Cookies and Sessions - PowerPoint PPT Presentation

1 / 40
About This Presentation
Title:

Cookies and Sessions

Description:

setcookie(name,value,expiration) ... You won a new blue Book! Template Example cont. ?php. include ' ... You won a new blue Book! Nested template example ?php ... – PowerPoint PPT presentation

Number of Views:502
Avg rating:3.0/5.0
Slides: 41
Provided by: jasonc9
Category:
Tags: blue | book | cookies | sessions | value

less

Transcript and Presenter's Notes

Title: Cookies and Sessions


1
Cookies and Sessions
  • Cookies are useful for storing user info that
    should be retained from one page to the next.
    (Overcome the stateless nature of the web)
  • Cookies are written to the clients hard drive.
  • Problems
  • User can disable cookies in the browser
  • Cookies may be viewed by other users
  • Can only store 20 cookies max 4KB.
  • Some browsers may display incorrectly unless all
    options are set in setcookie() (eg expiration
    time, path)
  • C\documents and settings\jceddia\cookies\jceddia_at_
    phpbuilder1.txt

2
Creating a cookie
  • setcookie(name,value,expiration)
  • Eg, setcookie(fruit,banana,time()3600) The
    cookie is called fruit and has a value of
    banana it will expire 1 hr from now.
  • Eg. setcookie(username,jceddia,time()1800)
  • Cookie values are sent as part of the HTTP
    headers (transparent to user). No output should
    be sent to the browser (echo etc) until the
    cookie is set else cookie will not be set.

3
Accessing A Cookie
  • Once created,cookie values are automatically
    available to PHP scripts as a variable having the
    same name as the cookie.
  • Eg. echo the current user is username
  • Php associative array _COOKIE contain the value
    of every current cookie
  • Foreach (_COOKIE as name value) echo

    name value

4
Cookie examples
  • value 'something from somewhere'
  • setcookie ("TestCookie", value)
  • setcookie ("TestCookie",
    value,time()3600) / expire in 1 hour /
  • setcookie ("TestCookie",
    value,time()3600, "/rasmus/", ".example.com",
    1)
  • ?
  • echo _COOKIE"TestCookie"
  • echo HTTP_COOKIE_VARS"TestCookie"
    / old style /
  • ?

5
Deleting a Cookie
  • Automatically deleted after expiration time
  • Can manually delete by setting negative time
  • setcookie(username,,time()-3600)
  • Other cookie options
  • setcookie(name,value,expire,path,domain,secure)
  • pathwhich scripts have access to cookie values?.
    By default, any script in the current server
    directory downward have access. Parent directory
    doesnt.

6
Other cookie options
  • domain by default, a cookie is only available
    to scripts on the current web server. Specify a
    domain name for other servers. NOTE that some
    browsers need at least two dots in the domain
    name (Netscape).
  • secure how cookies are sent.
  • 1 https (secure connection)
  • 0 http (normal connection) php has Mcrypt
    functions.
  • Eg.setcookie(username,jceddia,time()3600,/we
    broot,http//www.csse.monash.edu.au,0)

7
Redirection
  • Once login data is captured/validated then want
    to go to a new page.
  • Header(Location URL)
  • header("Location http//sng.its.monash.edu.au77
    77/p-6-2.html")
  • Or header("Locationfilename) if on same server
  • General technique
  • Site start page login page
  • Login page validates user and set cookies
  • Redirect to new page
  • New page uses cookie data to access DB info

8
Sessions
  • What if user disables cookies? Need to store data
    on the server. This is done in session variables.
  • A session variable is a regular global variable
    that, when registered as a session variable,
    keeps its value on all pages that use PHP4
    sessions.
  • To register a session variable
  • assign a value to a variable that is to become a
    session variable
  • mysessvar somevalue
  • and call
  • session_register(mysessvar").
  • On all subsequent pages that use sessions (by
    calling session_start()), the variable mysessvar
    will have the value assigned to it.

9
Session cont.
  • A visitor accessing your web site is assigned an
    unique id, the so-called session id. This is
    either stored in a cookie on the user side or is
    propagated in the URL.
  • The session support allows you to register
    arbitrary numbers of variables to be preserved
    across requests. When a visitor accesses your
    site, PHP will check automatically (if
    session.auto_start is set to 1) or on your
    request (explicitly through session_start() or
    implicitly through session_register()) whether a
    specific session id has been sent with the
    request. If this is the case, the prior saved
    environment is recreated.
  • All registered variables are serialized after the
    request finishes. Registered variables which are
    undefined are marked as being not defined. On
    subsequent accesses, these are not defined by the
    session module unless the user defines them
    later.

