Download presentation
Presentation is loading. Please wait.
Published byRaymond Owen Modified over 9 years ago
1
Sessions, Cookies, &.htaccess IT 210
2
Procedural Issues Quiz #3 Today! Homework #3 Due Friday at midnight UML for Lab 4 Withdraw Deadline is Wed, Feb 8 th Resources and strategies when getting stuck?
3
Problem HTTP is stateless This causes problems when you want the server to “remember” a user (e.g., checkout baskets, customized presentation). This problem is solved by using cookies and sessions
4
Sessions and Cookies
6
PHP Sessions Remember: http is memoryless “Sessions” provide temporary memory for web site access Created by server (e.g., PHP) Associative array (name value pairs) Expires after ~15 minutes of inactivity Removed when browser is closed Stored in cookies or on query string. Query string doesn’t allow for back button and has security problems UID, and program defined variables saved
7
Cookies are used for… Session Management Personalization Web analytics
8
Cookies Cookies Small text file stored in a file on client (“cookie jar”) Name/value pairs with expiration date, location, & source indicated. Can be secure (encrypted when HTTPS) or not First party (from domain you’re visiting) vs Third Party (from different domain) Session cookies (end when you close browser) vs persistent cookies (stored for long time and used when you revisit site)
9
Cookies Set with: <?php //Calculate 60 days in the future //seconds * minutes * hours * days + current time $inTwoMonths = 60 * 60 * 24 * 60 + time(); setcookie('lastVisit', date("G:i - m/d/y"), $inTwoMonths); ?> Retrieve with: $_COOKIE
10
Our goal: secure login Secure? Use PHP to read form, and check the results against a database If valid, set variable to ‘true’, otherwise ‘false’ Column NameTypeNullPrimary KeyExtra user_idint(8)NoPKAUTO usernamevarchar(11)No passwordvarchar(32)No
11
What is.htaccess Method for remote web-server control Support multiple users A simple text file in a directory Called.htaccess
12
.htaccess Built into Apache Other servers have other means Disabled by default Put file into a directory to make site settings Controlled by closest file in the hierarchy
13
Performance Hit If htaccess is turned on in Apache then Apache will look in every directory for an htaccess file and read it if it is there. If a file is requested out of a directory /www/htdocs/example, Apache must look for: /.htaccess /www/.htaccess /www/htdocs/.htaccess /www/htdocs/example/.htaccess Lower file directives overrode higher ones
14
On the other hand … It does allow users to control their own sub-directory tree without affecting others There are other ways to do this but they require system-level access to Apache— which you may not want to give to users who each control their own sub-tree (website)
15
Use.htaccess to… Customize error messages Password protect sites Block access by IP addresses Block rippers and bots Prevent hot linking (e.g., another site to embed images from your site)
16
Error messages ErrorDocument 400 /errors/badrequest.html ErrorDocument 401 /errors/authreqd.html ErrorDocument 403 /errors/forbid.html ErrorDocument 404 “Not here bucko !” ErrorDocument 500 /errors/serverx.html
18
Access control Modify.htaccess: AuthUserFile /usr/local/myhome/.htpasswd AuthGroupFile /dev/null AuthName EnterPassword AuthType Basic require valid-user Now, create a password file
19
.htpasswd Put in a safe location Username, password pairs Passwords are encrypted using a hash Eg: It210:cwQgdU78tJoCc See online site for generating passwordsonline site
20
Other commands Block IPs order allow,deny deny from 123.45.6.7 deny from 012.34.5. allow from all Block rippers RewriteEngine On RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR] RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR] RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR] RewriteCond %{HTTP_USER_AGENT} ^WebSauger RewriteRule ^.* - [F,L]
21
Finally Block hot links These steal your intellectual property and your bandwidth! RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC] RewriteRule \.(gif|jpg|js|css)$ - [F]
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.