SlideShare a Scribd company logo

4.4 PHP Session

J
Jalpesh Vasa

The document discusses the use of cookies and sessions in PHP for managing user data in web applications. It outlines how cookies maintain state across HTTP requests, their limitations, and how to manipulate them with PHP functions like setcookie(). It also explains session management, including how to start sessions, store data, and clear session variables, emphasizing the need to balance various data handling methods for effective web development.

Education
1 of 21
Downloaded 60 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
PHP Cookies & Session
Cookies  HTTP cookies are data which a server-side script sends to a web client to keep for a period of time.  On every subsequent HTTP request, the web client automatically sends the cookies back to server (unless the cookie support is turned off).  The cookies are embedded in the HTTP header (and therefore not visible to the users).
Cookies  Shortcomings of using cookies to keep data  User may turn off cookies support.  Data are kept with the browser  Users using the same browser share the cookies.  Limited number of cookies (20) per server/domain and limited size (4k bytes) per cookie  Client can temper with cookies  Modify cookie files, use JavaScript to create/modify cookies, etc.  Notes  Don't always rely on cookies as the client may have turned off cookies support.  Don't store sensitive info in cookies
PHP – Accessing Cookies  To set a cookie, call setcookie()  e.g., setcookie('username', 'Joe');  To delete a cookie (use setcookie() without a value)  e.g., setcookie('username');  To retrieve a cookie, refer to $COOKIE  e.g. $username = $_COOKIE('username');  Note:  Cookies can only be set before any output is sent.  You cannot set and access a cookie in the same page. Cookies set in a page are available only in the future requests.
PHP – More About Setting Cookies … setcookie(name, value, expiration, path, domain, secure, httponly)  expiration  Cookie expiration time in seconds  0  The cookie is not to be stored persistently and will be deleted when the web client closes.  Negative value  Request the web client to delete the cookie  e.g.: setcookie('username', 'Joe', time() + 1800); // Expire in 30 minutes
PHP – More About Setting Cookies …  path  Sets the path to which the cookie applies.  The cookie is only visible to all the pages in that directory and its sub-directories.  If set to '/', the cookie will be available within the entire domain.  If set to '/foo/', the cookie will only be available within the /foo/ directory and all sub-directories such as /foo/bar/ of domain .  The default value is the current directory that the cookie is being set in.
PHP – More About Setting Cookies …  domain  The domain that the cookie is available.  To make the cookie available on all subdomains of example.com, you'd set it to '.example.com'.  Setting it to 'www.example.com' will make the cookie only available in the www subdomain.  secure  Indicates that the cookie should only be transmitted over a secure HTTPS connection from the client. When set to TRUE, the cookie will only be set if a secure connection exists. The default is FALSE.  httponly  When TRUE the cookie will be made accessible only through the HTTP protocol.
URL-Rewriting  Append the data to the URL  e.g.: http://www.xyz.com/foo.php?name1=value1&name2=value2  Data are kept along with the "page"  Need to append the data to every URL in the page that needs to carry the data to another page.  Every 'name' and 'value' should be URL encoded using urlencode().  Shortcoming of using URL-rewriting to keep data:  Limited number of characters in an URL  Not suitable for sensitive info  You can encrypt the data to improve security (e.g., www.ebay.com)  Breaks when a user access a static HTML page
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 PHP – URL-Rewriting Example <?php // Append all (key, value) pairs in $array to $url as // $url?key1=value1&key2=value2&… function append_data_to_url($url, $array) { $first = true; $url .= '?'; foreach ($array as $key => $value) { if (! $first) $url .= '&'; else $first = false; $url .= urlencode($key) . '=' . urlencode($value); } return $url; } // Continue next page
18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 PHP – URL-Rewriting Example // A script that lists 20 items per page $current_page = $_REQUEST['page']; $sort_order = $_REQUEST['sort']; // Perform validation and set default values here … // Create parameters that need to be appended to URL $params = array('page' => $current_page + 1, 'sort' => $sort_order); // Append the above parameters to the URL that links // to the next page $next_page_url = append_data_to_url( $_SERVER['PHP_SELF'], $params); // Repeat for other URLs that need to carry data // in the URL … ?>
