Programming for the Web Cookies & Sessions Dónal Mulligan BSc MA

Introducing Cookies Cookies allow information to be passed to and stored in a browser for repeated access by a domain until an expiry date Cookies comprise named (string) variables with assigned values: username=donalmulligan Cookies allow settings, user choices, or other useful data to be set initially and referenced throughout a site E.g. Stored login details

And sessions… A session is a particular application of cookie use by PHP, which allows information to be stored in a superglobal array and accessed for the duration the user is navigating a site Sessions are a sensible way to preserve data across one instance of browsing a site and are lost when the browser is closed

Cookies – Last until their expiry date and can be accessed repeatedly – Can be set by the client (in a html meta tag, in some JavaScript) or by the server (PHP script) Sessions – Last until the browser is closed, limiting their storage to one period of access – Set by the server (PHP function)

Why are they used? Differentiate users and maintain data related to the user Allowing users to log in to a website Personalization based on the users' preferences Track users across a website

Restrictions on cookies Cannot set a cookie for another domain – E.g. dcu.ie cannot set a value for ucd.ie The cookie HTTP header is limited to 4K Totalamount of cookies from a given domain is limited (20) and total cookies stored is limited by browser Browser must support cookies and they must be enabled

Cookie parameters Name & Value in the format: name=value – This is the only required parameter – E.g. username=donalmulligan Expiry Date in the format: expires=date – Date format: Wdy, DD-Mon-YYYY HH:MM:SS GMT Domain in the format: domain=domain_name – E.g. domain =.dcu.ie Path of the subdirectories affected – E.g. path=/ or path=/info/ Security of connection toggling whether the cookie is only accepted via https

Example cookie class=mma3; expires=Tuesday, 31-Dec :59:59 GMT; path=/; domain=.dcu.ie; secure

Creating a cookie HTML meta tag – Javascript – document.cookie=cookie_name+"="+cookie_ value+"; expires=Wednesday, 31-Dec :00:00 GMT”; PHP – setcookie()

Deleting a cookie Set the cookie’s value to null Change the expiration date to a time in the past, prompting the browser to delete it

PHP setcookie() The setcookie() function expects at least two parameters for the name and value and can also specify the expiry (using a timestamp) and other parameters. Must be set before any other content is sent to the broswer setcookie(“username”,”donal”,time()+3600);

But why use cookies when you can use sessions?!

PHP sessions So much more than just a cookie! Actually, it is just a cookie – containing a unique session id number (SID) which identifies the session PHP associates this SID with data that it stores on the server This allows a whole array of data to be stored on the server and recalled using a cookie

How to use sessions The session_start() function starts or resumes a session Data can then be loaded into a $_SESSION array or recalled from the existing one: – $_SESSION[‘username’]=“donal”; – echo $_SESSION[‘colour_pref’]; The session will terminate when the browser closes or can be ended using the session_destroy() function