Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSE 154 LECTURE 13: SESSIONS. Expiration / persistent cookies setcookie("name", "value", expiration); PHP $expireTime = time() + 60*60*24*7; # 1 week.

Published byRoxanne Adams Modified over 9 years ago

Similar presentations

Presentation on theme: "CSE 154 LECTURE 13: SESSIONS. Expiration / persistent cookies setcookie("name", "value", expiration); PHP $expireTime = time() + 60*60*24*7; # 1 week."— Presentation transcript:

1 CSE 154 LECTURE 13: SESSIONS

2 Expiration / persistent cookies setcookie("name", "value", expiration); PHP $expireTime = time() + 60*60*24*7; # 1 week from now setcookie("CouponNumber", "389752", $expireTime); setcookie("CouponValue", "100.00", $expireTime); PHP to set a persistent cookie, pass a third parameter for when it should expire indicated as an integer representing a number of seconds, often relative to current timestamp if no expiration passed, cookie is a session cookie; expires when browser is closed time function returns the current time in seconds time date function can convert a time in seconds to a readable date date

3 Deleting a cookie setcookie("name", FALSE); PHP setcookie("CouponNumber", FALSE); PHP setting the cookie to FALSE erases it you can also set the cookie but with an expiration that is before the present time: setcookie("count", 42, time() - 1); PHP remember that the cookie will also be deleted automatically when it expires, or can be deleted manually by the user by clearing their browser cookies

4 How long does a cookie exist? session cookie : the default type; a temporary cookie that is stored only in the browser's memory when the browser is closed, temporary cookies will be erased can not be used for tracking long-term information safer, because no programs other than the browser can access them persistent cookie : one that is stored in a file on the browser's computer can track long-term information potentially less secure, because users (or programs they run) can open cookie files, see/change the cookie values, etc.

5 What is a session? session: an abstract concept to represent a series of HTTP requests and responses between a specific Web browser and server HTTP doesn't support the notion of a session, but PHP does sessions vs. cookies: a cookie is data stored on the client a session's data is stored on the server (only 1 session per client) sessions are often built on top of cookies: the only data the client stores is a cookie holding a unique session ID on each page request, the client sends its session ID cookie, and the server uses this to find and retrieve the client's session data

6 How sessions are established client's browser makes an initial request to the server server notes client's IP address/browser, stores some local session data, and sends a session ID back to client (as a cookie) client sends that same session ID (cookie) back to server on future requests server uses session ID cookie to retrieve its data for the client's session later (like a ticket given at a coat-check room)

7 Cookies vs. sessions duration: sessions live on until the user logs out or closes the browser; cookies can live that long, or until a given fixed timeout (persistent) data storage location: sessions store data on the server (other than a session ID cookie); cookies store data on the user's browser security: sessions are hard for malicious users to tamper with or remove; cookies are easy privacy: sessions protect private information from being seen by other users of your computer; cookies do not

8 Implementing user logins many sites have the ability to create accounts and log in users most apps have a database of user accounts when you try to log in, your name/pw are compared to those in the database

9 Sessions in PHP: session_start session_start(); PHP session_start signifies your script wants a session with the user must be called at the top of your script, before any HTML output is produced when you call session_start : if the server hasn't seen this user before, a new session is created otherwise, existing session data is loaded into $_SESSION associative array you can store data in $_SESSION and retrieve it on future pages complete list of PHP session functions

10 Accessing session data $_SESSION["name"] = value; # store session data $variable = $_SESSION["name"]; # read session data if (isset($_SESSION["name"])) { # check for session data PHP if (isset($_SESSION["points"])) { $points = $_SESSION["points"]; print("You've earned $points points.\n"); } else { $_SESSION["points"] = 0; # default } PHP the $_SESSION associative array reads/stores all session data use isset function to see whether a given value is in the session isset

11 Common session bugs session_start doesn't just begin a session; it also reloads any existing session for this user. So it must be called in every page that uses your session data: # the user has a session from a previous page print $_SESSION["name"]; # undefined session_start(); print $_SESSION["name"]; # joe PHP previous sessions will linger unless you destroy them and regenerate the user's session ID: session_destroy(); session_regenerate_id(TRUE); session_start(); PHP