36 37 38 39 40 41 42 43 44 45 46 PHP – URL-Rewriting Example  In this example, when the user clicks the "Next Page" link, the script will knows which page to display and what sorting order to use. <html><head><title>URL-Rewriting Example</title></head> <body> <?php // Retrieve and display current page's data here … ?> <a href="<?php echo $next_page_url;?>">Next Page</a> … </body></html>
Hidden Fields in HTML Form  Data are encoded as hidden fields in HTML form as: <input type="hidden" name="username" value="CJ Yuan" />  Shortcoming of using URL-rewriting to keep data:  Require HTML form elements
Session  A session is a period of time in which all activities happened within the period by the same web client are considered "related" (typically belong to the same application.)  Session Tracking – keeping track of users as they traverse from one web page (generated from a script) to another within a website (or within a web application).
How Session Works?  The first time a web client visits a server, the server sends a unique "session ID" to the web client for the client to keep.  Session ID is typically stored in the cookies.  The session ID is used by the server to identify the client.  For each session ID created, the server also creates a storage space. Server-side scripts that receive the same session ID share the same storage space.  The storage space is typically implemented as a map-liked data structure.  In PHP, it is an associative array named $_SESSION[].  A session's "storage space" is only kept alive for a period of time (session period) or until it is explicitly deleted.
1 2 3 4 5 6 7 8 9 10 PHP – Participating in a session The first time session_start() is called, it will attempt to send a cookie named PHPSESSID with a generated session ID made up of 32 hexadecimal letters. The data stored in $_SESSION[] will be saved in an external file when the script exits. <?php // Must call this function first in all scripts that // need to participate in the same session. session_start(); // Now we can read/write data from/to $_SESSION[] if (authenticate($_POST['user'], $_POST['passwd'])) { // Use this value to remember if a user has 'logged in' $_SESSION['user'] = $_POST['user']; } else unset($_SESSION['user']); … ?> login.php
1 2 3 4 5 6 7 8 9 10 PHP – Participating in a session (continue) If a user has successfully logged in through login.php, then The next time session_start() is called, it will load the session data from a file into $_SESSION[] based on the value of PHPSESSID. <?php // To participate in the session session_start(); // Session data set in login.php are available here if (! isset($_SESSION['user'])) { // User has not yet logged on } … ?> another_file.php
1 2 3 4 5 6 7 8 9 10 11 12 13 14 PHP – Ending a session Note: session_name() returns the name of the cookie that stores the session ID. <?php // To start or participate in a session. session_start(); $_SESSION = array(); // Clearing all session data // Delete the cookie that stores the session ID to KILL the session if (isset($_COOKIE[session_name()])) setcookie(session_name(), '', time()-3600, '/'); // Finally, destroy the session (Deleting // the session data stored in the file) session_destroy(); ?> logout.php
PHP – Setting Session Parameters in php.ini Some of the session related parameters in "php.ini": ; This option enables administrators to make their users invulnerable to ; attacks which involve passing session ids in URLs; defaults to 0. ; session.use_only_cookies = 1 ; Name of the session (used as cookie name). session.name = PHPSESSID ; Initialize session on request startup. session.auto_start = 0 ; Lifetime in seconds of cookie or, if 0, until browser is restarted. session.cookie_lifetime = 0 ; The path for which the cookie is valid. session.cookie_path = / ; The domain for which the cookie is valid. session.cookie_domain =
PHP – Function For Setting Session Parameters void session_set_cookie_params( int $lifetime, string $path, string $domain, bool $secure=false, bool $httponly=false )  Set cookie parameters defined in the php.ini file. The effect of this function only lasts for the duration of the script. Thus, you need to call this function for every request and before session_start() is called.  Default value of $path is '/'. To prevent session ID from being discovered by other PHP scripts running in the same domain, you should set $path to the subfolder where your scripts are stored.
Combined Use  All of Cookies, URL-rewriting, Hidden Fields, and Session can be simultaneously used in a web application.  Cookies: Can persist data for long period but is not suitable for keeping sensitive data or large amount of data.  URL-rewriting: Keep data along with page  Hidden Fields: Keep data along with page (can keep more data but requires HTML form)  Session Objects: Keep "short-live" data shared among the server-side scripts within a web application for a particular web client.
Summary  Session Management  Cookies  URL-Rewriting  Hidden Fields in HTML Form  High level APIs in Java and HttpSession Objects.  References  http://en.wikipedia.org/wiki/HTTP_cookie  PHP Manual – Session Handling  http://hk.php.net/manual/en/book.session.php

