php web techniques
TRANSCRIPT
8/3/2019 Php Web Techniques
http://slidepdf.com/reader/full/php-web-techniques 1/25
Maintaining State
• HTTP is a stateless protocol:
– Once a web server completes a client's request for a web page, the
connection between the two goes away.
– There is no way for a server to recognize that a sequence of requests
all originate from the same client.
8/3/2019 Php Web Techniques
http://slidepdf.com/reader/full/php-web-techniques 2/25
Cookies
• A cookie is a bit of information that the server can give to a client. On
every subsequent request the client will give that information back to the
server, thus identifying itself.
• Each cookie on the user’s computer is connected to a particular domain.
• Each cookie be used to store up to 4KB of data.
• A maximum of 20 cookies can be stored on a user’s PC per domain.
8/3/2019 Php Web Techniques
http://slidepdf.com/reader/full/php-web-techniques 3/25
Example1. User sends a request for page at www.example.com for the first
time.
page request
8/3/2019 Php Web Techniques
http://slidepdf.com/reader/full/php-web-techniques 4/25
Example
2. Server sends back the page html to the browser AND stores some
data in a cookie on the user’s PC.
cookie data
html
8/3/2019 Php Web Techniques
http://slidepdf.com/reader/full/php-web-techniques 5/25
Example
3. At the next page request for domain www.example.com, all
cookie data associated with this domain is sent too.
page request
cookie data
8/3/2019 Php Web Techniques
http://slidepdf.com/reader/full/php-web-techniques 6/25
Set a cookie
setcookie(name[,value[,expire[, path[,domain[,secure]]]]])
• name = cookie name
• value = data to store (string)
• expire = UNIX timestamp when the cookie expires. Default cookie expires
when browser is closed.
• path = Path on the server within and below which the cookie is available on.
• domain = Domain to which the cookie is available for.
• secure = If cookie should be sent over HTTPS connection only. Default false.
8/3/2019 Php Web Techniques
http://slidepdf.com/reader/full/php-web-techniques 7/25
Example
setcookie('name','Robert')
• Sets the cookie called name on the user’s PC containing the data
Robert .
• It will be available to all pages in the same directory or subdirectory
o e page a se e e au pa an oma n .
• It will expire and be deleted when the browser is closed (default
expire).
8/3/2019 Php Web Techniques
http://slidepdf.com/reader/full/php-web-techniques 8/25
Example
setcookie('age','20',time()+60*60*24*30)
• Sets the cookie called age on the user’s PC containing the data 20.
• It will be available to all pages in the same directory or subdirectory
of the page that set it (the default path and domain).
.
8/3/2019 Php Web Techniques
http://slidepdf.com/reader/full/php-web-techniques 9/25
Example
setcookie('gender','male',0,'/')
• Sets the cookie called gender on the user’s PC containing the data
male.
• It will be available within the entire domain that set it.
• It will expire and be deleted when the browser is closed.
8/3/2019 Php Web Techniques
http://slidepdf.com/reader/full/php-web-techniques 10/25
Read cookie data
• All cookie data is available through the superglobal $_COOKIE:
$variable = $_COOKIE['cookie_name'];
or
$variable = $HTTP_COOKIE_VARS['cookie_name'];
• Example:
$age = $_COOKIE['age'];
8/3/2019 Php Web Techniques
http://slidepdf.com/reader/full/php-web-techniques 11/25
Storing an array
• Only strings can be stored in Cookie files.
•
To store an array in a cookie, convert it to a string by using theserialize() PHP function.
• The array can be reconstructed using the unserialize() function once
it had been read back in.
• Note that cookie size is limited.
