JV
Uploaded byJalpesh Vasa
461 views

4.4 PHP Session

The document discusses the use of cookies and sessions in PHP for managing user data in web applications. It outlines how cookies maintain state across HTTP requests, their limitations, and how to manipulate them with PHP functions like setcookie(). It also explains session management, including how to start sessions, store data, and clear session variables, emphasizing the need to balance various data handling methods for effective web development.

Embed presentation

Downloaded 60 times
PHP Cookies & Session
Cookies  HTTP cookies are data which a server-side script sends to a web client to keep for a period of time.  On every subsequent HTTP request, the web client automatically sends the cookies back to server (unless the cookie support is turned off).  The cookies are embedded in the HTTP header (and therefore not visible to the users).
Cookies  Shortcomings of using cookies to keep data  User may turn off cookies support.  Data are kept with the browser  Users using the same browser share the cookies.  Limited number of cookies (20) per server/domain and limited size (4k bytes) per cookie  Client can temper with cookies  Modify cookie files, use JavaScript to create/modify cookies, etc.  Notes  Don't always rely on cookies as the client may have turned off cookies support.  Don't store sensitive info in cookies
PHP – Accessing Cookies  To set a cookie, call setcookie()  e.g., setcookie('username', 'Joe');  To delete a cookie (use setcookie() without a value)  e.g., setcookie('username');  To retrieve a cookie, refer to $COOKIE  e.g. $username = $_COOKIE('username');  Note:  Cookies can only be set before any output is sent.  You cannot set and access a cookie in the same page. Cookies set in a page are available only in the future requests.
PHP – More About Setting Cookies … setcookie(name, value, expiration, path, domain, secure, httponly)  expiration  Cookie expiration time in seconds  0  The cookie is not to be stored persistently and will be deleted when the web client closes.  Negative value  Request the web client to delete the cookie  e.g.: setcookie('username', 'Joe', time() + 1800); // Expire in 30 minutes
PHP – More About Setting Cookies …  path  Sets the path to which the cookie applies.  The cookie is only visible to all the pages in that directory and its sub-directories.  If set to '/', the cookie will be available within the entire domain.  If set to '/foo/', the cookie will only be available within the /foo/ directory and all sub-directories such as /foo/bar/ of domain .  The default value is the current directory that the cookie is being set in.
PHP – More About Setting Cookies …  domain  The domain that the cookie is available.  To make the cookie available on all subdomains of example.com, you'd set it to '.example.com'.  Setting it to 'www.example.com' will make the cookie only available in the www subdomain.  secure  Indicates that the cookie should only be transmitted over a secure HTTPS connection from the client. When set to TRUE, the cookie will only be set if a secure connection exists. The default is FALSE.  httponly  When TRUE the cookie will be made accessible only through the HTTP protocol.
URL-Rewriting  Append the data to the URL  e.g.: http://www.xyz.com/foo.php?name1=value1&name2=value2  Data are kept along with the "page"  Need to append the data to every URL in the page that needs to carry the data to another page.  Every 'name' and 'value' should be URL encoded using urlencode().  Shortcoming of using URL-rewriting to keep data:  Limited number of characters in an URL  Not suitable for sensitive info  You can encrypt the data to improve security (e.g., www.ebay.com)  Breaks when a user access a static HTML page
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 PHP – URL-Rewriting Example <?php // Append all (key, value) pairs in $array to $url as // $url?key1=value1&key2=value2&… function append_data_to_url($url, $array) { $first = true; $url .= '?'; foreach ($array as $key => $value) { if (! $first) $url .= '&'; else $first = false; $url .= urlencode($key) . '=' . urlencode($value); } return $url; } // Continue next page
18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 PHP – URL-Rewriting Example // A script that lists 20 items per page $current_page = $_REQUEST['page']; $sort_order = $_REQUEST['sort']; // Perform validation and set default values here … // Create parameters that need to be appended to URL $params = array('page' => $current_page + 1, 'sort' => $sort_order); // Append the above parameters to the URL that links // to the next page $next_page_url = append_data_to_url( $_SERVER['PHP_SELF'], $params); // Repeat for other URLs that need to carry data // in the URL … ?>
36 37 38 39 40 41 42 43 44 45 46 PHP – URL-Rewriting Example  In this example, when the user clicks the "Next Page" link, the script will knows which page to display and what sorting order to use. <html><head><title>URL-Rewriting Example</title></head> <body> <?php // Retrieve and display current page's data here … ?> <a href="<?php echo $next_page_url;?>">Next Page</a> … </body></html>