More Related Content

PDF
Security in php
Jalpesh Vasa
 
PPT
php $_GET / $_POST / $_SESSION
tumetr1
 
PPT
Php - Getting good with session
Firdaus Adib
 
PPTX
Php session 3 Important topics
mohamedsaad24
 
PPTX
Sessions and cookies in php
Pavan b
 
PPTX
Session php
200Hussain
 
PPTX
Sessions in php
Mudasir Syed
 
ODP
PHP BASIC PRESENTATION
krutitrivedi
 
Security in php
Jalpesh Vasa
 
php $_GET / $_POST / $_SESSION
tumetr1
 
Php - Getting good with session
Firdaus Adib
 
Php session 3 Important topics
mohamedsaad24
 
Sessions and cookies in php
Pavan b
 
Session php
200Hussain
 
Sessions in php
Mudasir Syed
 
PHP BASIC PRESENTATION
krutitrivedi
 

What's hot (20)

PPT
season management in php (WT)
kunjan shah
 
PPT
Parameter Passing & Session Tracking in PHP
amichoksi
 
PPT
Cookies and sessions
Lena Petsenchuk
 
PPTX
Session handling in php
baabtra.com - No. 1 supplier of quality freshers
 
PPT
Manish
Manish Jain
 
DOC
Creating a Simple PHP and MySQL-Based Login System
Azharul Haque Shohan
 
PPT
Cookies and sessions
UdaAs PaNchi
 
PPT
New: Two Methods of Installing Drupal on Windows XP with XAMPP
Rupesh Kumar
 
DOC
Php Server Var
arvind34
 
PDF
httpd — Apache Web Server
webhostingguy
 
ODT
Php
ksujitha
 
PPT
PHP - Introduction to PHP Cookies and Sessions
Vibrant Technologies & Computers
 
PDF
backend
tutorialsruby
 
PPT
PHP and MySQL PHP Written as a set of CGI binaries in C in ...
webhostingguy
 
DOC
Php sessions
clickon2010
 
PPTX
Sessions n cookies
baabtra.com - No. 1 supplier of quality freshers
 
PDF
Introduction to php web programming - get and post
baabtra.com - No. 1 supplier of quality freshers
 
PPTX
Php basics
Egerton University
 
PDF
extending-php
tutorialsruby
 
PPT
Php basic for vit university
Mandakini Kumari
 
season management in php (WT)
kunjan shah
 
Parameter Passing & Session Tracking in PHP
amichoksi
 
Cookies and sessions
Lena Petsenchuk
 
Session handling in php
baabtra.com - No. 1 supplier of quality freshers
 
Manish
Manish Jain
 
Creating a Simple PHP and MySQL-Based Login System
Azharul Haque Shohan
 
Cookies and sessions
UdaAs PaNchi
 
New: Two Methods of Installing Drupal on Windows XP with XAMPP
Rupesh Kumar
 
Php Server Var
arvind34
 
httpd — Apache Web Server
webhostingguy
 
Php
ksujitha
 
PHP - Introduction to PHP Cookies and Sessions
Vibrant Technologies & Computers
 
backend
tutorialsruby
 
PHP and MySQL PHP Written as a set of CGI binaries in C in ...
webhostingguy
 
Php sessions
clickon2010
 
Sessions n cookies
baabtra.com - No. 1 supplier of quality freshers
 
Introduction to php web programming - get and post
baabtra.com - No. 1 supplier of quality freshers
 
