Presentation is loading. Please wait.

Presentation is loading. Please wait.

Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.

Published byPeter Murphy Modified over 9 years ago

Similar presentations

Presentation on theme: "Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions."— Presentation transcript:

1 Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions

2 Open Source Server Side Scripting 2 ECA 236 HTTP  stateless  every single HTML page is separate from all others  no way to track individual users  no way to retain variables  one limited solution  append information to the end of a url  hidden form fields  a better solution  PHP cookies and sessions … href = “process_form.php?author=Mishka” …

3 Open Source Server Side Scripting 3 ECA 236 basic session functionality  track sessions using the superglobal $_SESSION  sessions driven by unique session ID  encrypted random number  stored on client side  stored as cookie or part of URL  allows tracking of session variables  stored on server  available to any page using session ID ca907cf7e881d1693b9d36518b4b3f3d

4 Open Source Server Side Scripting 4 ECA 236 cookies  what cookies are  text file  stored on visitor’s hard drive  contains textual information which can be retrieved and used in subsequent pages or visits  can be turned off by a user  what cookies are not  executable scripts  able to search a user’s hard drive for sensitive information

5 Open Source Server Side Scripting 5 ECA 236 cookies cont …  working with cookies  to test for their presence  view file structure of hard drive  open coolie in a text editor  change cookie settings in browser to prompt user before accepting any cookie  IE >Tools -> Internet Options >Security or Advance tab >choose to be prompted before accepting a cookie

6 Open Source Server Side Scripting 6 ECA 236 cookies cont …  cookies must be sent before any other data is sent from the server to the client  setcookie( ) function  one required parameter, the name of the cookie  five optional parameters  value  expire  path  domain  secure

7 Open Source Server Side Scripting 7 ECA 236 cookies cont …  syntax  this cookie is named myname, and contains the value Bob  do not use spaces, punctuation when naming a cookie  cookie name is case sensitive  this cookie is temporary, lasting only as long as the user’s browser remains open  cookies are limited to 4KB in size  browsers will accept no more than 20 cookies from any server setcookie( ‘name’, ‘value’, expire, ‘path’, ‘domain’, secure ); setcookie( ‘myname’, ‘Bob’ );

8 Open Source Server Side Scripting 8 ECA 236 cookies cont …  additional parameters  expiration date  sets length of time for cookie to exist  specified in seconds from Unix Epoch  if not set, cookie will persist until browser is closed  integer value, so it is not quoted  time( ) function returns seconds from Epoch setcookie( ‘name’, ‘value’, expire, ‘path’, ‘domain’, secure ); setcookie( ‘name’, ‘value’, time( ) + 3600 );

9 Open Source Server Side Scripting 9 ECA 236 cookies cont …  additional parameters  path and domain  used to limit a cookie to a specific folder in a specific website  for example, to specify a cookie to be accessible only from a particular folder setcookie( ‘name’, ‘value’, expire, ‘path’, ‘domain’, secure ); setcookie( ‘name’, ‘value’, time( ) + 3600, ‘/my_folder/’ );

10 Open Source Server Side Scripting 10 ECA 236 cookies cont …  additional parameters  secure  integer value, so it is not quoted  if on, requires that a cookie be sent over a secure setting > 1 secure connection is required > 0 regular connection is sufficient  all parameters must be included  to skip one, use NULL or empty string setcookie( ‘name’, ‘value’, expire, ‘path’, ‘domain’, secure ); setcookie( ‘name’, ‘value’, time( ) + 3600, ‘ ‘, ‘ ‘, 1 );

11 Open Source Server Side Scripting 11 ECA 236 deleting cookies  a cookie will expire  when expiration date is reached  when browser is closed if not expiration date included  to delete cookies manually  send cookie of same name with no value  added precaution, set expiration to time in past setcookie( ‘name’ ); setcookie( ‘name’, ‘ ‘, time( ) – 300 );

12 Open Source Server Side Scripting 12 ECA 236 accessing cookie values  $_COOKIE  use appropriate cookie name as key  check for presence of cookie with isset( ) $x = $_COOKIE[ ‘cookie_name’ ]; if( !isset( $_COOKIE[ ‘username’ ] ) ) { header( “Location : // redirect to another page } else { // load this page }

13 Open Source Server Side Scripting 13 ECA 236 cookie example  To use a cookie with a log-in script  display HTML form asking user for her username and password  validate user input to make sure neither field is empty  query database for username and password  if they exist, write necessary cookies, redirect to new page  subsequent pages access cookie values

14 Open Source Server Side Scripting 14 ECA 236 sessions  sessions are designed to store data on server and client  designed to work with cookies, but will still work without them  4 steps to using sessions  start a session  register session variables  access and use session variables  unset session variables and destroy session

15 Open Source Server Side Scripting 15 ECA 236 start a session  session_start( )  begin a new session  or access current session  creates a unique session ID  cryptographically created random number  32 hexadecimal values a558b9ac9105eda1432bb254dfa3fe18

16 Open Source Server Side Scripting 16 ECA 236 start a session cont …  by default, session ID is stored in a cookie  PHPSESSID  session_start( ) must be called before any other data is sent to the browser  if cookies are turned off, we can still use sessions  process is not automatic