Hidden Fields in HTML Form  Data are encoded as hidden fields in HTML form as: <input type="hidden" name="username" value="CJ Yuan" />  Shortcoming of using URL-rewriting to keep data:  Require HTML form elements
Session  A session is a period of time in which all activities happened within the period by the same web client are considered "related" (typically belong to the same application.)  Session Tracking – keeping track of users as they traverse from one web page (generated from a script) to another within a website (or within a web application).
How Session Works?  The first time a web client visits a server, the server sends a unique "session ID" to the web client for the client to keep.  Session ID is typically stored in the cookies.  The session ID is used by the server to identify the client.  For each session ID created, the server also creates a storage space. Server-side scripts that receive the same session ID share the same storage space.  The storage space is typically implemented as a map-liked data structure.  In PHP, it is an associative array named $_SESSION[].  A session's "storage space" is only kept alive for a period of time (session period) or until it is explicitly deleted.
1 2 3 4 5 6 7 8 9 10 PHP – Participating in a session The first time session_start() is called, it will attempt to send a cookie named PHPSESSID with a generated session ID made up of 32 hexadecimal letters. The data stored in $_SESSION[] will be saved in an external file when the script exits. <?php // Must call this function first in all scripts that // need to participate in the same session. session_start(); // Now we can read/write data from/to $_SESSION[] if (authenticate($_POST['user'], $_POST['passwd'])) { // Use this value to remember if a user has 'logged in' $_SESSION['user'] = $_POST['user']; } else unset($_SESSION['user']); … ?> login.php
1 2 3 4 5 6 7 8 9 10 PHP – Participating in a session (continue) If a user has successfully logged in through login.php, then The next time session_start() is called, it will load the session data from a file into $_SESSION[] based on the value of PHPSESSID. <?php // To participate in the session session_start(); // Session data set in login.php are available here if (! isset($_SESSION['user'])) { // User has not yet logged on } … ?> another_file.php
1 2 3 4 5 6 7 8 9 10 11 12 13 14 PHP – Ending a session Note: session_name() returns the name of the cookie that stores the session ID. <?php // To start or participate in a session. session_start(); $_SESSION = array(); // Clearing all session data // Delete the cookie that stores the session ID to KILL the session if (isset($_COOKIE[session_name()])) setcookie(session_name(), '', time()-3600, '/'); // Finally, destroy the session (Deleting // the session data stored in the file) session_destroy(); ?> logout.php
PHP – Setting Session Parameters in php.ini Some of the session related parameters in "php.ini": ; This option enables administrators to make their users invulnerable to ; attacks which involve passing session ids in URLs; defaults to 0. ; session.use_only_cookies = 1 ; Name of the session (used as cookie name). session.name = PHPSESSID ; Initialize session on request startup. session.auto_start = 0 ; Lifetime in seconds of cookie or, if 0, until browser is restarted. session.cookie_lifetime = 0 ; The path for which the cookie is valid. session.cookie_path = / ; The domain for which the cookie is valid. session.cookie_domain =
PHP – Function For Setting Session Parameters void session_set_cookie_params( int $lifetime, string $path, string $domain, bool $secure=false, bool $httponly=false )  Set cookie parameters defined in the php.ini file. The effect of this function only lasts for the duration of the script. Thus, you need to call this function for every request and before session_start() is called.  Default value of $path is '/'. To prevent session ID from being discovered by other PHP scripts running in the same domain, you should set $path to the subfolder where your scripts are stored.
Combined Use  All of Cookies, URL-rewriting, Hidden Fields, and Session can be simultaneously used in a web application.  Cookies: Can persist data for long period but is not suitable for keeping sensitive data or large amount of data.  URL-rewriting: Keep data along with page  Hidden Fields: Keep data along with page (can keep more data but requires HTML form)  Session Objects: Keep "short-live" data shared among the server-side scripts within a web application for a particular web client.
Summary  Session Management  Cookies  URL-Rewriting  Hidden Fields in HTML Form  High level APIs in Java and HttpSession Objects.  References  http://en.wikipedia.org/wiki/HTTP_cookie  PHP Manual – Session Handling  http://hk.php.net/manual/en/book.session.php