Php basics
Egerton University
 
extending-php
tutorialsruby
 
Php basic for vit university
Mandakini Kumari
 
Ad

Similar to 4.4 PHP Session (20)

PDF
PHP-Cookies-Sessions.pdf
HumphreyOwuor1
 
PPT
Php ssession - cookies -introduction
Programmer Blog
 
PPT
Lecture8 php page control by okello erick
okelloerick
 
PPSX
Sessions and cookies
www.netgains.org
 
PPT
Lecture 11 - PHP - Part 5 - CookiesSessions.ppt
SreejithVP7
 
PPT
Lecture 11 - PHP - Part 5 - CookiesSessions.ppt
pondypaiyan
 
PDF
Web app development_cookies_sessions_14
Hassen Poreya
 
PPT
Session,cookies
rkmourya511
 
PPTX
PHP COOKIES AND SESSIONS
Degu8
 
PPTX
FP512 Cookies sessions
Fatin Fatihayah
 
PPTX
Cookies and Session
KoraStats
 
PDF
Introduction to php web programming - sessions and cookies
baabtra.com - No. 1 supplier of quality freshers
 
PDF
PHP Making Web Forms
krishnapriya Tadepalli
 
PPTX
PHP SESSIONS & COOKIE.pptx
ShitalGhotekar
 
ODP
Session Management & Cookies In Php
Harit Kothari
 
PPT
PHP-07-Cookies-Sessions indepth powerpoint
spadhi2
 
PPTX
Cookie and session
Aashish Ghale
 
PPTX
PHP Cookies and Sessions
Nisa Soomro
 
PPTX
Session and Cookies
Kamal Acharya
 
ODT
Php BASIC
Gayathri Sampathkumar
 
PHP-Cookies-Sessions.pdf
HumphreyOwuor1
 
Php ssession - cookies -introduction
Programmer Blog
 
Lecture8 php page control by okello erick
okelloerick
 
Sessions and cookies
www.netgains.org
 
Lecture 11 - PHP - Part 5 - CookiesSessions.ppt
SreejithVP7
 
Lecture 11 - PHP - Part 5 - CookiesSessions.ppt
pondypaiyan
 
Web app development_cookies_sessions_14
Hassen Poreya
 
Session,cookies
rkmourya511
 
PHP COOKIES AND SESSIONS
Degu8
 
FP512 Cookies sessions
Fatin Fatihayah
 
Cookies and Session
KoraStats
 
Introduction to php web programming - sessions and cookies
baabtra.com - No. 1 supplier of quality freshers
 
PHP Making Web Forms
krishnapriya Tadepalli
 
PHP SESSIONS & COOKIE.pptx
ShitalGhotekar
 
Session Management & Cookies In Php
Harit Kothari
 
PHP-07-Cookies-Sessions indepth powerpoint
spadhi2
 
Cookie and session
Aashish Ghale
 
PHP Cookies and Sessions
Nisa Soomro
 
Session and Cookies
Kamal Acharya
 
Php BASIC
Gayathri Sampathkumar
 
Ad

More from Jalpesh Vasa (15)