8/3/2019 Php Web Techniques
http://slidepdf.com/reader/full/php-web-techniques 12/25
Delete a cookie
• To remove a cookie, simply overwrite the cookie with a new one
with an expiry time in the past.
setcookie('cookie_name','',time()-6000);
8/3/2019 Php Web Techniques
http://slidepdf.com/reader/full/php-web-techniques 13/25
Note• As the setcookie command involves sending a HTTP header
response, it must be executed before any html is echoed to the
browser, including whitespace.
echoed
correct!
incorrect.
whitespacebeforesetcookie
8/3/2019 Php Web Techniques
http://slidepdf.com/reader/full/php-web-techniques 14/25
Cookie Limitations
• The important thing to note is that some people browse with them
turned off .
e.g. in Fire Fox, Tools Options Privacy
• Cookies are stored client-side, so never trust them completely:
rd, .
8/3/2019 Php Web Techniques
http://slidepdf.com/reader/full/php-web-techniques 15/25
What is session?
• A Session refers to all the request that a single client makes to a
server for some period of time.
• A session is specific to the user and for each user a new session is
created to track all the request from that user.
8/3/2019 Php Web Techniques
http://slidepdf.com/reader/full/php-web-techniques 16/25
How do Sessions work?
• They are based on assigning each user a unique number called
session id.
e.g. 26fe536a534d3c7cde4297abb45e275a
• This session id is stored in a cookie, or passed in the URL between
pages w e e user rowses.
• The data to be stored (e.g. name, log-in state, etc.) is stored
securely server-side in a PHP superglobal, and referenced using the
session id.
8/3/2019 Php Web Techniques
http://slidepdf.com/reader/full/php-web-techniques 17/25
Starting a Sessionsession_start();
• PHP does all the work: It looks for a valid session id in the $_COOKIE or
$_GET superglobals – if found it initializes the data. If none found, a new
session id is created.
8/3/2019 Php Web Techniques
http://slidepdf.com/reader/full/php-web-techniques 18/25
Storing Session Data
• The $_SESSION super-global array can be used to store any
session data.
$_SESSION['name'] = $name;
$_SESSION['age'] = $age;
8/3/2019 Php Web Techniques
http://slidepdf.com/reader/full/php-web-techniques 19/25
Reading Session Data
• Data is simply read back from the $_SESSION super-global array.
e.g.
$name = $_SESSION['name'];
' ' _
8/3/2019 Php Web Techniques
http://slidepdf.com/reader/full/php-web-techniques 20/25
Session Propagation
• Sessions need to pass the session id between pages as a user
browses to track the session.
• It can do this in two ways:
– Cookie ro a ation
– URL propagation
8/3/2019 Php Web Techniques
http://slidepdf.com/reader/full/php-web-techniques 21/25
Cookie Propagation• A cookie is stored on the users PC containing the session id.
• It is read in whenever session_start(); is called to initialize the
session.
8/3/2019 Php Web Techniques
http://slidepdf.com/reader/full/php-web-techniques 22/25
URL Propagation
• The session id is propagated in the URL
…some_folder/index.php?sid=26fe536a534d3c7cde4297abb45e275a
• PHP provides a global constant to append the session id to any
internal links, SID.
<a href="nextpage.php?<?=SID?>">Next page</a>
8/3/2019 Php Web Techniques
http://slidepdf.com/reader/full/php-web-techniques 23/25
Which one..?
• The default setup of a PHP server is to use both methods.
– it checks whether the user has cookies enabled.
– If cookies are on, PHP uses cookie propagation. If cookies are off
it uses URL propagation.
8/3/2019 Php Web Techniques
http://slidepdf.com/reader/full/php-web-techniques 24/25
Destroying a Session• Often not required, but if we want to destroy a session:
// clear all session variables
$_SESSION = array();
e ete t e sess on coo e t ere s one
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(),'',time()-42000,'/');
}
// destroy session
session_destroy();
8/3/2019 Php Web Techniques
http://slidepdf.com/reader/full/php-web-techniques 25/25
Cookies Sessions
Limited storage space Practically unlimited space
Insecure storage client-side Reasonably securely stored server-side
User controlled No user control