More Related Content

PDF
Security in php
byJalpesh Vasa
 
PPT
php $_GET / $_POST / $_SESSION
bytumetr1
 
PPT
Php - Getting good with session
byFirdaus Adib
 
PPTX
Php session 3 Important topics
bymohamedsaad24
 
PPTX
Sessions and cookies in php
byPavan b
 
PPTX
Session php
by200Hussain
 
PPTX
Sessions in php
byMudasir Syed
 
ODP
PHP BASIC PRESENTATION
bykrutitrivedi
 
Security in php
byJalpesh Vasa
 
php $_GET / $_POST / $_SESSION
bytumetr1
 
Php - Getting good with session
byFirdaus Adib
 
Php session 3 Important topics
bymohamedsaad24
 
Sessions and cookies in php
byPavan b
 
Session php
by200Hussain
 
Sessions in php
byMudasir Syed
 
PHP BASIC PRESENTATION
bykrutitrivedi
 

What's hot

PPT
season management in php (WT)
bykunjan shah
 
PPT
Parameter Passing & Session Tracking in PHP
byamichoksi
 
PPT
Cookies and sessions
byLena Petsenchuk
 
PPTX
Session handling in php
bybaabtra.com - No. 1 supplier of quality freshers
 
PPT
Manish
byManish Jain
 
DOC
Creating a Simple PHP and MySQL-Based Login System
byAzharul Haque Shohan
 
PPT
Cookies and sessions
byUdaAs PaNchi
 
PPT
New: Two Methods of Installing Drupal on Windows XP with XAMPP
byRupesh Kumar
 
DOC
Php Server Var
byarvind34
 
PDF
httpd — Apache Web Server
bywebhostingguy
 
ODT
Php
byksujitha
 
PPT
PHP - Introduction to PHP Cookies and Sessions
byVibrant Technologies & Computers
 
PDF
backend
bytutorialsruby
 
PPT
PHP and MySQL PHP Written as a set of CGI binaries in C in ...
bywebhostingguy
 
DOC
Php sessions
byclickon2010
 
PPTX
Sessions n cookies
bybaabtra.com - No. 1 supplier of quality freshers
 
PDF
Introduction to php web programming - get and post
bybaabtra.com - No. 1 supplier of quality freshers
 
PPTX
Php basics
byEgerton University
 
PDF
extending-php
bytutorialsruby
 
PPT
Php basic for vit university
byMandakini Kumari
 
season management in php (WT)
bykunjan shah
 
Parameter Passing & Session Tracking in PHP
byamichoksi
 
Cookies and sessions
byLena Petsenchuk
 
Session handling in php
bybaabtra.com - No. 1 supplier of quality freshers
 
Manish
byManish Jain
 
Creating a Simple PHP and MySQL-Based Login System
byAzharul Haque Shohan
 
Cookies and sessions
byUdaAs PaNchi
 
New: Two Methods of Installing Drupal on Windows XP with XAMPP
byRupesh Kumar
 
Php Server Var
byarvind34
 
httpd — Apache Web Server
bywebhostingguy
 
Php
byksujitha
 
PHP - Introduction to PHP Cookies and Sessions
byVibrant Technologies & Computers
 
backend
bytutorialsruby
 
PHP and MySQL PHP Written as a set of CGI binaries in C in ...
bywebhostingguy
 
Php sessions
byclickon2010
 
Sessions n cookies
bybaabtra.com - No. 1 supplier of quality freshers
 
Introduction to php web programming - get and post
bybaabtra.com - No. 1 supplier of quality freshers
 
Php basics
byEgerton University
 
extending-php
bytutorialsruby
 
Php basic for vit university
byMandakini Kumari
 

Similar to 4.4 PHP Session

PDF
PHP-Cookies-Sessions.pdf
byHumphreyOwuor1
 
PPT
Php ssession - cookies -introduction
byProgrammer Blog
 
PPT
Lecture8 php page control by okello erick
byokelloerick
 
PPSX
Sessions and cookies
bywww.netgains.org
 
PPT
Lecture 11 - PHP - Part 5 - CookiesSessions.ppt
bySreejithVP7
 
PPT
Lecture 11 - PHP - Part 5 - CookiesSessions.ppt
bypondypaiyan
 
PDF
Web app development_cookies_sessions_14
byHassen Poreya
 
PPT
Week#12 CookiesSessions Included Session Management using session and cookies...
byKamrankhan925215
 