17 Open Source Server Side Scripting 17 ECA 236 session ID  can be passed appended to URL  is stored in a constant named SID  append to URL in header function  embed in links header( “Location: http://”. $_SERVER[ ‘HTTP-HOST’ ]. dirname( $_SERVER[ ‘PHP_SELF’ ] ). “file_name.php?”. SID ); echo ‘ page 2 ’;

18 Open Source Server Side Scripting 18 ECA 236 register session variables  $_SESSION  to access values from a database using mysql_fetch_array( )  sessions can store objects and arrays as well $_SESSION[ ‘first_name’ ] = “Bob”; $_SESSION[ ‘first_name’ ] = $row[ 'first_name' ]; $_SESSION[ ‘last_name’ ] = $row[ ‘last_name' ]; $_SESSION[ ‘username’ ] = $row[ ‘username’ ];

19 Open Source Server Side Scripting 19 ECA 236 accessing session variables  to access session variables on subsequent pages  reference the current session with session_start( )  use $_SESSION  to test that a variable is registered to the session, use isset( ) $first_name = $_SESSION[ ‘first_name’ ] ;

20 Open Source Server Side Scripting 20 ECA 236 deleting session variables  delete session variables once the user logs out  unset( )  use to delete individual session variables  to delete every session variable, set $_SESSION array to empty array unset( $_SESSION[ ‘variable_name’ ]; $_SESSION = array( );

21 Open Source Server Side Scripting 21 ECA 236 destroy session  once the user is finished with a session, end the session  session_destroy( )  destroys the session and the session ID  does not unset any of the session variables  does not unset session cookie

22 Open Source Server Side Scripting 22 ECA 236 session example  To use a session with a log-in script  start a session with session_start( )  display HTML form asking user for her username and password  validate user input to make sure neither field is empty  query database for username and password  if they exist, register session variables, redirect user to appropriate page  to access session variables, subsequent pages must call session_start( )

23 Open Source Server Side Scripting 23 ECA 236 session handling functions  changing session configuration settings  session name  cookie lifetime  session maxlife  etc  PHP Manual  XCV. Session Handling Functions

Download ppt "Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions."

Similar presentations

CookiesPHPMay-2007 : [‹#›] Maintaining State in PHP Part I - Cookies.

CookiesPHPMay-2007 : [‹#›] Maintaining State in PHP Part I - Cookies.
UFCE8V-20-3 Information Systems Development 3 (SHAPE HK)

UFCE8V-20-3 Information Systems Development 3 (SHAPE HK)
Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.

Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
>> PHP: Access Control & Security. Authentication: Source Authentication Source Hard-coded File-Based The username and password is available inside the.

>> PHP: Access Control & Security. Authentication: Source Authentication Source Hard-coded File-Based The username and password is available inside the.
Page 1 PHP, HTML, STATE Achmad Arwan, S.Kom. Page 2 PHP ( PHP: Hypertext Preprocessor) A programming language devised by Rasmus Lerdorf in 1994 for building.

Page 1 PHP, HTML, STATE Achmad Arwan, S.Kom. Page 2 PHP ( PHP: Hypertext Preprocessor) A programming language devised by Rasmus Lerdorf in 1994 for building.
Chapter 10 Managing State Information Using Sessions.

Chapter 10 Managing State Information Using Sessions.
Chapter 10 Managing State Information PHP Programming with MySQL.

Chapter 10 Managing State Information PHP Programming with MySQL.
Using Session Control in PHP tMyn1 Using Session Control in PHP HTTP is a stateless protocol, which means that the protocol has no built-in way of maintaining.

Using Session Control in PHP tMyn1 Using Session Control in PHP HTTP is a stateless protocol, which means that the protocol has no built-in way of maintaining.
Session Management A290/A590, Fall 2014 09/25/2014.

Session Management A290/A590, Fall /25/2014.
CSE 154 LECTURE 13: SESSIONS. Expiration / persistent cookies setcookie(name, value, expiration); PHP $expireTime = time() + 60*60*24*7; # 1 week.

CSE 154 LECTURE 13: SESSIONS. Expiration / persistent cookies setcookie("name", "value", expiration); PHP $expireTime = time() + 60*60*24*7; # 1 week.
Php cookies & sessions.

Php cookies & sessions.
Chapter 10 Maintaining State Information Using Cookies.

Chapter 10 Maintaining State Information Using Cookies.
Objectives Learn about state information

Objectives Learn about state information
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting PHP Form Handling.

Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting PHP Form Handling.
Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.

Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.
CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.

CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.
CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.

CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.
PHP Hypertext PreProcessor. Documentation Available www.php.netwww.w3schools.com SAMS books O’Reilly Books.

PHP Hypertext PreProcessor. Documentation Available SAMS books O’Reilly Books.
Week 9 PHP Cookies and Session Introduction to JavaScript.

Week 9 PHP Cookies and Session Introduction to JavaScript.
CSE 154 LECTURE 12: COOKIES. Including files: include include(filename); PHP include(header.html); include(shared-code.php); PHP inserts the entire.

CSE 154 LECTURE 12: COOKIES. Including files: include include("filename"); PHP include("header.html"); include("shared-code.php"); PHP inserts the entire.

Similar presentations

Ads by Google