Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web Database Programming Week 7 Session Management & Authentication.

Published byAugustine Goodman Modified over 8 years ago

Similar presentations

Presentation on theme: "Web Database Programming Week 7 Session Management & Authentication."— Presentation transcript:

1 Web Database Programming Week 7 Session Management & Authentication

2 Session HTTP is stateless –Each HTTP request is unrelated to one another Many Web applications need to retain State across HTTP requests –E.g. Shopping cart A Session defines an identifiable sequence of interactions between a particular client and a server

3 Session Components Session Identifier (SessionID) –Uniquely identify a session Session variables –Store information related to a session, I.e. retain state across HTTP requests –E.g. content of shopping cart

4 SessionID Is transmitted between client and server with each HTTP request or response Be default, transmitted as cookie (part of the HTTP header) –Stored in Web browser –E.g. “ C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Cookie:administrator@www.fedex.com/ ” If cookie is disabled –Put PHPSESSID (32 hex digits) in URL –E.g. http://www.xyz.com/demo.php?PHPSESSID =be20081806199800da22e243ef239391

5 Session Variables Stored in Web server Each session has its own set of session variables –In PHP, each session has a session file –E.g. My shopping cart vs. your shopping cart In PHP, access by $_SESSION[“variableName”]

6 Session Illustration

7 PHP Session Management session_start() –If no session exists Create a new sessionID and a session file to store session variables on the server Send a cookie to browser with the sessionID –If session exists (the sessionID in the cookie sent by browser matches a sessionID on server) Session variables in the session file will be loaded NOTE: this function must be called before any HTML output

8 PHP Session Management isset($_SESSION[“variableName”]) –Check if the session variable exists unset($_SESSION[“variableName”]) –Remove the session variable $_SESSION = arry(); –Remove all session variable session_destory(); –Remove the session file from the server –Note, cookie is still in browser

9 Authentication Check a username, password pair before grant access –Web server configuration files –Using database HTTP Authentication –In HTTP header Form-Based Authentication –Username, password sent as form variables May need to use SSL for encryption

10 Authentication and Session Authenticate once –Form-based Use session to retain the authenticated status Until user destroys the session (logout) or session timeout

11 Authentication Script Include it at the beginning of each PHP page that needs authentication

Download ppt "Web Database Programming Week 7 Session Management & Authentication."

Similar presentations

LIS651 lecture 3 taming PHP Thomas Krichel 2007-04-15.

LIS651 lecture 3 taming PHP Thomas Krichel
LIS651 lecture 3 functions & sessions Thomas Krichel 2008-11-08.

LIS651 lecture 3 functions & sessions Thomas Krichel
Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.

Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.

Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.
>> PHP: Access Control & Security. Authentication: Source Authentication Source Hard-coded File-Based The username and password is available inside the.

>> PHP: Access Control & Security. Authentication: Source Authentication Source Hard-coded File-Based The username and password is available inside the.
CIS 451: ASP Sessions and Applications Dr. Ralph D. Westfall January, 2009.

CIS 451: ASP Sessions and Applications Dr. Ralph D. Westfall January, 2009.
Chapter 10 Managing State Information Using Sessions.

Chapter 10 Managing State Information Using Sessions.
CSE 190: Internet E-Commerce Exam 2 Sample Questions.

CSE 190: Internet E-Commerce Exam 2 Sample Questions.
Multiple Tiers in Action

Multiple Tiers in Action
CSE 154 LECTURE 13: SESSIONS. Expiration / persistent cookies setcookie(name, value, expiration); PHP $expireTime = time() + 60*60*24*7; # 1 week.

CSE 154 LECTURE 13: SESSIONS. Expiration / persistent cookies setcookie("name", "value", expiration); PHP $expireTime = time() + 60*60*24*7; # 1 week.
Php cookies & sessions.

Php cookies & sessions.
1 The World Wide Web. 2  Web Fundamentals  Pages are defined by the Hypertext Markup Language (HTML) and contain text, graphics, audio, video and software.

1 The World Wide Web. 2  Web Fundamentals  Pages are defined by the Hypertext Markup Language (HTML) and contain text, graphics, audio, video and software.
CGI Programming: Part 1. What is CGI? CGI = Common Gateway Interface Provides a standardized way for web browsers to: –Call programs on a server. –Pass.

CGI Programming: Part 1. What is CGI? CGI = Common Gateway Interface Provides a standardized way for web browsers to: –Call programs on a server. –Pass.
Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.

Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.

Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.
Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.

Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.
CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.

CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.
CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.

CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.
PHP Hypertext PreProcessor. Documentation Available www.php.netwww.w3schools.com SAMS books O’Reilly Books.

PHP Hypertext PreProcessor. Documentation Available SAMS books O’Reilly Books.
Chapter 5 Java Servlets. Objectives Explain the nature of a servlet and its operation Use the appropriate servlet methods in a web application Code the.

Chapter 5 Java Servlets. Objectives Explain the nature of a servlet and its operation Use the appropriate servlet methods in a web application Code the.

Similar presentations

Ads by Google