PPT
Session,cookies
byrkmourya511
 
PPTX
PHP COOKIES AND SESSIONS
byDegu8
 
PPTX
FP512 Cookies sessions
byFatin Fatihayah
 
PPTX
Cookies and Session
byKoraStats
 
PPTX
PHP Forms,sessions and file handling with example
bysontibhanuprasad
 
PDF
Introduction to php web programming - sessions and cookies
bybaabtra.com - No. 1 supplier of quality freshers
 
PDF
PHP Making Web Forms
bykrishnapriya Tadepalli
 
PPTX
PHP SESSIONS & COOKIE.pptx
byShitalGhotekar
 
ODP
Session Management & Cookies In Php
byHarit Kothari
 
PPT
PHP-07-Cookies-Sessions indepth powerpoint
byspadhi2
 
PPTX
Cookie and session
byAashish Ghale
 
PPTX
PHP Cookies and Sessions
byNisa Soomro
 
PHP-Cookies-Sessions.pdf
byHumphreyOwuor1
 
Php ssession - cookies -introduction
byProgrammer Blog
 
Lecture8 php page control by okello erick
byokelloerick
 
Sessions and cookies
bywww.netgains.org
 
Lecture 11 - PHP - Part 5 - CookiesSessions.ppt
bySreejithVP7
 
Lecture 11 - PHP - Part 5 - CookiesSessions.ppt
bypondypaiyan
 
Web app development_cookies_sessions_14
byHassen Poreya
 
Week#12 CookiesSessions Included Session Management using session and cookies...
byKamrankhan925215
 
Session,cookies
byrkmourya511
 
PHP COOKIES AND SESSIONS
byDegu8
 
FP512 Cookies sessions
byFatin Fatihayah
 
Cookies and Session
byKoraStats
 
PHP Forms,sessions and file handling with example
bysontibhanuprasad
 
Introduction to php web programming - sessions and cookies
bybaabtra.com - No. 1 supplier of quality freshers
 
PHP Making Web Forms
bykrishnapriya Tadepalli
 
PHP SESSIONS & COOKIE.pptx
byShitalGhotekar
 
Session Management & Cookies In Php
byHarit Kothari
 
PHP-07-Cookies-Sessions indepth powerpoint
byspadhi2
 
Cookie and session
byAashish Ghale
 
PHP Cookies and Sessions
byNisa Soomro
 

More from Jalpesh Vasa

PDF
Object Oriented PHP - PART-1
byJalpesh Vasa
 
PDF
Object Oriented PHP - PART-2
byJalpesh Vasa
 
PDF
5. HTML5
byJalpesh Vasa
 
PDF
4.3 MySQL + PHP
byJalpesh Vasa
 
PDF
4.2 PHP Function
byJalpesh Vasa
 
PDF
4.1 PHP Arrays
byJalpesh Vasa
 
PDF
4 Basic PHP
byJalpesh Vasa
 
PDF
3.2.1 javascript regex example
byJalpesh Vasa
 
PDF
3.2 javascript regex
byJalpesh Vasa
 
PDF
3. Java Script
byJalpesh Vasa
 
PDF
3.1 javascript objects_DOM
byJalpesh Vasa
 
PDF
2 introduction css
byJalpesh Vasa
 
PDF
1 web technologies
byJalpesh Vasa
 
PDF
Remote Method Invocation in JAVA
byJalpesh Vasa
 
PDF
Kotlin for android development
byJalpesh Vasa
 
Object Oriented PHP - PART-1
byJalpesh Vasa
 
Object Oriented PHP - PART-2
byJalpesh Vasa
 
5. HTML5
byJalpesh Vasa
 
4.3 MySQL + PHP
byJalpesh Vasa
 
4.2 PHP Function
byJalpesh Vasa
 
4.1 PHP Arrays
byJalpesh Vasa
 
4 Basic PHP
byJalpesh Vasa
 
3.2.1 javascript regex example
byJalpesh Vasa
 
3.2 javascript regex
byJalpesh Vasa
 
3. Java Script
byJalpesh Vasa
 
3.1 javascript objects_DOM
byJalpesh Vasa
 
2 introduction css
byJalpesh Vasa
 
1 web technologies
byJalpesh Vasa
 
Remote Method Invocation in JAVA
byJalpesh Vasa
 
Kotlin for android development
byJalpesh Vasa
 

Recently uploaded

PPTX
Multiple Linear Regression - Least Square Method X₁ on X₂ and X₃
bySundar B N
 