10
  • The track_vars and register_globals configuration
    settings influence how the session variables get
    stored and restored.
  • Note As of PHP 4.0.3, track_vars is always
    turned on.
  • Note As of PHP 4.1.0, _SESSION is available as
    global variable just like _POST, _GET,
    _REQUEST and so on. Not like HTTP_SESSION_VARS,
    _SESSION is always global. Therefore, global
    should not be used for _SESSION.
  • If register_globals is enabled, then all global
    variables can be registered as session variables
    and the session variables will be restored to
    corresponding global variables. Since PHP must
    know which global variables are registered as
    session variables, users must register variables
    with session_register() function while
    HTTP_SESSION_VARS/_SESSION do not need to use
    session_register().
  • See php manual for further explanation of
    track_vars and register_globals

11
  • Example 1. Registering a variable with track_vars
    enabled
  • if (isset(HTTP_SESSION_VARS'count'))
    HTTP_SESSION_VARS'count'
  • else
  • HTTP_SESSION_VARS'count' 0
  • ?
  • Use of _SESSION (or HTTP_SESSION_VARS with PHP
    4.0.6 or less) is recommended for security and
    code readablity.
  • Disabling register_globals is recommended for
    both security and performance reason.

12
  • With _SESSION or HTTP_SESSION_VARS, there is no
    need to use session_register() or
    session_unregister() or session_is_registered()
    functions. Users can access session variables
    like a normal variables.
  • Example 2. Registering a variable with _SESSION.
  • less
  • if (!isset(_SESSION'count'))
  • _SESSION'count' 0
  • else _SESSION'count'
  • ?

13
  • Example 3. Unregistering a variable with
    _SESSION.
  • // Use HTTP_SESSION_VARS with PHP 4.0.6 or less
  • unset(_SESSION'count')
  • ?

14
Session Ids.
  • There are two methods to propagate a session id
  • Cookies
  • URL parameter
  • The session module supports both methods. Cookies
    are optimal, but since they are not reliable
    (clients are not bound to accept them), we cannot
    rely on them. The second method embeds the
    session id directly into URLs.
  • PHP is capable of doing this transparently when
    compiled with --enable-trans-sid. If you enable
    this option, relative URIs will be changed to
    contain the session id automatically.
    Alternatively, you can use the constant SID which
    is defined, if the client did not send the
    appropriate cookie. SID is either of the form
    session_namesession_id or is an empty string.

15
Sids
  • The following example demonstrates how to
    register a variable, and how to link correctly to
    another page using SID.
  • Example 5. Counting the number of hits of a
    single user
  • if (!session_is_registered('
    count'))
  • session_register('count'
    )
  • count 1
  • else
  • count
  • ?
  • Hello visitor, you have seen this page echo count ? times.

16
Sids cont.
  • the
    ( can be used if short tag is enabled)
  • is necessary to preserve
    the session id
  • in the case that the user
    has disabled cookies
  • ?
  • To continue, SID?"click here
  • The is not necessary, if
    --enable-trans-sid was used to compile PHP.
    Note Non-relative URLs are
    assumed to point to external sites and hence
    don't append the SID, as it
    would be a security risk to leak the SID to a
    different server.

17
Session functions
  • session_start -- Initialize session data
  • session_destroy -- Destroys all data registered
    to a session
  • session_name -- Get and/or set the current
    session name
  • session_module_name -- Get and/or set the current
    session module
  • session_save_path -- Get and/or set the current
    session save path
  • session_id -- Get and/or set the current session
    id
  • session_register -- Register one or more
    variables with the current session
  • session_unregister -- Unregister a variable from
    the current session
  • session_unset -- Free all session variables
  • session_is_registered -- Find out if a variable
    is registered in a session
  • session_get_cookie_params -- Get the session
    cookie parameters
  • session_set_cookie_params -- Set the session
    cookie parameters
  • session_decode -- Decodes session data from a
    string
  • session_encode -- Encodes the current session
    data as a string
  • session_set_save_handler -- Sets user-level
    session storage functions
  • session_cache_limiter -- Get and/or set the
    current cache limiter
  • session_cache_expire -- Return current cache
    expire
  • session_write_close -- Write session data and end
    session

18
Session_start()
  • All pages that uses PHP4 sessions must call the
    function session_start() to tell the PHP4 engine
    to load session related information into memory.
    The session_start() function tries to find the
    session id in the cookie field or the request
    parameters for the current HTTP request. If it
    cannot find the session id, a new session is
    created.

