Topic 03 : Cookies & Sessions


Published on

Published in: Education, Technology
  • Yes Sir !
    Are you sure you want to  Yes  No
    Your message goes here
  • Do you mean slides provided by NCC?
    Are you sure you want to  Yes  No
    Your message goes here
  • Do you have original ppt (not pdf) slides for level 5 modules ???
    Are you sure you want to  Yes  No
    Your message goes here
  • Welcome :)
    Are you sure you want to  Yes  No
    Your message goes here
  • Thanks Mr. Pradip for the slides !
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Topic 03 : Cookies & Sessions

  1. 1. Topic 3 : Cookies & Sessions Er. Pradip Kharbuja
  2. 2. Statelessness • The problem with HTTP as a delivery platform is that it is stateless.  The only data you have in the form is the data you take with you. • This problem is solved by using 1. get 2. post 3. cookies 4. session
  3. 3. Statelessness [Contd.] • HTTP permits the sending of data to web pages. • Two methods for this are provided: 1. GET 2. POST • When it is time to send information (for example, from form elements), it is encoded by the client and then sent in one of these two ways.  Space gets replaced with a special code (%20) or +
  4. 4. GET • Using the GET method, the information that is encoded gets sent as an extension to the URL. -It will appear as something like: -http://<url>/result.php?num=6&faces=7 • This information is available to PHP via the $_GET variable. • We can make use of the GET protocol by changing the action in our form to GET.
  5. 5. Example Using GET - PHP <form action = "dice_roll_get.php" method = "get"> <p>How many dice</p> <input type = "text" name = "num"> <p>How many faces?</p> <input type = "text" name = "faces"> <input type = "submit" value = "Roll"> <input type = "reset" value = "Clear values"> </form> • Develop the php page to get the number and faces & display them.
  6. 6. Overview of GET • It is very easy to use. • It is extremely easy to create simple web services and APIs using GET method.  Example : Facebook, Twitter, etc. • Parameters remain in browser history because they are part of the URL. • Can be bookmarked. • You can manipulate it through URLs entirely.  This is something the Post protocol does not do as easily.
  7. 7. Restictions of GET Method • There are restrictions on how much information can be sent using GET. -And on the type of information. -It cannot send binary data, only alphanumeric characters. • It can send a maximum of 1024 characters. • It should never be used to send sensitive data, such as passwords. -They get shown into the URL.
  8. 8. The POST Protocol • The POST protocol is most useful on a day-to-day basis. • POST has no limitations on size of data. • It has no limitations on data types. You can use it to send binary data too. • It works by placing the encoded data in a standard HTTP header. So the data does not appear in the URL.
  9. 9. GET vs POST GET POST History Parameters remain in browser history because they are part of the URL Parameters are not saved in browser history. Bookmark Can be bookmarked. Can not be bookmarked. GET requests are reBACK button / re-submit executed but may not be behaviour: re-submitted to server The browser usually alerts the user that data will need to be resubmitted. Parameters can send but the parameter data is limited Safest to use less than 2K of parameters, Can send parameters, including uploading files, to the server. Hack Easier to hack More difficult to hack
  10. 10. GET vs POST [Contd.] GET POST Restrictions on form data type: Yes, only ASCII characters allowed. No restrictions. Binary data is also allowed. Security: GET is less secure compared to POST because data sent is part of the URL. So it's saved in browser history and server logs in plaintext. POST is a little safer than GET because the parameters are not stored in browser history or in web server logs. Restrictions on form data length: Yes, since form data is in the URL and URL length is restricted. A safe URL No restrictions length limit is often 2048 characters but varies by browser and web server.
  11. 11. GET vs POST [Contd.] GET POST Usability: GET method should not be used when sending passwords or other sensitive information. POST method used when sending passwords or other sensitive information. Visibility: GET method is visible to everyone (it will be displayed in the POST method variables browser's address bar) are not displayed in the and has limits on the URL. amount of information to send. Cached: Can be cached Not cached Large variable values: 7607 character maximum size. 8 Mb max size for the POST method.
  12. 12. The Limitations of POST and GET • That data persists only as long as the script is running. If we reload a page that contains a script, it will usually ask if we want to resend the data. • If we move outside the confines of a single PHP script, we will lose the data. That is a consequence of HTTP’s statelessness.
  13. 13. Cookies • Cookies are used to identify a user. • Cookies are little files stored on a user’s computer that contain certain pieces of information.  They can be read in a web page and accessed to ensure data can be available between pages.
  14. 14. How to Create a Cookie? • Cookies are set using the function. -This takes two parameters – a name for the cookie and its value. • You can add a third to define an expiration time.  eg. session  eg. after 60 second //expires on the end of function must appear before //expires • The tag. • Cookies are available on the next page load. -You cannot set and access a cookie in the same pass.
  15. 15. Cookies • Accessing Cookies using $_COOKIE   • Modifying Cookies  • Unsetting or Deleting Cookies  set the time to previous time  eg.
  16. 16. Cookies Exmple
  17. 17. Limitations of Cookies 1. Not all clients support them. Cookies can be disabled on user browsers. 2. Users can delete a cookies. 3. No security for sensitive data. 4. They can only hold a small amount of information . 5. Cookies are browser specific. - The real work of your application should happen on the server.
  18. 18. Sessions • Sessions fulfill the same role, but most of the information does not get stored on a user’s computer.  It is available only as long as their browser is open and the session is active. • Sessions are managed by a pair of cookies. -One on the server -One on the client • The client cookie contains only a reference to a session stored on the server. -So you can't take advantage of session with cookies disabled.
  19. 19. Working with Sessions • To setup a session, we use the session_start( ) function of PHP. • • • • • • It must appear before <html> tag. variable is used to access & store session
  20. 20. Destroying Sessions • • You can destroy a session completely using function.
  21. 21. Sessions Example
  22. 22. Program Architecture • PHP fits in the application layer of N-Tier architecture. Presentation Application Data HTML PHP ??
  23. 23. Conclusion • HTTP is a stateless protocol. -Which makes it a little difficult to make dynamic web pages. • PHP offers cookies and sessions as a way to resolve this problem.
  24. 24. Terminology • Cookie  A small piece of data stored on a user’s computer to ease dynamic application development. • Session  A temporary mapping between the state of a server and a client’s system.
  25. 25. Questions???
  26. 26. End of Topic 3