12 Where is session data stored? on the client, the session ID is stored as a cookie with the name PHPSESSID on the server, session data are stored as temporary files such as /tmp/sess_fcc17f071... you can find out (or change) the folder where session data is saved using the session_save_path function session_save_path for very large applications, session data can be stored into a SQL database (or other destination) instead using the session_set_save_handler function session_set_save_handler

13 Ending a session session_destroy(); PHP session_destroy ends your current session potential problem: if you call session_start again later, it sometimes reuses the same session ID/data you used before if you may want to start a completely new empty session later, it is best to flush out the old one: session_destroy(); session_regenerate_id(TRUE); # flushes out session #ID number session_start(); PHP

14 Session timeout because HTTP is stateless, it is hard for the server to know when a user has finished a session ideally, user explicitly logs out, but many users don't client deletes session cookies when browser closes server automatically cleans up old sessions after a period of time old session data consumes resources and may present a security risk adjustable in PHP server settings or with session_cache_expire function session_cache_expire you can explicitly delete a session by calling session_destroy session_destroy

Download ppt "CSE 154 LECTURE 13: SESSIONS. Expiration / persistent cookies setcookie("name", "value", expiration); PHP $expireTime = time() + 60*60*24*7; # 1 week."

Similar presentations

LIS651 lecture 3 taming PHP Thomas Krichel 2007-04-15.

LIS651 lecture 3 taming PHP Thomas Krichel
LIS651 lecture 3 functions & sessions Thomas Krichel 2008-11-08.

LIS651 lecture 3 functions & sessions Thomas Krichel
UFCE8V-20-3 Information Systems Development 3 (SHAPE HK)

UFCE8V-20-3 Information Systems Development 3 (SHAPE HK)
Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.

Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
Chapter 10 Managing State Information Using Sessions.

Chapter 10 Managing State Information Using Sessions.
Chapter 10 Managing State Information PHP Programming with MySQL.

Chapter 10 Managing State Information PHP Programming with MySQL.
Using Session Control in PHP tMyn1 Using Session Control in PHP HTTP is a stateless protocol, which means that the protocol has no built-in way of maintaining.

Using Session Control in PHP tMyn1 Using Session Control in PHP HTTP is a stateless protocol, which means that the protocol has no built-in way of maintaining.
Php cookies & sessions.

Php cookies & sessions.
Chapter 10 Maintaining State Information Using Cookies.

Chapter 10 Maintaining State Information Using Cookies.
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.

Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.
CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.

CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.
CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.

CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.
PHP Tutorial - Anas Jaghoub Chapter 2 Control Structures.

PHP Tutorial - Anas Jaghoub Chapter 2 Control Structures.
Week 9 PHP Cookies and Session Introduction to JavaScript.

Week 9 PHP Cookies and Session Introduction to JavaScript.
CSE 154 LECTURE 12: COOKIES. Including files: include include(filename); PHP include(header.html); include(shared-code.php); PHP inserts the entire.

CSE 154 LECTURE 12: COOKIES. Including files: include include("filename"); PHP include("header.html"); include("shared-code.php"); PHP inserts the entire.
269200 Web Programming Language Week 7 Dr. Ken Cosh Security, Sessions & Cookies.

Web Programming Language Week 7 Dr. Ken Cosh Security, Sessions & Cookies.
Week seven CIT 354 Internet II. 2 Objectives Database_Driven User Authentication Using Cookies Session Basics Summary Homework and Project 2.

Week seven CIT 354 Internet II. 2 Objectives Database_Driven User Authentication Using Cookies Session Basics Summary Homework and Project 2.
PHP1-1 PHP Lecture 2 Xingquan (Hill) Zhu

PHP1-1 PHP Lecture 2 Xingquan (Hill) Zhu
Lecture 8 – Cookies & Sessions SFDV3011 – Advanced Web Development 1.

Lecture 8 – Cookies & Sessions SFDV3011 – Advanced Web Development 1.
1 Chapter 9 – Cookies, Sessions, FTP, Email and More spring into PHP 5 by Steven Holzner Slides were developed by Jack Davis College of Information Science.

1 Chapter 9 – Cookies, Sessions, FTP, and More spring into PHP 5 by Steven Holzner Slides were developed by Jack Davis College of Information Science.

Similar presentations

Ads by Google