19
Session_register()
  • The first example (page1.php)
  • session_start()
  • my_session_variable "some value"
  • session_register("my_session_variable")
  • ?
  • //may also use _SESSIONmy_session_var'
    somevalue

20
  • What this does is that it registers the variable
    my_session_variable as a session variable. This
    means that the variable will be alive (keep it's
    value) across page-accesses, as long as you call
    the session_start() function on all pages that
    need access to the my_session_variable variable. 
  • Example 2 (page2.php)
  •  
  • session_start()
  • print "Value of 'my_session_variable'
  • my_session_variable"
  • ?

21
  • Using session variables for authentication in
    conjunction with a database . Create a login-page
    gives the user a userid and password form and
    posts to another PHP page (this example uses
    mysql)  
  • session_start()
  • if (userid password)
  • res mysql_query("SELECT userid FROM users
    WHERE userid'userid' AND password'password'")
  • if(mysql_num_rows(res) ! 0)
  • verified_user userid
  • session_register("verified_user")
  • Header("Location your_main_page.php")
  • ?  
  • Now, on 'your_main_page.php', you call
    session_start() and then you can check the
    verified_user variable to see if the user has
    been authenticated (and who he is). Other uses
    for session variables, easing database load by
    caching certain values in the session rather than
    reading them from the database on each page
    access.

22
Example 2 register user
  • Any variable that you manipulate in a function
    must be declared global if you want to store it
    in the session, and any session variable that you
    need access to must be declared global. For
    example,
  • session_start()
  • function confirmUserLogin (postLoginUrl) //
    Function to check login
  • // To get access to this session var,
    I must declare it global.
  • global
    session_userID
  • if (!IsSet(session_us
    erID))
  • session_register('s
    ession_post_login_page')
  • // To set this session var, I must declare
    it global.
  • global
    session_post_login_page
  • session_post_login
    _page postLoginUrl
  • redirect("/login/")

23
Destroying a session - _SESSION
  • // Initialize the session.
  • session_start()
  • // Unset all of the session variables.
  • _SESSION array()
  • // Finally, destroy the session.
  • session_destroy()
  • ?
  • See example by Christopher Fryer.

24
Templates
  • Templates allow the separation of php code from
    html
  • Useful on large sites where graphic designers
    manipulate html and php programmers write code
  • Sample Template
  • The answer to todays question is ANSWER.
  • ANSWER is a template variable which is
    evaluated when the page is fetched

25
To Use Templates - do
  • Create a template file
  • Create a php script that fills in the template by
  • Instantiate a template object (template.inc)
  • Associate a template variable with the template
    file (.tpl extension)
  • Assign values to template variables (
  • Parse the template variable associated with the
    template file
  • Print the value of the template containing the
    result.

26
Template Example.
  • Assume that there is a template in the
    /home/mydir/mytemplates/ named MyTemplate.tpl
    that has some text that reads something like
    this  
  • Congratulations! You won a new some_color Book!
  •  "some_color" has curly braces around it. The
    curly braces indicate that some_color is a
    template variable. A PHP script that will load
    the template, insert the value of the PHP
    variable my_color where the some_color
    template variable tag is, and then output the new
    text. If my_color happens to be set to "blue",
    the final output should look like
  •  
  • Congratulations! You won a new blue Book!

27
Template Example cont.
  • include "template.inc"  
  • my_color "blue" // we'll use this later 
  • t new Template("/home/mydir/mytemplates/")
  • // create a template object named t
  • t-set_file("MyFileHandle","MyTemplate.tpl")
  • // set MyFileHandle our template file
  • t-set_var("some_color",my_color)
  • // set template variable some_color
    my_color value
  • t-parse("MyOutput","MyFileHandle")
  • // set template variable MyOutput parsed
    file
  • t-p("MyOutput") // output the value of
    MyOutput (our parsed data) 
  • ?

28
Template Example cont.
  • NOTE The path ("/home/mydir/mytemplates/") in
    the Template constructor call sets the root path
    where your templates are located, but if you
    leave it out it defaults to the same directory as
    your PHP script.
  • Nothing is output to the web server until
    p("MyOutput") is called, which outputs the
  • final parsed text.