PPTX
How to Track a Link Using Odoo 18 SMS Marketing
byCeline George
 
PPTX
ATTENTION -PART 2.pptx Shilpa Hotakar for I semester BSc students
bySHILPA HOTAKAR
 
PDF
Most Imp Chapters & Weightage for Boards 2025.pdf
byTamannaSagar
 
PDF
International Men's Day Event: Breaking the Silence: Embracing Vulnerability ...
byAssociation for Project Management
 
PDF
Biology Practical Class 12th 2025 PDF(2)-2-52.pdf
bySCPRPWomenCollegeChi
 
PPTX
PARENTAL ROUTES OF DRUGS ADMINISTRATION .pptx
byAneetaSharma15
 
PDF
Types of eggs and Egg membranes (Developmental Zoology)
bySudhandraKarthi
 
PPTX
Nursing Unit Management, patient care unit, physical layout of nursing unit,t...
byyellow4878
 
PDF
IMANI Africa files RTI request seeking full disclosure on 2026 SIM registrati...
bynservice241
 
PPTX
Repeat Orders_ Use Odoo Blanket Agreement
byCeline George
 
PPTX
Planning Assessment for Outcome-based Education
byAdri Jovin
 
PPTX
PURPOSIVE SAMPLING IN EDUCATIONAL RESEARCH RACHITHRA RK.pptx
byssuser047b711
 
PPTX
How to Manage Package Reservation in Odoo 18 Inventory
byCeline George
 
PPTX
TAMIS & TEMS - HOW, WHY and THE STEPS IN PROCTOLOGY
byJohn Thanakumar
 
PDF
Cultivating Greatness Pune's Best Preschools and Schools.pdf
byWellington College
 
PDF
Scalable-MADDPG-Based Cooperative Target Invasion for a Multi-USV System.pdf
byMan_Ebook
 
PDF
M.Sc. Nonchordates Complete Syllabus PPT | All Important Topics Covered
byKNIPSS SULTANPUR
 
PDF
Analyzing the data of your initial survey
byThelma Villaflores
 
PPTX
META-ANALYSIS INTERPRETATION, PUBLICATION BIAS AND GRADE ASSESSMENT.pptx
bySystematic Reviews Network (SRN)
 
Multiple Linear Regression - Least Square Method X₁ on X₂ and X₃
bySundar B N
 
How to Track a Link Using Odoo 18 SMS Marketing
byCeline George
 
ATTENTION -PART 2.pptx Shilpa Hotakar for I semester BSc students
bySHILPA HOTAKAR
 
Most Imp Chapters & Weightage for Boards 2025.pdf
byTamannaSagar
 
International Men's Day Event: Breaking the Silence: Embracing Vulnerability ...
byAssociation for Project Management
 
Biology Practical Class 12th 2025 PDF(2)-2-52.pdf
bySCPRPWomenCollegeChi
 
PARENTAL ROUTES OF DRUGS ADMINISTRATION .pptx
byAneetaSharma15
 
Types of eggs and Egg membranes (Developmental Zoology)
bySudhandraKarthi
 
Nursing Unit Management, patient care unit, physical layout of nursing unit,t...
byyellow4878
 
IMANI Africa files RTI request seeking full disclosure on 2026 SIM registrati...
bynservice241
 
Repeat Orders_ Use Odoo Blanket Agreement
byCeline George
 
Planning Assessment for Outcome-based Education
byAdri Jovin
 
PURPOSIVE SAMPLING IN EDUCATIONAL RESEARCH RACHITHRA RK.pptx
byssuser047b711
 
How to Manage Package Reservation in Odoo 18 Inventory
byCeline George
 
TAMIS & TEMS - HOW, WHY and THE STEPS IN PROCTOLOGY
byJohn Thanakumar
 
Cultivating Greatness Pune's Best Preschools and Schools.pdf
byWellington College
 
Scalable-MADDPG-Based Cooperative Target Invasion for a Multi-USV System.pdf
byMan_Ebook
 
M.Sc. Nonchordates Complete Syllabus PPT | All Important Topics Covered
byKNIPSS SULTANPUR
 
Analyzing the data of your initial survey
byThelma Villaflores
 
META-ANALYSIS INTERPRETATION, PUBLICATION BIAS AND GRADE ASSESSMENT.pptx
bySystematic Reviews Network (SRN)
 

