php 08 sessions cookies redirect
TRANSCRIPT
-
8/10/2019 PHP 08 Sessions Cookies Redirect
1/56
Cookies, Sessions, andAuthenticationDr. Charles Severance
www.php-intro.com
-
8/10/2019 PHP 08 Sessions Cookies Redirect
2/56
High Level Summary
The web is stateless- the browser does not maintain connection to the server while you are looking at a pagmay never come back to the same server - or it may betime - or it may be one second later
So we need a way for servers to know which browser
In the browser state is stored in Cookies
In the server state is stored in Sessions
-
8/10/2019 PHP 08 Sessions Cookies Redirect
3/56
Other Web sites always seem to know who you ar
-
8/10/2019 PHP 08 Sessions Cookies Redirect
4/56
Multi-User
When a server is interacting with many different browsesame time, the server needs to know *which* browser particular request came from
Request / Response initially was stateless - all browseidentical - this was really really bad and did not last verall.
-
8/10/2019 PHP 08 Sessions Cookies Redirect
5/56
Web Cookies to the Resc
http://en.wikipedia.org/wiki/HTTP_cookie
Technically, cookies are arbitrary pieces of data cho
the Web server and sent to the browser. The brow
returns them unchanged to the server, introducing a
(memory of previous events) into otherwise stateles
transactions. Without cookies, each retrieval of a We
or component of a Web page is an isolated event, m
unrelated to all other views of the pages of the sam
-
8/10/2019 PHP 08 Sessions Cookies Redirect
6/56http://en.wikipedia.org/wiki/HTTP_cookie
-
8/10/2019 PHP 08 Sessions Cookies Redirect
7/56
Cookies In the Browser
Cookies are marked as to the web addresses they comthe browser only sends back cookies that were originathe same web server
Cookies have an expiration date - some last for years -are short-term and go away as soon as the browser is
-
8/10/2019 PHP 08 Sessions Cookies Redirect
8/56
-
8/10/2019 PHP 08 Sessions Cookies Redirect
9/56
-
8/10/2019 PHP 08 Sessions Cookies Redirect
10/56
http://www.php-intro.com/code/sessions/sessfuIn a fresh browser.
-
8/10/2019 PHP 08 Sessions Cookies Redirect
11/56
-
8/10/2019 PHP 08 Sessions Cookies Redirect
12/56
Sessions
-
8/10/2019 PHP 08 Sessions Cookies Redirect
13/56
In The Server - Session
In most server applications, as soon as we meet a new- we create a session
We set a session cookie to be stored in the browser whindicates the session id in use
The creation and destruction of sessions is handled byframework or some utility code that we just use to mansessions
-
8/10/2019 PHP 08 Sessions Cookies Redirect
14/56
Session Identifier
A large, random number that we place in a browser coofirst time we encounter a browser.
This number is used to pick from the many sessions thserver has active at any one time.
Server software stores data in the session which it wanfrom one request to another from the same browser.
Shopping cart or login information is stored in the sesthe server
-
8/10/2019 PHP 08 Sessions Cookies Redirect
15/56
PHP Sessions
-
8/10/2019 PHP 08 Sessions Cookies Redirect
16/56
PHP Sessions
We can establish / initialize a PHP Session by casession_start()before any output has come out
If the user has cookies set, we can use the array$_SESSIONto store data from one request to thwith a particular browser
We have a bit of data that persists from one requthe next
By default these are stored in a temporary folder
-
8/10/2019 PHP 08 Sessions Cookies Redirect
17/56
(On a Mac) /Applications/MAMP/tmp/php
-
8/10/2019 PHP 08 Sessions Cookies Redirect
18/56
http://php.net/manual/en/function.sess
-
8/10/2019 PHP 08 Sessions Cookies Redirect
19/56
http://php.net/manual/en/function.sessi
-
8/10/2019 PHP 08 Sessions Cookies Redirect
20/56
p p// Note - cannot have any output before thissession_start();
if ( ! isset($_SESSION['value']) ) {echo("
Session is empty
\n");$_SESSION['value'] = 0;} else if ( $_SESSION['value'] < 3 ) {$_SESSION['value'] = $_SESSION['value'] + 1;echo("
Added one...
\n");} else {session_destroy();session_start();
echo("
Session Restarted
\n");}?>
Click Me!
Our Session ID is:
-
8/10/2019 PHP 08 Sessions Cookies Redirect
21/56
sessfun.php
-
8/10/2019 PHP 08 Sessions Cookies Redirect
22/56
-
8/10/2019 PHP 08 Sessions Cookies Redirect
23/56
POST / Redirect / GET
Once you do a POST, if you do refresh, the browre-send the POST data a second time
The user gets a popup that tries to explain what to happen
-
8/10/2019 PHP 08 Sessions Cookies Redirect
24/56
guess.php
Press Refresh
-
8/10/2019 PHP 08 Sessions Cookies Redirect
25/56
No Double Posts
Typically POST requests are adding or modifyingwhilst GET requests view data
It may be dangerous to do the same POST twicewithdrawing funds from a bank account)
So the browser insists on asking the user (out of control)
Kind of an ugly UX / bad usability
-
8/10/2019 PHP 08 Sessions Cookies Redirect
26/56
HTTP Location Header
If your application has not yet sent any data, it caa special header as part of the HTTP Response
The redirect header includes a URL that the browsupposed to forard itself to
It was originally used for web sites that moved froURL to another
http://en.wikipedia.org/wiki/UR
-
8/10/2019 PHP 08 Sessions Cookies Redirect
27/56
http://php.net/manual/en/function.header.php
-
8/10/2019 PHP 08 Sessions Cookies Redirect
28/56
session_start();if ( isset($_POST['where']) ) {
if ( $_POST['where'] == '1' ) {header("Location: redir1.php");return;
} else if ( $_POST['where'] == '2' ) {
header("Location: redir2.php?parm=123");return;
} else {header("Location: http://www.dr-chuck.com");return;
}}
?>
I am Router Two...
