Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web Programming Language

Similar presentations


Presentation on theme: "Web Programming Language"— Presentation transcript:

1 269200 Web Programming Language
Week 8 Dr. Ken Cosh Security, Sessions & Cookies

2 Security So, you have your calendar!
But do you want everyone to be able to see your appointments? Or do we want to be able to store the appointments of multiple users? Perhaps sharing appointments between users?

3 Logging in Well, now we can create a table in our database which stores a username and a password! We could then make the user log in before they can access the pages where the calendar is displayed.

4 Go Ahead! Issues: Encryption Comparison

5 More problems… “HTTP is a stateless protocol, which means that as soon as a page has been sent to the client and the connection is closed any data that has been stored is lost. As a PHP Developer, you often need a way of storing information across multiple pages of your website. The potential uses for this are many. A few examples would be tracking if a user has logged in or perhaps remembering previously set preferences for custom user pages. The common way of accomplishing this via PHP is with sessions and cookies.” (Dustin Czyst)

6 Cookies A cookie is a small file that is stored on the client computer when visiting a website. Cookies got a bad rap a few years ago and as a result there is a good deal of people out there with their cookies disabled. Cookies are harmless. Some sites will use them to track visitor usage and habits and people sometimes consider that an invasion of privacy, but it typically is not a problem.

7 Cookies Stored on the client computer and are thus decentralized.
Can be set to a long lifespan and/or set to expire after a period of time from seconds to years. They work well with large sites that may use several webservers. Won’t do you any good if the client has set their browser to disable cookies. Limitations on size and number: a browser can keep only the last 20 cookies sent from a particular domain, and the values that a cookie can hold are limited to 4 KB in size. Can be edited beyond your control since they reside on the client system. Information set in the cookie is not available until the page is reloaded.

8 setcookie Before any HTML is transferred;
setcookie(name, value, expire, path, domain, secure, httponly); setcookie(‘username’, ‘Ken’, time()+60*60*24*7); You only need have a name and a value. expire could be a time stamp for when the cookie should expire (time() ) path & domain could limit where the cookie is available secure could make the cookie only transferred across a connection httponly could stop the cookie being used by javascript

9 Getting a cookie value if(isset($_COOKIE[‘username’])) $username = $_COOKIE[‘username’];

10 Destroying a Cookie Set a time in the past
setcookie(‘username’, ‘Ken’, time() ); Perhaps a long time in the past, in case the users machine has the wrong time.

11 Sessions Sessions are a combination of a server-side cookie and a client-side cookie, where the client-side cookie is simply a reference id to the information stored in the server-side cookie.

12 Sessions Server-side cookie can store very large amounts of data while regular cookies are limited in size. Since the client-side cookie generated by a session only contains the id reference (a random string of 32 hexadecimal digits, such as ‘fca17f071bbg9bf7f85ca a4′ called a ’session id’) you save on bandwidth. Much more secure than regular cookies since the data is stored on the server and cannot be edited by the user. Only last until the user closes their browser. Won’t work if client has cookies disabled in their browser unless some extra measures are takenใ Can be easily customized to store the information created in the session to a database. Information is available in your code as soon as it is set.

13 session_start() & session_destroy()
Before using session variables we need to make a call to; session_start(); We can then access and set members of the $_SESSION array $_SESSION[‘variable’] = $value; $value = $_SESSION[‘variable’]; At the end of a session we can make a call to; session_destroy();

14 Assignment Follow this tutorial
Use it to create a login page for your calendar Check out slide 2 for ideas on how to impress me! ;)


Download ppt "Web Programming Language"

Similar presentations


Ads by Google