Transcript of "Reading, Writing and Securing Session and Cookies - PHP"
Reading, Writing and Securing Session and Cookies
OverviewObjectiveLearn how to read and write data to cookies and sessionand also how to secure your cookies and sessions.Requirements Understanding of Cookies and Sessions in PHPEstimated Time10 Minutes
Follow Along With Code Example1. Download a copy of the example code at www.prodigyview.com/source.2. Install the system in an environment you feel comfortable testing in.3. Proceed to examples/system/Sessions.php
Disable Session in BootstrapNormally in ProdigyView when the bootstrap is called, thesession configuration is created and set based upon thevalues in the xml configuration file. But for the purposes ofthis tutorial we are going to manually set the variables.Lets start by creating a custom bootstrap that disables theinitialization of the sessions.
Session InitBefore we initialize the session, we should set what optionswe want. In this example we are only setting the lifetime ofthe cookie and the session. By default, the PVSession::init()method will call session_start() function for us. Keep in mindthere are many more options that can passed to the init. www.prodigyview.com
Setting Up Test VariablesPerfect, now we have an active session ready to set datain. First create some sample data to insert and retrievefrom cookies and session. www.prodigyview.com
Basic Cookie With our data we are now going to write and read a basic cookie. This can be simply done with the methods writeCookie, readCookie and deleteCookie. 1. Set the key/name of the cookie 2. Set the cookie data based on the key/name 3. Read the cookie data basef on the key/name4. Delete the cookie associated with the key/name
Arrays and Cookies Normally in PHP you cannot set arrays or objects in Cookies and Sessions. Well in ProdigyView this can be done. Just write and read the cookie like you normally would.1. Set the key/name of the cookie 2. Set the array or object associated to be associated with the key/nameDelete the cookie Retrieve the cookie by entering the name/key www.prodigyview.com
Secure Cookie Sometimes a requirement maybe(and still strongly not advised) to store sensitive information in a cookie. ProdigyView allows a cookie to be encrypted. In the options passed into cookie, set the hash cookie to true.1. The the options for hashing a cookie 2. Pass the options in when writing and reading the cookie 3. The options should also be passed when deleting a cookie
Writing a Session Writing a session is very similar to writing a cookie. The methods are writeSession, readSession, and deleteSession.1. Set the key/name of the session 2. Set the data to be associated with that key/name 4. Delete the data from the session 3. Retrieve the data associated with the key/name www.prodigyview.com
Store Array in Sessions Like cookies, objects and arrays can be stored in a session.1. Set the key/name of the session 2. Set the object or array to be associated with that key/name4. Delete the array or object from the session 3. Retrieve the array or object www.prodigyview.com
Secure Session Now if you want, you can encrypt data stored in a session. Whether or not this is necessary is controversial because the session is stored on the server and not accessible to the client.1. The the options for hashing a session 2. Pass the options in when writing and reading the session 3. The options should also be passed when deleting a session
Challenge!This is a challenge designed to better help you understandsessions and cookies in Prodigyview and PHP.1. Create an object that contains public, private and protected variables. 1 of each is fine.2. Set those variables with values. Make sure you can retrieve those values.3. Write the object to a session or cookie normally and write the object to a session or cookie that is encrypted.4. Read back the object and access the variables. Record the results.
Review1. Use PVSession::writeCookie() to write a cookie2. Use PVSession::readCookie() to read a cookie3. Use PVSession::deleteCookie() to remove a cookie4. Use PVSession::writeSession() to write a session5. Use PVSession::readSession() to read a session6. Use PVSession::deleteSession() to remove a session www.prodigyview.com
API ReferenceFor a better understanding of the sessions, visit the api byclicking on the link below.PVSession More TutorialsFor more tutorials, please visit:http://www.prodigyview.com/tutorials www.prodigyview.com
A particular slide catching your eye?
Clipping is a handy way to collect important slides you want to go back to later.