PDF
Object Oriented PHP - PART-1
Jalpesh Vasa
 
PDF
Object Oriented PHP - PART-2
Jalpesh Vasa
 
PDF
5. HTML5
Jalpesh Vasa
 
PDF
4.3 MySQL + PHP
Jalpesh Vasa
 
PDF
4.2 PHP Function
Jalpesh Vasa
 
PDF
4.1 PHP Arrays
Jalpesh Vasa
 
PDF
4 Basic PHP
Jalpesh Vasa
 
PDF
3.2.1 javascript regex example
Jalpesh Vasa
 
PDF
3.2 javascript regex
Jalpesh Vasa
 
PDF
3. Java Script
Jalpesh Vasa
 
PDF
3.1 javascript objects_DOM
Jalpesh Vasa
 
PDF
2 introduction css
Jalpesh Vasa
 
PDF
1 web technologies
Jalpesh Vasa
 
PDF
Remote Method Invocation in JAVA
Jalpesh Vasa
 
PDF
Kotlin for android development
Jalpesh Vasa
 
Object Oriented PHP - PART-1
Jalpesh Vasa
 
Object Oriented PHP - PART-2
Jalpesh Vasa
 
5. HTML5
Jalpesh Vasa
 
4.3 MySQL + PHP
Jalpesh Vasa
 
4.2 PHP Function
Jalpesh Vasa
 
4.1 PHP Arrays
Jalpesh Vasa
 
4 Basic PHP
Jalpesh Vasa
 
3.2.1 javascript regex example
Jalpesh Vasa
 
3.2 javascript regex
Jalpesh Vasa
 
3. Java Script
Jalpesh Vasa
 
3.1 javascript objects_DOM
Jalpesh Vasa
 
2 introduction css
Jalpesh Vasa
 
1 web technologies
Jalpesh Vasa
 
Remote Method Invocation in JAVA
Jalpesh Vasa
 
Kotlin for android development
Jalpesh Vasa
 

Recently uploaded (20)

PDF
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
PPTX
Tissue processing ( HISTOPATHOLOGICAL TECHNIQUE
mathiasmelwyn7
 
PDF
Computing-Curriculum for Schools in Ghana
abigailanane203
 
PPTX
master seminar digital applications in india
ananyaray35
 
PDF
A GUIDE TO GENETICS FOR UNDERGRADUATE MEDICAL STUDENTS
DrBincy A. S
 
PDF
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
PDF
Paper A Mock Exam 9_ Attempt review.pdf.
SameeraNaveed2
 
PDF
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
PDF
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
PDF
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
PDF
Yogi Goddess Pres Conference Studio Updates
LDMMia Reiki Lectures
 
PDF
LDMMIA Reiki Yoga Finals Review Spring Summer
LDMMia Reiki Lectures
 
PDF
Weekly quiz Compilation Jan -July 25.pdf
Nitin Suresh
 
PDF
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
PPTX
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
PPTX
History, Philosophy and sociology of education (1).pptx
tmdth1
 
PPTX
UV-Visible spectroscopy..pptx UV-Visible Spectroscopy – Electronic Transition...
Samruddhi Khonde
 
PPTX
Lesson notes of climatology university.
sgladness67
 
PDF
RMMM.pdf make it easy to upload and study
sajedul2
 
PDF
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
Tissue processing ( HISTOPATHOLOGICAL TECHNIQUE
mathiasmelwyn7
 
Computing-Curriculum for Schools in Ghana
abigailanane203
 
master seminar digital applications in india
ananyaray35
 
A GUIDE TO GENETICS FOR UNDERGRADUATE MEDICAL STUDENTS
DrBincy A. S
 
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
Paper A Mock Exam 9_ Attempt review.pdf.
SameeraNaveed2
 
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
Yogi Goddess Pres Conference Studio Updates
LDMMia Reiki Lectures
 
LDMMIA Reiki Yoga Finals Review Spring Summer
LDMMia Reiki Lectures
 
Weekly quiz Compilation Jan -July 25.pdf
Nitin Suresh
 
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
History, Philosophy and sociology of education (1).pptx
tmdth1
 
UV-Visible spectroscopy..pptx UV-Visible Spectroscopy – Electronic Transition...
Samruddhi Khonde
 
