies/server  Cookies ONLY persist until the browser closes UNLESS you specify an expiry date: set Cookie(“name”, $value, time() );

Cookie and sessions do not last forever and nor should they. A cookie can be set for years but the average person will probably switch computers every 4-5 years. When setting the amount of time a session/cookie will last, you are passing in the amount of seconds. So if you want the cookie/session to expire in 5 minutes, set it to ’60*5’;

 cookies and sessions are two different ways of making data "persistent" on the client.  A session retains data for the duration of the session.  A cookie retains values for as long as you need it to.