php web techniques

8/3/2019 Php Web Techniques

http://slidepdf.com/reader/full/php-web-techniques 1/25

Maintaining State

• HTTP is a stateless protocol:

– Once a web server completes a client's request for a web page, the

connection between the two goes away.

– There is no way for a server to recognize that a sequence of requests

all originate from the same client.



Cookies

• A cookie is a bit of information that the server can give to a client. On

every subsequent request the client will give that information back to the

server, thus identifying itself.

• Each cookie on the user’s computer is connected to a particular domain.

• Each cookie be used to store up to 4KB of data.

• A maximum of 20 cookies can be stored on a user’s PC per domain.



Example1. User sends a request for page at www.example.com for the first

time.

page request



Example

2. Server sends back the page html to the browser AND stores some

data in a cookie on the user’s PC.

cookie data

html



Example

3. At the next page request for domain www.example.com, all

cookie data associated with this domain is sent too.

page request

cookie data



Set a cookie

setcookie(name[,value[,expire[, path[,domain[,secure]]]]])

• name = cookie name

• value = data to store (string)

• expire = UNIX timestamp when the cookie expires. Default cookie expires

when browser is closed.

• path = Path on the server within and below which the cookie is available on.

• domain = Domain to which the cookie is available for.

• secure = If cookie should be sent over HTTPS connection only. Default false.



Example

setcookie('name','Robert')

• Sets the cookie called name on the user’s PC containing the data

Robert .

• It will be available to all pages in the same directory or subdirectory

o e page a se e e au pa an oma n .

• It will expire and be deleted when the browser is closed (default

expire).



Example

setcookie('age','20',time()+60*60*24*30)

• Sets the cookie called age on the user’s PC containing the data 20.

• It will be available to all pages in the same directory or subdirectory

of the page that set it (the default path and domain).

.



Example

setcookie('gender','male',0,'/')

• Sets the cookie called gender on the user’s PC containing the data

male.

• It will be available within the entire domain that set it.

• It will expire and be deleted when the browser is closed.



Read cookie data

• All cookie data is available through the superglobal $_COOKIE:

$variable = $_COOKIE['cookie_name'];

or

$variable = $HTTP_COOKIE_VARS['cookie_name'];

• Example:

$age = $_COOKIE['age'];



Storing an array

• Only strings can be stored in Cookie files.

•

To store an array in a cookie, convert it to a string by using theserialize() PHP function.

• The array can be reconstructed using the unserialize() function once

it had been read back in.

• Note that cookie size is limited.



Delete a cookie

• To remove a cookie, simply overwrite the cookie with a new one

with an expiry time in the past.

setcookie('cookie_name','',time()-6000);



Note• As the setcookie command involves sending a HTTP header

response, it must be executed before any html is echoed to the

browser, including whitespace.

echoed

correct!

incorrect.

whitespacebeforesetcookie



Cookie Limitations

• The important thing to note is that some people browse with them

turned off .

e.g. in Fire Fox, Tools Options Privacy

• Cookies are stored client-side, so never trust them completely:

rd, .



What is session?

• A Session refers to all the request that a single client makes to a

server for some period of time.

• A session is specific to the user and for each user a new session is

created to track all the request from that user.



How do Sessions work?

• They are based on assigning each user a unique number called

session id.

e.g. 26fe536a534d3c7cde4297abb45e275a

• This session id is stored in a cookie, or passed in the URL between

pages w e e user rowses.

• The data to be stored (e.g. name, log-in state, etc.) is stored

securely server-side in a PHP superglobal, and referenced using the

session id.



Starting a Sessionsession_start();

• PHP does all the work: It looks for a valid session id in the $_COOKIE or

$_GET superglobals – if found it initializes the data. If none found, a new

session id is created.



Storing Session Data

• The $_SESSION super-global array can be used to store any

session data.

$_SESSION['name'] = $name;

$_SESSION['age'] = $age;



Reading Session Data

• Data is simply read back from the $_SESSION super-global array.

e.g.

$name = $_SESSION['name'];

' ' _



Session Propagation

• Sessions need to pass the session id between pages as a user

browses to track the session.

• It can do this in two ways:

– Cookie ro a ation

– URL propagation



Cookie Propagation• A cookie is stored on the users PC containing the session id.

• It is read in whenever session_start(); is called to initialize the

session.



URL Propagation

• The session id is propagated in the URL

…some_folder/index.php?sid=26fe536a534d3c7cde4297abb45e275a

• PHP provides a global constant to append the session id to any

internal links, SID.

<a href="nextpage.php?<?=SID?>">Next page</a>



Which one..?

• The default setup of a PHP server is to use both methods.

– it checks whether the user has cookies enabled.

– If cookies are on, PHP uses cookie propagation. If cookies are off

it uses URL propagation.



Destroying a Session• Often not required, but if we want to destroy a session:

// clear all session variables

$_SESSION = array();

e ete t e sess on coo e t ere s one

if (isset($_COOKIE[session_name()])) {

setcookie(session_name(),'',time()-42000,'/');

}

// destroy session

session_destroy();



Cookies Sessions

Limited storage space Practically unlimited space

Insecure storage client-side Reasonably securely stored server-side

User controlled No user control

php web techniques

Documents