4.4 PHP Session

  • 1.
  • 2.
    Cookies  HTTP cookiesare data which a server-side script sends to a web client to keep for a period of time.  On every subsequent HTTP request, the web client automatically sends the cookies back to server (unless the cookie support is turned off).  The cookies are embedded in the HTTP header (and therefore not visible to the users).
  • 3.
    Cookies  Shortcomings ofusing cookies to keep data  User may turn off cookies support.  Data are kept with the browser  Users using the same browser share the cookies.  Limited number of cookies (20) per server/domain and limited size (4k bytes) per cookie  Client can temper with cookies  Modify cookie files, use JavaScript to create/modify cookies, etc.  Notes  Don't always rely on cookies as the client may have turned off cookies support.  Don't store sensitive info in cookies
  • 4.
    PHP – AccessingCookies  To set a cookie, call setcookie()  e.g., setcookie('username', 'Joe');  To delete a cookie (use setcookie() without a value)  e.g., setcookie('username');  To retrieve a cookie, refer to $COOKIE  e.g. $username = $_COOKIE('username');  Note:  Cookies can only be set before any output is sent.  You cannot set and access a cookie in the same page. Cookies set in a page are available only in the future requests.
  • 5.
    PHP – MoreAbout Setting Cookies … setcookie(name, value, expiration, path, domain, secure, httponly)  expiration  Cookie expiration time in seconds  0  The cookie is not to be stored persistently and will be deleted when the web client closes.  Negative value  Request the web client to delete the cookie  e.g.: setcookie('username', 'Joe', time() + 1800); // Expire in 30 minutes
  • 6.
    PHP – MoreAbout Setting Cookies …  path  Sets the path to which the cookie applies.  The cookie is only visible to all the pages in that directory and its sub-directories.  If set to '/', the cookie will be available within the entire domain.  If set to '/foo/', the cookie will only be available within the /foo/ directory and all sub-directories such as /foo/bar/ of domain .  The default value is the current directory that the cookie is being set in.
  • 7.
    PHP – MoreAbout Setting Cookies …  domain  The domain that the cookie is available.  To make the cookie available on all subdomains of example.com, you'd set it to '.example.com'.  Setting it to 'www.example.com' will make the cookie only available in the www subdomain.  secure  Indicates that the cookie should only be transmitted over a secure HTTPS connection from the client. When set to TRUE, the cookie will only be set if a secure connection exists. The default is FALSE.  httponly  When TRUE the cookie will be made accessible only through the HTTP protocol.
  • 8.
    URL-Rewriting  Append thedata to the URL  e.g.: http://www.xyz.com/foo.php?name1=value1&name2=value2  Data are kept along with the "page"  Need to append the data to every URL in the page that needs to carry the data to another page.  Every 'name' and 'value' should be URL encoded using urlencode().  Shortcoming of using URL-rewriting to keep data:  Limited number of characters in an URL  Not suitable for sensitive info  You can encrypt the data to improve security (e.g., www.ebay.com)  Breaks when a user access a static HTML page
  • 9.
    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 PHP – URL-RewritingExample <?php // Append all (key, value) pairs in $array to $url as // $url?key1=value1&key2=value2&… function append_data_to_url($url, $array) { $first = true; $url .= '?'; foreach ($array as $key => $value) { if (! $first) $url .= '&'; else $first = false; $url .= urlencode($key) . '=' . urlencode($value); } return $url; } // Continue next page
  • 10.
    18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 PHP – URL-RewritingExample // A script that lists 20 items per page $current_page = $_REQUEST['page']; $sort_order = $_REQUEST['sort']; // Perform validation and set default values here … // Create parameters that need to be appended to URL $params = array('page' => $current_page + 1, 'sort' => $sort_order); // Append the above parameters to the URL that links // to the next page $next_page_url = append_data_to_url( $_SERVER['PHP_SELF'], $params); // Repeat for other URLs that need to carry data // in the URL … ?>
  • 11.
    36 37 38 39 40 41 42 43 44 45 46 PHP – URL-RewritingExample  In this example, when the user clicks the "Next Page" link, the script will knows which page to display and what sorting order to use. <html><head><title>URL-Rewriting Example</title></head> <body> <?php // Retrieve and display current page's data here … ?> <a href="<?php echo $next_page_url;?>">Next Page</a> … </body></html>
  • 12.
