Presentation is loading. Please wait.

Presentation is loading. Please wait.

Nic Shulver, Introduction to Sessions in PHP Sessions What is a session? Example Software Software Organisation The login HTML.

Published byBrice Phillips Modified over 9 years ago

Similar presentations

Presentation on theme: "Nic Shulver, Introduction to Sessions in PHP Sessions What is a session? Example Software Software Organisation The login HTML."— Presentation transcript:

1 Nic Shulver, N.A.Shulver@staffs.ac.uk Introduction to Sessions in PHP Sessions What is a session? Example Software Software Organisation The login HTML The login PHP The protected page header Tricks and Traps Summary

2 Nic Shulver, N.A.Shulver@staffs.ac.uk Introduction to Sessions in PHP Sessions When your website needs to pass user data from one page to another, it is time to start using PHP sessions A normal HTML website will not pass data from one page to another All information is forgotten when a new page is loaded This makes it a problem for applications which require data to be remembered from one page to the next

3 Nic Shulver, N.A.Shulver@staffs.ac.uk Introduction to Sessions in PHP What is a session? Sessions - a way to preserve data across sequential accesses Each visitor accessing your web site is assigned a unique id This “session id” is usually stored in a cookie on the user side It may be propagated in the URL instead (if no cookie support) Session support allows you to register lots of variables to be preserved across requests

4 Nic Shulver, N.A.Shulver@staffs.ac.uk Introduction to Sessions in PHP Sessions Before you can begin storing user information in your PHP session, you must first start the session When you start a session, it must be at the very beginning of your code, before any HTML or text is sent When you want to store user data in a session use the $_SESSION associative array. This is where you both store and retrieve session dataassociative array

5 Nic Shulver, N.A.Shulver@staffs.ac.uk Introduction to Sessions in PHP Example software The example software consists of these components: Login.htmthe main login page Login.phpchecks the username and password Logout.phpkills the session Protected.phponly accessible if already logged in

6 Nic Shulver, N.A.Shulver@staffs.ac.uk Introduction to Sessions in PHP Software organisation Login.php Checks username and password Protected.php Checks session Shows content Allows logout LogOut.php Destroys session info Shows content Allows login Login.htm User: Pass: Failed No session

7 Nic Shulver, N.A.Shulver@staffs.ac.uk Introduction to Sessions in PHP A Note About Encryption There are two ways to use the crypt function: Encrypt (scramble) our password: $crypted _Pass = crypt($sPassword); Check a supplied password against the encrypted one: if (crypt($pass_from_form, $crypted_pass) == $crypted_pass) { echo (“success”) }

8 Nic Shulver, N.A.Shulver@staffs.ac.uk Introduction to Sessions in PHP The login HTML - excerpt … Username: Password: …

9 Nic Shulver, N.A.Shulver@staffs.ac.uk Introduction to Sessions in PHP The login PHP script <?php // allows session info to be used on this page session_start(); // if this script isn't receiving form data, exit fast if(!isset($_REQUEST['btnLogin'])) {header("Location: login.htm"); session_write_close(); exit(); }

10 Nic Shulver, N.A.Shulver@staffs.ac.uk Introduction to Sessions in PHP The login PHP script // gets username and password as typed into the login form $user = $_REQUEST['txtUsername']; $pass = $_REQUEST['txtPassword']; // three users and their encrypted passwords // 'fred' => 'orange', 'kiki' => 'apple', 'nic' => 'banana' // NB this info should really be grabbed from a DB $aValidUsers = array( 'fred' => '$1$oa0.Rb2.$vTEdgj6qfZQfO33JUAy5s0', 'kiki' => '$1$GZ5.XE3.$rKTdD7JfLUdnKoww4Mlqt/', 'nic' => '$1$Uo0.NP0.$iBCW9Lrf/yd3NreVkGgHW.' );

11 Nic Shulver, N.A.Shulver@staffs.ac.uk Introduction to Sessions in PHP The login PHP script // only checks the password if the user exists if( isset($aValidUsers[$user]) ) {// checks to see if the username/password pair is valid by encrypting // the password and comparing against the real encrypted password $sEncryptedPassword = $aValidUsers[$user]; if(crypt($pass, $sEncryptedPassword) == $sEncryptedPassword) {// if logged on okay, remembers user's name as session variable $_SESSION['user'] = $user; header("Location: protected.php"); session_write_close(); exit(); }