Where to go? (1-3)
-
8/10/2019 PHP 08 Sessions Cookies Redirect
29/56
-
8/10/2019 PHP 08 Sessions Cookies Redirect
30/56
After we entered "2"
and pressed "Submit"
Twopageswere
retrieved
-
8/10/2019 PHP 08 Sessions Cookies Redirect
31/56
Secondpage
-
8/10/2019 PHP 08 Sessions Cookies Redirect
32/56
POST Redirect Rule
The simple rule for pagesintended for a browser is tonevergenerate a page withHTML content when the appreceives POST data
Must redirect somewhere - evento the same script - forcing thebrowser to make a GET after thePOST
-
8/10/2019 PHP 08 Sessions Cookies Redirect
33/56
$message = false;if ( isset($_POST['guess']) ) {
// Trick for integer / numeric parameters$guess = $_POST['guess'] + 0;if ( $guess == 42 ) {
$message = "Great job!";} else if ( $guess < 42 ) {
$message = "Too low";} else {
$message = "Too high...";}
}?>
A Guessing game
Guessing game...
Input Guess
-
8/10/2019 PHP 08 Sessions Cookies Redirect
34/56
$message = false;if ( isset($_POST['guess']) ) {
// Trick for integer / numeric parameters$guess = $_POST['guess'] + 0;if ( $guess == 42 ) {
$message = "Great job!";} else if ( $guess < 42 ) {
$message = "Too low";} else {
$message = "Too high...";}
}?>
A Guessing game
Guessing game...
Input Guess
...
-
8/10/2019 PHP 08 Sessions Cookies Redirect
35/56
$message false;if ( isset($_POST['guess']) ) {
// Trick for integer / numeric parameters$guess = $_POST['guess'] + 0;if ( $guess == 42 ) {
$message = "Great job!";} else if ( $guess < 42 ) {
$message = "Too low";} else {
$message = "Too high...";}
}?>
A Guessing game
Guessing game...
Input Guess
A Guessing game
Guessing game...
Input Guess
-
8/10/2019 PHP 08 Sessions Cookies Redirect
36/56
(
-
8/10/2019 PHP 08 Sessions Cookies Redirect
37/56
A Guessing game
-
8/10/2019 PHP 08 Sessions Cookies Redirect
38/56
Enter "41" and p"Submit"
-
8/10/2019 PHP 08 Sessions Cookies Redirect
39/56
Press "Refresh
-
8/10/2019 PHP 08 Sessions Cookies Redirect
40/56
-
8/10/2019 PHP 08 Sessions Cookies Redirect
41/56
Login / Logout
Having a session is not the same as being logged in.
Generally you have a session the instant you connect tsite
The Session ID cookie is set when the first page is deli
Login puts user information in the session (stored in the
Logout removes user information from the session
Simple address
-
8/10/2019 PHP 08 Sessions Cookies Redirect
42/56
http://www.php-intro.com/code/sessions/
Simple addresssession as s
-
8/10/2019 PHP 08 Sessions Cookies Redirect
43/56
?>
-
8/10/2019 PHP 08 Sessions Cookies Redirect
44/56
Please Log In
Account:
-
8/10/2019 PHP 08 Sessions Cookies Redirect
45/56
-
8/10/2019 PHP 08 Sessions Cookies Redirect
46/56
?>Online Address Book
-
8/10/2019 PHP 08 Sessions Cookies Redirect
47/56
if ( ! isset($_SESSION["account"]) ) { ?>Please Log In to start.
Please enter your address:
Street:
-
8/10/2019 PHP 08 Sessions Cookies Redirect
48/56
PHP Sessions Without
-
8/10/2019 PHP 08 Sessions Cookies Redirect
49/56
PHP Sessions WithoutCookies
For a simple application handling login, logout, ashopping cart like information, cookie sessions asufficient
But if an application needs to function within an ifor have more than one session active (i.e. multip
to the same site) we cannot use session cookies
PHP has nice support for maintaining a sessionsa cookie
-
8/10/2019 PHP 08 Sessions Cookies Redirect
50/56
-
8/10/2019 PHP 08 Sessions Cookies Redirect
51/56
-
8/10/2019 PHP 08 Sessions Cookies Redirect
52/56
No Cookies for You!
-
8/10/2019 PHP 08 Sessions Cookies Redirect
53/56
?>
Click This Anchor Tag!
-
8/10/2019 PHP 08 Sessions Cookies Redirect
54/56
A whole host of problems
Session id is notautomatically added in JavaScrAjax, Redirect, or other elements of HTML
With the session id on the URL, folks can email U
even bookmark them and be logged in We will come back to these...
S
-
8/10/2019 PHP 08 Sessions Cookies Redirect
55/56
Summary
Cookies
Sessions
Sessions in PHP
Login / Logout
POST / Redirect Pattern
Cookie-free sessions
Acknowledgements / Contributions
-
8/10/2019 PHP 08 Sessions Cookies Redirect
56/56
These slides are Copyright 2010- Charles R. Severance(www.dr-chuck.com) as part of www.php-intro.com and madeavailable under a Creative Commons Attribution 4.0 License.Please maintain this last slide in all copies of the document tocomply with the attribution requirements of the license. If you
make a change, feel free to add your name and organizationto the list of contributors on this page as you republish thematerials.
Initial Development: Charles Severance, University ofMichigan School of Information
Insert new Contributors and Translators here including namesand dates
Continue new Contributors and T