Cookies Cookies & Session Web Technology. Introduction HTTP is stateless and cannot keep information...
-
Upload
bartholomew-adams -
Category
Documents
-
view
215 -
download
2
Transcript of Cookies Cookies & Session Web Technology. Introduction HTTP is stateless and cannot keep information...
Cookies
Cookies & Session
Web Technology
Introduction
• HTTP is stateless and cannot keep information over a series of accesses.
• We need to let the server know that this browser is the one that works on the previous page – This user is still looking for more products after some he just
selected.
• We need some mechanism to provide memory for a web server– Cookies: Browser stores information on client’s side– Session: Server carries over the information for the browser.
What Are Cookies?
• Cookies were developed to maintain state between subsequent visits to a webpage, or between visits to different pages within a website.
• Cookies enable web servers to store and retrieve data on the clients hard drive.
• Webapp can track a clients path through a website.– E-commerce may store items selected by a customer.– A membership site might remember an ID for every use
Cookies can be used to store data on client.
Cookies Restrictions
• Scope of Cookies– Expiry information (e.g. 01/01/2004, 03:00:00)– Path information (e.g. /cgi-bin/php)– Domain information (e.g. webserver.com)– A secure parameter (cookies are sent only over secure channel
(i.e. HTTPS)
Parameter Name Default Value
path “/” (all directories on the server)
Domain The domain of server that set the cookies
Expire information Until the browser is closed.
Secure Disabled
Our First Cookie
<?$_COOKIE['count']++;setcookie("count", $_COOKIE['count'] );$count = $_COOKIE['count'];echo "You have been here $count ".($count>1?"times":"time");
?>
<?echo “ABC”;$_COOKIE['count']++;setcookie("count", $_COOKIE['count'] );$count = $_COOKIE['count'];echo "You have been here $count ".($count>1?"times":"time");
?>
ABCWarning: Cannot modify header information - headers already sent by (output started at C:\AppServ\www\webtech\cookie\index.php:2) in C:\xxx\index.php on line 4
setcookie() Function
• cookiename: value to be used for accessing cookie• value: value to be stored in cookiename• lifetime: time when cookie will expire (unit in seconds since
the start of cookie)• path: subset of paths for which cookie is valid• domain: which servers cookie will be sent• secure: prevent cookies being sent over an insecure
connection (standard HTTP)
int setcookie(string cookiename, string [value], int [lifetime], string [path], string [domain], int [secure];
Setting Cookies
• Setting cookie expiration
• Setting cookie path
• Setting cookie domain
$expt = time()+60;setcookie("count", $count, $expt); //Cookie’s life is 60 seconds (1 minute)
setcookie("count", $count, 0, “./webtech”); // Allowing to use cookies // under director “webtech”
setcookie("count", $count, 0, “./”, “.ced.kmutnb.ac.th”); // Allowing to access any directories on any server that ends with “ced.kmutnb.ac.th”
Delete Cookies
• Set nothing to cookie name will delete it
• If we want to delete the previous one and create it again, the order is confusing like this
<?//set the new onesetcookie("username", "Joe");//delete the old onesetcookie("username");
?>
<?setcookie("username");
?>
Check for Cookie Support
<?if(empty($_GET['check'])) { //1. Set cookie and redirect to itself $page = $PHP_SELF."?check=1"; setcookie("testcookie", "1"); // set cookie header("Location: $page"); //redirect to itself with check variable} else { //2. Check if the test cookie is set if(empty($_COOKIE['testcookie'])) { echo "Your browser does not support cookie. Please enable cookies."; }else { echo "Your browser supports cookies, OK."; setcookie("testcookie"); // Delete test cookie, then redirect //header("Location: mainpage.php"); //Redirect to the page we wish }}?>
Session
Cookies & Session
Web Technology
Session
• Sessions use a cookie called PHPSESSID• When a session starts, PHP checks for this cookie and
sets it if it doesn't exist• PHPSESSID cookie is a random alphanumeric string. • Each web client gets a different session ID,
– session ID in the PHPSESSID cookie identifies that web client uniquely to the server.
• We can create session variables to store information and carry it over until the session ends or browser is closed.
Store and Retrieve Information
• Session data is stored in the $_SESSION array• We use session_start() to initiate a session
• To end a session, we use session_destroy() or close browser).
<? session_start( ); // start a session $_SESSION['count'] = $_SESSION['count'] + 1; print "You've looked at this page " . $_SESSION['count'] . ' times.'; ?>
<? session_destroy( ); // End the session ?>
Login Page
Using Session Variable for Login Page
<?session_start();if(isset($_SESSION['tct'])) session_destroy();if($_POST['submit']=="Login"){
if($_POST['txtUser']=="tct" && $_POST['txtPass']=="tct"){
$_SESSION['tct'] = "OK";header('Location: menu.php');
}$_SESSION['tct'] = "FAILED";
}?><html><head><title>Login Page</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"></head><body><form action="<? echo $_SERVER["PHP_SELF"]; ?>" method="post">…………………See Next Slide………………..
Using Session Variable for Login Page (Cont.)
<table width="20%" border="1" align="center"> <tr> <td width="14%"><strong>User</strong></td> <td width="86%"><input type="text" name="txtUser" value=""></td> </tr> <tr> <td><strong>Passwd</strong></td> <td><input type="password" name="txtPass" value=""></td> </tr> <tr> <td colspan="2" align="center"><input type="reset" value="Cancel"><input type="submit" name="submit" value="Login"></td> </tr></table></form></body></html>
Checking Successful Login
• All pages that are under login control must include this piece of code at the top of the page. (xxx.php);
<?session_start();if(!isset($_SESSION['tct'])){
header( 'Location: login.php' ) ;}
?>
Note: This code is saved under chk_login.php.
Menu Page Under Login Control
<?include('chk_login.php'); //
?><html><head><title>Menu</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"></head><body>
<a href="http://www.sun.com">Sun</a><BR><a href="login.php">Logout</a>
<?echo $_REQUEST['PHPSESSID']."<HR>";
?></body></html>