IntroductionOverviewUsing cookiesUsing sessionsPHP: Cookies and SessionsIntroductionThis document describes how to store state information between pages via cookies and sessions.OverviewCookies are small files that exist on the client’s computer, which store information that a Web site can access. Cookies allow state information to be stored locally, meaning that context between pages can exist in a separate file rather than being passed as part of the URL. Sessions can be thought of as “server-side cookies:” the information is stored on the Web server because of the potential for cookies to be altered on the client’s machine. Sessions are implemented via cookies, where a cookie holds a value that allows the server to identify a particular client. Here are some general attributes about cookies:- Data can be stored for long periods of time. For example, cookie data can exist after the user closes his/her Web browser.- Synchronization of data within Web server clusters, where multiple servers handle requests, is not needed.- Information can be accessed on the client-side via JavaScript.Likewise, here are some general attributes about sessions:- Information is stored on the server and is thus protected from client manipulation.- Session data does not need to be transmitted with each page request; only the session identifier is required.- Session sizes are limited by the server rather than the user’s Web browser.Using cookiesCookies have a minimum of three attributes: name, value, and expiration time (i.e., time after which the cookie’s data will no longer be valid). Use the setcookie() function to provide values for these three attributes:setcookie(username, "dknuth", time() + 86400);The above example creates a cookie named username with a value of dknuth, and will expire in 86400 seconds (24 hours) after the page has been loaded. The setcookie() function has three additional parameters:- Availability path. The directory in which the cookie is available. The default availability path is /, meaning the cookie is available over the entire site. An availability path of /foo/ means the cookie will only be available in the foo directory and its subdirectories.- Domain. The subdomain in which the cookie is available. For example a domain of secure.programmingisfun.net will make the cookie available there but not in www.programmingisfun.net. To make a cookie available in both domains, a domain of .programmingisfun.net should be used. The default value for the domain is the empty string, meaning that the cookie is available from any domain.- Secure connection. An indicator of whether the cookie must only be sent through a secure HTTPS connection or not. The default value is zero, indicating HTTP or HTTPS are acceptable; a value of one indicates that only HTTPS can be used.Cookie data is accessed via the superglobal $_COOKIE, where the key is the cookie name.if(isset($_COOKIE['username'])) print "Welcome, $_COOKIE['username']!\n";else print "Welcome, guest!\n";The structure of HTTP requires that cookie information be part of the header information, as opposed to the “body” information, which actually contains the page markup. When setting a cookie, the Web server includes header data for that cookie; therefore, calls to setcookie() must occur before you being sending page markup.Cookie data is sent to the Web server each time a user visits a particular page. If your PHP code sets a cookie, that cookie will not be available on the first rendering of the page. The reason is because the cookie data is not part of the HTTP request for that page. However, the next time that page is loaded, the cookie data will be part of the HTTP request, and therefore the cookie can be accessed.Suppose you have the following PHP code and that the cookie named username does not exist.<?php setcookie("username","dknuth",time()+3600);?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <title>Programming is Fun!</title> </head> <body> <p>Welcome, <?php if (isset($_COOKIE['username'])) print "$_COOKIE['username']. "; else print "guest. "; ?> Enjoy your stay!</p> </body></html>The text displayed in the browser will be “Welcome, guest.” However, if the page is reloaded, the text displayed will be “Welcome, dknuth” because the cookie has been sent in the request (i.e., reload) of the page.To delete a cookie, re-set the cookie using an empty string as the value and a negative number as the expiration time.setcookie(username, "", -1); // Delete the cookie named 'username'Using sessionsTo begin a session, call the session_start() function. This function checks to see if the visitor sent a cookie with a sessionID. If such a cookie was sent, the session data is loaded into the superglobal $_SESSION; otherwise, a new session file and corresponding cookie are created.Just as cookies are accessed through the superglobal $_COOKIE, session variables are accessed through the superglobal $_SESSION:session_start();…print "Welcome, $_SESSION['username']!";Unlike cookies, session data is available as soon as it is set. To add session data – analogous to setting a cookie – assign a value to the $_SESSION variable. The following example assigns the string value "PHP" to the favlang session variable.$_SESSION['favlang'] = "PHP";A session lasts until the user closes his/her Web browser. To explicitly end a session, the $_SESSION array must be cleared and the session data on the Web server must be removed. Here is an example:session_start();$_SESSION = array();session_destroy();Note that the session_start() call is necessary to have any subsequent PHP code affect the users session. Without this callthe $_SESSION array will already be empty, and the session_destroy() call will not have any effect because the PHP code does not know that a session is in
View Full Document
Unlocking...