Lesson notes of climatology university.
sgladness67
 
RMMM.pdf make it easy to upload and study
sajedul2
 
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 

4.4 PHP Session

  • 1. PHP Cookies & Session
  • 2. Cookies  HTTP cookies are data which a server-side script sends to a web client to keep for a period of time.  On every subsequent HTTP request, the web client automatically sends the cookies back to server (unless the cookie support is turned off).  The cookies are embedded in the HTTP header (and therefore not visible to the users).
  • 3. Cookies  Shortcomings of using cookies to keep data  User may turn off cookies support.  Data are kept with the browser  Users using the same browser share the cookies.  Limited number of cookies (20) per server/domain and limited size (4k bytes) per cookie  Client can temper with cookies  Modify cookie files, use JavaScript to create/modify cookies, etc.  Notes  Don't always rely on cookies as the client may have turned off cookies support.  Don't store sensitive info in cookies
  • 4. PHP – Accessing Cookies  To set a cookie, call setcookie()  e.g., setcookie('username', 'Joe');  To delete a cookie (use setcookie() without a value)  e.g., setcookie('username');  To retrieve a cookie, refer to $COOKIE  e.g. $username = $_COOKIE('username');  Note:  Cookies can only be set before any output is sent.  You cannot set and access a cookie in the same page. Cookies set in a page are available only in the future requests.
  • 5. PHP – More About Setting Cookies … setcookie(name, value, expiration, path, domain, secure, httponly)  expiration  Cookie expiration time in seconds  0  The cookie is not to be stored persistently and will be deleted when the web client closes.  Negative value  Request the web client to delete the cookie  e.g.: setcookie('username', 'Joe', time() + 1800); // Expire in 30 minutes
  • 6. PHP – More About Setting Cookies …  path  Sets the path to which the cookie applies.  The cookie is only visible to all the pages in that directory and its sub-directories.  If set to '/', the cookie will be available within the entire domain.  If set to '/foo/', the cookie will only be available within the /foo/ directory and all sub-directories such as /foo/bar/ of domain .  The default value is the current directory that the cookie is being set in.
  • 7. PHP – More About Setting Cookies …  domain  The domain that the cookie is available.  To make the cookie available on all subdomains of example.com, you'd set it to '.example.com'.  Setting it to 'www.example.com' will make the cookie only available in the www subdomain.  secure  Indicates that the cookie should only be transmitted over a secure HTTPS connection from the client. When set to TRUE, the cookie will only be set if a secure connection exists. The default is FALSE.  httponly  When TRUE the cookie will be made accessible only through the HTTP protocol.
  • 8. URL-Rewriting  Append the data to the URL  e.g.: http://www.xyz.com/foo.php?name1=value1&name2=value2  Data are kept along with the "page"  Need to append the data to every URL in the page that needs to carry the data to another page.  Every 'name' and 'value' should be URL encoded using urlencode().  Shortcoming of using URL-rewriting to keep data:  Limited number of characters in an URL  Not suitable for sensitive info  You can encrypt the data to improve security (e.g., www.ebay.com)  Breaks when a user access a static HTML page
  • 9. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 PHP – URL-Rewriting Example <?php // Append all (key, value) pairs in $array to $url as // $url?key1=value1&key2=value2&… function append_data_to_url($url, $array) { $first = true; $url .= '?'; foreach ($array as $key => $value) { if (! $first) $url .= '&'; else $first = false; $url .= urlencode($key) . '=' . urlencode($value); } return $url; } // Continue next page
  • 10. 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 PHP – URL-Rewriting Example // A script that lists 20 items per page $current_page = $_REQUEST['page']; $sort_order = $_REQUEST['sort']; // Perform validation and set default values here … // Create parameters that need to be appended to URL $params = array('page' => $current_page + 1, 'sort' => $sort_order); // Append the above parameters to the URL that links // to the next page $next_page_url = append_data_to_url( $_SERVER['PHP_SELF'], $params); // Repeat for other URLs that need to carry data // in the URL … ?>
  • 11. 36 37 38 39 40 41 42 43 44 45 46 PHP – URL-Rewriting Example  In this example, when the user clicks the "Next Page" link, the script will knows which page to display and what sorting order to use. <html><head><title>URL-Rewriting Example</title></head> <body> <?php // Retrieve and display current page's data here … ?> <a href="<?php echo $next_page_url;?>">Next Page</a> … </body></html>
