Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.

Published byJames Allison Modified over 9 years ago

Similar presentations

Presentation on theme: "Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie."— Presentation transcript:

1 Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie

2 What are cookies? Web transactions are “memory-less” A cookie is a text file that a website stores on a client’s computer to maintain information about the client during and between browsing sessions. Useful for: – Shopping carts – User communities – Personalized sites Not recommended for storing sensitive data Store a unique identification string that will match a user held securely in a database

3 Shopping example Assign an identification variable to a user to track what he does when he visits your site 1.User logs in 2.Send a cookie with variables to say “This is Joe, and Joe is authenticated” 3.While Joe is surfing your site, you can respond “Hello, Joe!” on every page 4.If Joe clicks through your catalog and chooses 3 items to buy, you can keep track of these items 5.Display the items together when Joe goes to the checkout area

4 Setting Cookies A server can access only the cookies that it has placed on the client. setcookie() function with parameters: 1.Name – cookie name accessible in subsequent scripts 2.Value – cookie value passed to name 3.Expiration– (optional) sets a specific time in seconds when the cookie values is no longer accessible e.g. time() + 24*60*60*3 to expire in 3 days – A cookie without expiration is known as a session cookie, – A cookie with an expiration time is a persistent cookie. 4.Path – Directories the cookie is valid – "/“ valid for all files and directories in the website – Specific directory: cookie valid for pages within that directory 5.Domain- only valid for the host and domain that set them – If no domain, host name of the server that generated the cookie 6.Security – – 1 or TRUE: cookie will only be transmitted via HTTPS i.e. secure web site – 0 or FALSE: non-secure

5 Example setcookie(“id”, “55adb984523afer”, time() + 14400, “/”, “yourdomain.com”, 0); // 4 hours

6 Bad cookie setting Cookies defined in function setcookie are sent to the client at the same time as the information in the HTTP header; therefore, it needs to be called before any XHTML is printed. Hence you absolutely must set a cookie before sending any other content to the browser See m16/bad_cookie.php

7 Bad Cookie <?php setcookie("test", "ok", "", "/", "127.0.0.1", 0); ?> Bad Cookie This is an error in setting cookies. Setcookie() function should be placed before tag

8 M16/bad_cookie.php

9 M16/16-1setcookie.php <?php $cookie_name = "test_cookie"; $cookie_value = "test string!"; $cookie_expire = time()+86400; $cookie_domain = "127.0.0.1"; setcookie($cookie_name, $cookie_value, $cookie_expire, "/", $cookie_domain, 0); ?> Set Test Cookie Mmmmmmmm...cookie!

10 M16/16-1setcookie.php

11 Permanent cookie See fig23_16_20 from text – Cookies.html – Cookies.php – Readcookies.php

12 Input for cookies – cookies.html

13 Acknowledgment – cookies.php

14 Read cookies – readcookies.php

15 Augmenting auth_user with cookie 16-2show_login.php – Gets login username and password – Calls 16-2do_authuser.php to authenticate the login 16-2do_authuser.php – Checks DB to authenticate the login – If authenticated: Set cookie for the user displays links to – secretA.php – secretB.php

16 16-2show_login.html

17 Authenticated!

18 Clicking on secretA or secretB link... We would expect to get into the links

19 Wait! We got redirected back to the login page Why? Debug...

20 In 16-2do_authuser.php: if ($num !=0){ $cookie_name ="auth"; $cookie_value ="ok"; $cookie_expire ="0"; $cookie_domain ="127.0.0.1"; setcookie($cookie_name,$cookie_value,$cookie_expire,"/", $cookie_domain,0); The domain was 127.0.0.1 When we accessed it with http://localhost/m16/16-2secretB.php

21 Repeat the script in 127.0.0.1

22 Authenticated!

23 Clicking on the secretA link

24 Clicking on the secretB link

25 Check if cookie really works Exit the session – Exit completely out of the web browser The cookie was a session cookie Auth cookie should now have expired – Reopen the web browser – Attempt to access 16-2secretB.php – Since the user is not authenticated anymore, the user will be redirected to the login page

26 http://127.0.0.1/m16/16-2secretB.phphttp://127.0.0.1/m16/16-2secretB.php leads to

Download ppt "Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie."

Similar presentations

CookiesPHPMay-2007 : [‹#›] Maintaining State in PHP Part I - Cookies.

CookiesPHPMay-2007 : [‹#›] Maintaining State in PHP Part I - Cookies.
UFCE8V-20-3 Information Systems Development 3 (SHAPE HK)

UFCE8V-20-3 Information Systems Development 3 (SHAPE HK)
Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.

Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
Creating Databases for Web Applications Courses example Persistent information. Cookies. Session Homework: Examine a computer (your own or in a lab) for.

Creating Databases for Web Applications Courses example Persistent information. Cookies. Session Homework: Examine a computer (your own or in a lab) for.
Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.

Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.
XP Tutorial 9 New Perspectives on JavaScript, Comprehensive1 Working with Cookies Managing Data in a Web Site Using JavaScript Cookies.

XP Tutorial 9 New Perspectives on JavaScript, Comprehensive1 Working with Cookies Managing Data in a Web Site Using JavaScript Cookies.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Session Management A290/A590, Fall 2014 09/25/2014.

Session Management A290/A590, Fall /25/2014.
Chapter 10 Maintaining State Information Using Cookies.

Chapter 10 Maintaining State Information Using Cookies.
Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.

Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.

Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.
CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.

CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.
CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.

CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.
Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.

Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.
Working with Cookies Managing Data in a Web Site Using JavaScript Cookies* *Check and comply with the current legislation regarding handling cookies.

Working with Cookies Managing Data in a Web Site Using JavaScript Cookies* *Check and comply with the current legislation regarding handling cookies.
Chapter 5 Java Servlets. Objectives Explain the nature of a servlet and its operation Use the appropriate servlet methods in a web application Code the.

Chapter 5 Java Servlets. Objectives Explain the nature of a servlet and its operation Use the appropriate servlet methods in a web application Code the.
Week 9 PHP Cookies and Session Introduction to JavaScript.

Week 9 PHP Cookies and Session Introduction to JavaScript.
CSE 154 LECTURE 12: COOKIES. Including files: include include(filename); PHP include(header.html); include(shared-code.php); PHP inserts the entire.

CSE 154 LECTURE 12: COOKIES. Including files: include include("filename"); PHP include("header.html"); include("shared-code.php"); PHP inserts the entire.
269200 Web Programming Language Week 7 Dr. Ken Cosh Security, Sessions & Cookies.

Web Programming Language Week 7 Dr. Ken Cosh Security, Sessions & Cookies.
Creating Databases for Web Applications cookie examples lab time: favorites cookies & Sessions class time for group work/questions on projects Next class:

Creating Databases for Web Applications cookie examples lab time: favorites cookies & Sessions class time for group work/questions on projects Next class:

Similar presentations

Ads by Google