1. Sessions and cookies (part 1)
MIS 3501, Fall 2015
Jeremy Shafer
Department of MIS
Fox School of Business
Temple University
11/17/2015

2. Course Overview We are here. To do: MySQL
Weeks 6 & 7
HTML & CSS
Weeks 1 & 2
PHP
Weeks 3 – 5
PDO
Week 8 & 9
To do:
Organize your code with MVC (week 11)
Work with forms (week 12)
Use cookies and sessions (week 13)

3. Objectives Learning objectives for the week
Understand why HTML pages are referred to as “stateless”
Understand how cookies and sessions are used to preserve state, and the differences between cookies and sessions.
Understand the PHP commands used to manipulate cookies and sessions.

4. Preserving State

5. Why managing state is difficult with HTTP
This is why we say HTML is “stateless”. There’s nothing implicit in browsers treatment of HTML that “remembers” the pages that were returned previously. HTML pages are, by design, intended to work over an intermittent network connection.

6. Choices for managing state
Cookies
We are going to start by talking about sessions … and in a way that’s a little backwards, because cookies came first.
But sessions are generally better / more secure / more useful and easier to work with.
In the next slides we will compare these two mechanisms….
Sessions

7. How cookies work

8. How sessions work

10. Let’s try this example…
Preserving State
Let’s try this example…
Suggestion Box

11. An application of sessions… Suggestion Box
There is a “public facing” aspect of our suggestion box application. It is for customers. It allows for anonymous submission of suggestions.
But there is also a report that only management should see.
We need to know the state of “LOGGED_IN” on report.php. Either the user logged in OK or did not.
index .php
thanks .php
For
Customers
login .php
report.php
For
Management

12. Mechanics …how is this accomplished?
Things we need to know how to do:
Let each PHP page know that we intend to use sessions
Put values into the $_SESSION[] array.
Destroy the session when we are done. (#3 is trickier than you might think)

13. The session_start() function
Easy, right?! Just remember this one fact … you need to use the session_start() function on each page where you intend to use session data.
You also have the option of changing the default behavior of the cookie with this function. You don’t typically need to do this.

14. The $_SESSION array
What’s a superglobal? An superglobal is just an array that the PHP Interpreter gives you “for free” - that is you don’t need to declare it or control it’s behavior.
Remember… When the session_start() function is called, PHP either initializes a new $_SESSION superglobal or retrieves any variables for into the $_SESSION superglobal
This convention should remind you of working with $_POST and $_GET.
It should because $_POST, $_GET and $_SESSION are all superglobals.

15. Killing the session PHP gives us the function session_destroy()
The session_destroy() function destroys all of the data associated with the current session.
But … it does not:
unset any of the global variables associated with the session
unset the session cookie on the browser

16. A complete logout script – logout.php
// Initialize the session.
// Yes, this is the session we want to destroy.
session_start();
// Unset all of the session variables.
// The session array is assigned to an empty array
$_SESSION = array();
// but we’re not done

17. A complete logout script – logout.php (2)
// Now... the tricky part... kill the cookie on the browser
// Delete the cookie for the session
$name = session_name(); // Get name of the session cookie
$expire = strtotime('-1 year'); // Create expiration date in the past
$params = session_get_cookie_params(); // Get session params
$path = $params['path'];
$domain = $params['domain'];
$secure = $params['secure'];
$httponly = $params['httponly'];
setcookie($name, '', $expire, $path, $domain, $secure, $httponly);
// Finally, destroy the session.
session_destroy();
// All done with the session.
// Direct the user back to the index.php page
header('Location: index.php');
?>

18. Let’s give it a whirl…