  • 12. Hidden Fields in HTML Form  Data are encoded as hidden fields in HTML form as: <input type="hidden" name="username" value="CJ Yuan" />  Shortcoming of using URL-rewriting to keep data:  Require HTML form elements
  • 13. Session  A session is a period of time in which all activities happened within the period by the same web client are considered "related" (typically belong to the same application.)  Session Tracking – keeping track of users as they traverse from one web page (generated from a script) to another within a website (or within a web application).
  • 14. How Session Works?  The first time a web client visits a server, the server sends a unique "session ID" to the web client for the client to keep.  Session ID is typically stored in the cookies.  The session ID is used by the server to identify the client.  For each session ID created, the server also creates a storage space. Server-side scripts that receive the same session ID share the same storage space.  The storage space is typically implemented as a map-liked data structure.  In PHP, it is an associative array named $_SESSION[].  A session's "storage space" is only kept alive for a period of time (session period) or until it is explicitly deleted.
  • 15. 1 2 3 4 5 6 7 8 9 10 PHP – Participating in a session The first time session_start() is called, it will attempt to send a cookie named PHPSESSID with a generated session ID made up of 32 hexadecimal letters. The data stored in $_SESSION[] will be saved in an external file when the script exits. <?php // Must call this function first in all scripts that // need to participate in the same session. session_start(); // Now we can read/write data from/to $_SESSION[] if (authenticate($_POST['user'], $_POST['passwd'])) { // Use this value to remember if a user has 'logged in' $_SESSION['user'] = $_POST['user']; } else unset($_SESSION['user']); … ?> login.php
  • 16. 1 2 3 4 5 6 7 8 9 10 PHP – Participating in a session (continue) If a user has successfully logged in through login.php, then The next time session_start() is called, it will load the session data from a file into $_SESSION[] based on the value of PHPSESSID. <?php // To participate in the session session_start(); // Session data set in login.php are available here if (! isset($_SESSION['user'])) { // User has not yet logged on } … ?> another_file.php
  • 17. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 PHP – Ending a session Note: session_name() returns the name of the cookie that stores the session ID. <?php // To start or participate in a session. session_start(); $_SESSION = array(); // Clearing all session data // Delete the cookie that stores the session ID to KILL the session if (isset($_COOKIE[session_name()])) setcookie(session_name(), '', time()-3600, '/'); // Finally, destroy the session (Deleting // the session data stored in the file) session_destroy(); ?> logout.php
  • 18. PHP – Setting Session Parameters in php.ini Some of the session related parameters in "php.ini": ; This option enables administrators to make their users invulnerable to ; attacks which involve passing session ids in URLs; defaults to 0. ; session.use_only_cookies = 1 ; Name of the session (used as cookie name). session.name = PHPSESSID ; Initialize session on request startup. session.auto_start = 0 ; Lifetime in seconds of cookie or, if 0, until browser is restarted. session.cookie_lifetime = 0 ; The path for which the cookie is valid. session.cookie_path = / ; The domain for which the cookie is valid. session.cookie_domain =
  • 19. PHP – Function For Setting Session Parameters void session_set_cookie_params( int $lifetime, string $path, string $domain, bool $secure=false, bool $httponly=false )  Set cookie parameters defined in the php.ini file. The effect of this function only lasts for the duration of the script. Thus, you need to call this function for every request and before session_start() is called.  Default value of $path is '/'. To prevent session ID from being discovered by other PHP scripts running in the same domain, you should set $path to the subfolder where your scripts are stored.
  • 20. Combined Use  All of Cookies, URL-rewriting, Hidden Fields, and Session can be simultaneously used in a web application.  Cookies: Can persist data for long period but is not suitable for keeping sensitive data or large amount of data.  URL-rewriting: Keep data along with page  Hidden Fields: Keep data along with page (can keep more data but requires HTML form)  Session Objects: Keep "short-live" data shared among the server-side scripts within a web application for a particular web client.
  • 21. Summary  Session Management  Cookies  URL-Rewriting  Hidden Fields in HTML Form  High level APIs in Java and HttpSession Objects.  References  http://en.wikipedia.org/wiki/HTTP_cookie  PHP Manual – Session Handling  http://hk.php.net/manual/en/book.session.php