    Hidden Fields inHTML Form  Data are encoded as hidden fields in HTML form as: <input type="hidden" name="username" value="CJ Yuan" />  Shortcoming of using URL-rewriting to keep data:  Require HTML form elements
  • 13.
    Session  A sessionis a period of time in which all activities happened within the period by the same web client are considered "related" (typically belong to the same application.)  Session Tracking – keeping track of users as they traverse from one web page (generated from a script) to another within a website (or within a web application).
  • 14.
    How Session Works? The first time a web client visits a server, the server sends a unique "session ID" to the web client for the client to keep.  Session ID is typically stored in the cookies.  The session ID is used by the server to identify the client.  For each session ID created, the server also creates a storage space. Server-side scripts that receive the same session ID share the same storage space.  The storage space is typically implemented as a map-liked data structure.  In PHP, it is an associative array named $_SESSION[].  A session's "storage space" is only kept alive for a period of time (session period) or until it is explicitly deleted.
  • 15.
    1 2 3 4 5 6 7 8 9 10 PHP – Participatingin a session The first time session_start() is called, it will attempt to send a cookie named PHPSESSID with a generated session ID made up of 32 hexadecimal letters. The data stored in $_SESSION[] will be saved in an external file when the script exits. <?php // Must call this function first in all scripts that // need to participate in the same session. session_start(); // Now we can read/write data from/to $_SESSION[] if (authenticate($_POST['user'], $_POST['passwd'])) { // Use this value to remember if a user has 'logged in' $_SESSION['user'] = $_POST['user']; } else unset($_SESSION['user']); … ?> login.php
  • 16.
    1 2 3 4 5 6 7 8 9 10 PHP – Participatingin a session (continue) If a user has successfully logged in through login.php, then The next time session_start() is called, it will load the session data from a file into $_SESSION[] based on the value of PHPSESSID. <?php // To participate in the session session_start(); // Session data set in login.php are available here if (! isset($_SESSION['user'])) { // User has not yet logged on } … ?> another_file.php
  • 17.
    1 2 3 4 5 6 7 8 9 10 11 12 13 14 PHP – Endinga session Note: session_name() returns the name of the cookie that stores the session ID. <?php // To start or participate in a session. session_start(); $_SESSION = array(); // Clearing all session data // Delete the cookie that stores the session ID to KILL the session if (isset($_COOKIE[session_name()])) setcookie(session_name(), '', time()-3600, '/'); // Finally, destroy the session (Deleting // the session data stored in the file) session_destroy(); ?> logout.php
  • 18.
    PHP – SettingSession Parameters in php.ini Some of the session related parameters in "php.ini": ; This option enables administrators to make their users invulnerable to ; attacks which involve passing session ids in URLs; defaults to 0. ; session.use_only_cookies = 1 ; Name of the session (used as cookie name). session.name = PHPSESSID ; Initialize session on request startup. session.auto_start = 0 ; Lifetime in seconds of cookie or, if 0, until browser is restarted. session.cookie_lifetime = 0 ; The path for which the cookie is valid. session.cookie_path = / ; The domain for which the cookie is valid. session.cookie_domain =
  • 19.
    PHP – FunctionFor Setting Session Parameters void session_set_cookie_params( int $lifetime, string $path, string $domain, bool $secure=false, bool $httponly=false )  Set cookie parameters defined in the php.ini file. The effect of this function only lasts for the duration of the script. Thus, you need to call this function for every request and before session_start() is called.  Default value of $path is '/'. To prevent session ID from being discovered by other PHP scripts running in the same domain, you should set $path to the subfolder where your scripts are stored.
  • 20.
    Combined Use  Allof Cookies, URL-rewriting, Hidden Fields, and Session can be simultaneously used in a web application.  Cookies: Can persist data for long period but is not suitable for keeping sensitive data or large amount of data.  URL-rewriting: Keep data along with page  Hidden Fields: Keep data along with page (can keep more data but requires HTML form)  Session Objects: Keep "short-live" data shared among the server-side scripts within a web application for a particular web client.
  • 21.
    Summary  Session Management Cookies  URL-Rewriting  Hidden Fields in HTML Form  High level APIs in Java and HttpSession Objects.  References  http://en.wikipedia.org/wiki/HTTP_cookie  PHP Manual – Session Handling  http://hk.php.net/manual/en/book.session.php