12 Nic Shulver, N.A.Shulver@staffs.ac.uk Introduction to Sessions in PHP The login PHP script header("Location: login.htm"); session_write_close(); ?> The final bit of code is the default action So if the login script does not find a valid user, it jumps to the login.htm page And if the login script finds a valid user but not a valid password, it also jumps to the login.htm page

13 Nic Shulver, N.A.Shulver@staffs.ac.uk Introduction to Sessions in PHP The protected page header Checks to see if $_SESSION['user'] has been defined: <?php // allows session info to be used on this page session_start(); // if there is no user session info, exit fast if( !isset($_SESSION['user']) ) {header("Location: login.htm"); session_write_close(); exit(); } ?> … the page goes here! …

14 Nic Shulver, N.A.Shulver@staffs.ac.uk Introduction to Sessions in PHP Tricks and traps What does “session_write_close();” do? When we jump out of a page by writing a new header, session info may not get saved properly Explicitly closing the session forces PHP to correctly save any changes to the session info Session info may be readable by others! Depends how it’s stored Depends how it’s transmitted Can be forced to be secure (cookies, SSL)

15 Nic Shulver, N.A.Shulver@staffs.ac.uk Introduction to Sessions in PHP Summary We have discussed: What sessions consist of Some example software – forms and scripts The way the example code works Protecting a page against casual browsers Limitations on security See PHP session documentation: http://uk2.php.net/session http://uk2.php.net/session http://www.devshed.com/c/a/PHP/Using-the-PHP- Crypt-Function/ http://www.devshed.com/c/a/PHP/Using-the-PHP- Crypt-Function/

Download ppt "Nic Shulver, Introduction to Sessions in PHP Sessions What is a session? Example Software Software Organisation The login HTML."

Similar presentations

Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.

Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.

Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.
V 1.0 OE NIK 2013 PHP+SQL 5. Password management (password hashing) Stateless HTTP, storage methods Login form 1.

V 1.0 OE NIK 2013 PHP+SQL 5. Password management (password hashing) Stateless HTTP, storage methods Login form 1.
Website Development Registering Users – Introducing Cookies.

Website Development Registering Users – Introducing Cookies.
Chapter 10 Managing State Information Using Sessions.

Chapter 10 Managing State Information Using Sessions.
PHP Forms. I. Using PHP with HTML Forms A very common application of PHP is to have an HTML form gather information from a website's visitor and then.

PHP Forms. I. Using PHP with HTML Forms A very common application of PHP is to have an HTML form gather information from a website's visitor and then.
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.

Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.
Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.

Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.
CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.

CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.
CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.

CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.
PHP Hypertext PreProcessor. Documentation Available www.php.netwww.w3schools.com SAMS books O’Reilly Books.

PHP Hypertext PreProcessor. Documentation Available SAMS books O’Reilly Books.
Nic Shulver, Retrieving Stored Data Introduction This set of slides shows: The information source database structure The data.

Nic Shulver, Retrieving Stored Data Introduction This set of slides shows: The information source database structure The data.
Nic Shulver, Retrieving Stored Data Introduction This set of slides shows: The information source database structure The data.

Nic Shulver, Retrieving Stored Data Introduction This set of slides shows: The information source database structure The data.
PHP and MySQL for Client-Server Database Interaction Chapter 10.

PHP and MySQL for Client-Server Database Interaction Chapter 10.
© 2003 By Default! A Free sample background from www.awesomebackgrounds.com Slide 1 Week 2  Free PHP Hosting Setup  PHP Backend  Backend Security 

© 2003 By Default! A Free sample background from Slide 1 Week 2  Free PHP Hosting Setup  PHP Backend  Backend Security 
269200 Web Programming Language Week 7 Dr. Ken Cosh Security, Sessions & Cookies.

Web Programming Language Week 7 Dr. Ken Cosh Security, Sessions & Cookies.
12/3/2012ISC329 Isabelle Bichindaritz1 PHP and MySQL Advanced Features.

12/3/2012ISC329 Isabelle Bichindaritz1 PHP and MySQL Advanced Features.
Feedback #2 (under assignments) Lecture Code:

Feedback #2 (under assignments) Lecture Code:
Week seven CIT 354 Internet II. 2 Objectives Database_Driven User Authentication Using Cookies Session Basics Summary Homework and Project 2.

Week seven CIT 354 Internet II. 2 Objectives Database_Driven User Authentication Using Cookies Session Basics Summary Homework and Project 2.
Lecture 8 – Cookies & Sessions SFDV3011 – Advanced Web Development 1.

Lecture 8 – Cookies & Sessions SFDV3011 – Advanced Web Development 1.

Similar presentations

Ads by Google