29
Nested Templates
  • A feature of the parse() function is that the
    MyOutput handle that it created is actually a
    template variable, just as some_color is a
    template variable. So if you have another
    template with a MyOutput tag, when you parse
    that second template, all of the MyOutput tags
    will be replaced with the parsed text from
    MyOutput. This lets you embed the text of one
    template file into another template. So, we could
    have another template called wholePage.tpl that
    contains the text  
  • Sorry you didn't win. But if you had won, we
    would have told you MyOutput
  • And after wholePage.tpl is parsed, the final
    output would be  
  • Sorry you didn't win. But if you had won, we
    would have told you Congratulations! You won a
    new blue Book!

30
Nested template example
  • t new Template("/home/mydir/mytemplates/")
  • // These three lines are the same as the first
    example
  • t-set_file("MyFileHandle","MyTemplate.tpl")
  • t-set_var("some_color",my_color)
  • t-parse("MyOutput","MyFileHandle")
  • // (Note that we don't call p()
  • //here, so nothing gets output yet.)
  • // Now parse a second template
  • t-set_file("WholeHandle","wholePage.tpl")
  • // wholePage.ihtml has "MyOutput" in it
  • t-parse("MyFinalOutput","WholeHandle")
  • // All MyOutput's get replaced
  • t-p("MyFinalOutput")
  • // output the value of MyFinalOutput
  • ?

31
Template Array parameters
  • parse() and p() can be combined using the shorter
    function pparse() replacing the last two lines
    with
  • The functions set_file() and set_var() can also
    accept multiple sets of values at a time by
    passing an array of handle/value pairs. Here are
    examples  
  •  t-set_file(array(
  • "pageOneHandle" "pageone.tpl",
  • "pageTwoHandle" "pagetwo.tpl"))
  • t-set_var(array(
  • "last_name" "Gates",
  • "first_name" "Bill",
  • "net_worth" reallybignumber))
  •  ?

32
Appending Template Text
  • A third parameter that you can pass to parse()
    and pparse() if you want to append data to the
    template variable rather than overwrite it.
    Simply call parse() or pparse() with the third
    parameter as true, such as  
  • parse("MyOutput","MyFileHandle", true)
    ?
  •  If MyOutput already contains data, MyFileHandle
    will be parsed and appended onto the existing
    data in MyOutput. This technique is useful if you
    have a template where you want the same text to
    be repeated multiple times, such as listing
    multiple rows of results from a database query.

33
Example
  • t new Template("/home/mydir/mytemplates/")
  • t-set_file(array(
  • "mainpage" "mainpage.tpl",
  • "each_element" "each_element.tpl"))
  • reset(myArray)
  • while (list(elementName, elementValue)
    each(myArray))
  • // Set 'value' and 'name' to each element's
    value and name
  • t-set_var("name",elementName)
  • t-set_var("value",elementValue)
  • // Append copies of each_element
  • t-parse("array_elements","each_element",true)
  • t-pparse("output","mainpage")
  • ?

34
Example cont.
  • This example uses two templates, mainpage.tpl and
    each_element.tpl. The mainpage.tpl template could
    look something like this  
  • Here is the array
  • array_elements
  •  The array_elements tag above will be replaced
    with copies of each_element.tpl, which is
    repeated for each element of the array
    (myArray). The
  • each_element.tpl template might look like this
  •   name value
  •  The result is a formatted table of the elements
    of myArray.

35
Constructing a complete web site
  • A typical web page includes elements such as
  • Headers appear at the top of the page
  • Navigation bar below the header or on LHS of
    page
  • Content in the center of the page
  • Footers at the bottom of the page
  • For consistency across the whole site it is usual
    to create a template that describes each
    element and an additional template file
    describing the way these elements are combined.

36
Example - Std.tpl
  • title
  • header
  • leftnav
  • content

37
Example - header.tpl
  • The Generic Web Site


38
Example - leftnav.tpl

  • Home

  • Function 1

  • Function 2


  • Logout

39
Example - index.tpl
  • Welcome to the
    title!


  • This is where you'll find information about
    absolutely nothing.
  • We're so sure you won't find anything of interest
    here, we'll
  • pay you if you can show us we're wrong.

40
Example - index.php
  • include 'template.inc'
  • tpl new Template('.')
  • //assume the templates are in the current
    directory
  • tpl-set_file(array('std' 'std.tpl',
  • 'header' 'header.tpl',
  • 'leftnav''leftnav.tpl',
  • 'content''index.tpl'))
  • tpl-set_var('title', 'Generic Web Site')
  • tpl-parse('header', 'header')
  • tpl-parse('leftnav', 'leftnav')
  • tpl-parse('content', 'content')
  • tpl-parse('DUMMY', 'std')
  • tpl-p('DUMMY')
  • ?
Write a Comment
User Comments (0)
About PowerShow.com