PHP Cookies and Sessions Introduction This document describes how to store state information between pages via cookies and sessions Overview Cookies are small files that exist on the client s computer which store information that a Web site can access Cookies allow state information to be stored locally meaning that context between pages can exist in a separate file rather than being passed as part of the URL Sessions can be thought of as server side cookies the information is stored on the Web server because of the potential for cookies to be altered on the client s machine Sessions are implemented via cookies where a cookie holds a value that allows the server to identify a particular client Here are some general attributes about cookies Data can be stored for long periods of time For example cookie data can exist after the user closes his her Web browser Synchronization of data within Web server clusters where multiple servers handle requests is not needed Information can be accessed on the client side via JavaScript Likewise here are some general attributes about sessions Information is stored on the server and is thus protected from client manipulation Session data does not need to be transmitted with each page request only the session identifier is required Session sizes are limited by the server rather than the user s Web browser Using cookies Cookies have a minimum of three attributes name value and expiration time i e time after which the cookie s data will no longer be valid Use the setcookie function to provide values for these three attributes setcookie username dknuth time 86400 The above example creates a cookie named username with a value of dknuth and will expire in 86400 seconds 24 hours after the page has been loaded The setcookie function has three additional parameters Availability path The directory in which the cookie is available The default availability path is meaning the cookie is available over the entire site An availability path of foo means the cookie will only be available in the foo directory and its subdirectories Domain The subdomain in which the cookie is available For example a domain of secure programmingisfun net will make the cookie available there but not in www programmingisfun net To make a cookie available in both domains a domain of programmingisfun net should be used The default value for the domain is the empty string meaning that the cookie is available from any domain Secure connection An indicator of whether the cookie must only be sent through a secure HTTPS connection or not The default value is zero indicating HTTP or HTTPS are acceptable a value of one indicates that only HTTPS can be used Cookie data is accessed via the superglobal COOKIE where the key is the cookie name if isset COOKIE username print Welcome COOKIE username n else print Welcome guest n The structure of HTTP requires that cookie information be part of the header information as opposed to the body information which actually contains the page markup When setting a cookie the Web server includes header data for that cookie therefore calls to setcookie must occur before you being sending page markup Cookie data is sent to the Web server each time a user visits a particular page If your PHP code sets a cookie that cookie will not be available on the first rendering of the page The reason is because the cookie data is not part of the HTTP request for that page However the next time that page is loaded the cookie data will be part of the HTTP request and therefore the cookie can be accessed Suppose you have the following PHP code and that the cookie named username does not exist php setcookie username dknuth time 3600 DOCTYPE html PUBLIC W3C DTD XHTML 1 0 Transitional EN http www w3 org TR xhtml1 DTD xhtml1 transitional dtd html xmlns http www w3 org 1999 xhtml head meta http equiv content type content text html charset utf 8 title Programming is Fun title head body p Welcome php if isset COOKIE username print COOKIE username else print guest Enjoy your stay p body html The text displayed in the browser will be Welcome guest However if the page is reloaded the text displayed will be Welcome dknuth because the cookie has been sent in the request i e reload of the page To delete a cookie re set the cookie using an empty string as the value and a negative number as the expiration time setcookie username 1 Delete the cookie named username Using sessions To begin a session call the session start function This function checks to see if the visitor sent a cookie with a session ID If such a cookie was sent the session data is loaded into the superglobal SESSION otherwise a new session file and corresponding cookie are created Just as cookies are accessed through the superglobal COOKIE session variables are accessed through the superglobal SESSION session start print Welcome SESSION username Unlike cookies session data is available as soon as it is set To add session data analogous to setting a cookie assign a value to the SESSION variable The following example assigns the string value PHP to the favlang session variable SESSION favlang PHP A session lasts until the user closes his her Web browser To explicitly end a session the SESSION array must be cleared and the session data on the Web server must be removed Here is an example session start SESSION array session destroy Note that the session start call is necessary to have any subsequent PHP code affect the users session Without this call the SESSION array will already be empty and the session destroy call will not have any effect because the PHP code does not know that a session is in progress
View Full Document
Unlocking...