1. Cookies & Session Web Technology

2. Introduction
HTTP is stateless and cannot keep information over a series of accesses.
We need to let the server know that this browser is the one that works on the previous page
This user is still looking for more products after some he just selected.
We need some mechanism to provide memory for a web server
Cookies: Browser stores information on client’s side
Session: Server carries over the information for the browser.

3. What Are Cookies?
Cookies were developed to maintain state between subsequent visits to a webpage, or between visits to different pages within a website.
Cookies enable web servers to store and retrieve data on the clients hard drive.
Webapp can track a clients path through a website.
E-commerce may store items selected by a customer.
A membership site might remember an ID for every use
Cookies can be used to store data on client.

4. Cookies Restrictions Scope of Cookies
Expiry information (e.g. 01/01/2004, 03:00:00)
Path information (e.g. /cgi-bin/php)
Domain information (e.g. webserver.com)
A secure parameter (cookies are sent only over secure channel (i.e. HTTPS)
Parameter Name
Default Value
path
“/” (all directories on the server)
Domain
The domain of server that set the cookies
Expire information
Until the browser is closed.
Secure
Disabled

5. Our First Cookie <? $_COOKIE['count']++;
setcookie("count", $_COOKIE['count'] );
$count = $_COOKIE['count'];
echo "You have been here $count ".($count>1?"times":"time");
?>
<?
echo “ABC”;
$_COOKIE['count']++;
setcookie("count", $_COOKIE['count'] );
$count = $_COOKIE['count'];
echo "You have been here $count ".($count>1?"times":"time");
?>
ABC Warning: Cannot modify header information - headers already sent by
(output started at C:\AppServ\www\webtech\cookie\index.php:2) in C:\xxx\index.php on line 4

6. setcookie() Function cookiename: value to be used for accessing cookie
value: value to be stored in cookiename
lifetime: time when cookie will expire (unit in seconds since the start of cookie)
path: subset of paths for which cookie is valid
domain: which servers cookie will be sent
secure: prevent cookies being sent over an insecure connection (standard HTTP)
int setcookie(string cookiename, string [value], int [lifetime], string [path],
string [domain], int [secure];

7. Setting Cookies Setting cookie expiration Setting cookie path
Setting cookie domain
$expt = time()+60;
setcookie("count", $count, $expt); //Cookie’s life is 60 seconds (1 minute)
setcookie("count", $count, 0, “./webtech”); // Allowing to use cookies // under director “webtech”
setcookie("count", $count, 0, “./”, “.ced.kmutnb.ac.th”);
// Allowing to access any directories on any server that ends with “ced.kmutnb.ac.th”

8. Delete Cookies Set nothing to cookie name will delete it
If we want to delete the previous one and create it again, the order is confusing like this
<?
setcookie("username");
?>
<?
//set the new one
setcookie("username", "Joe");
//delete the old one
setcookie("username");
?>

9. Check for Cookie Support
<?
if(empty($_GET['check'])) {
//1. Set cookie and redirect to itself
$page = $PHP_SELF."?check=1";
setcookie("testcookie", "1"); // set cookie
header("Location: $page"); //redirect to itself with check variable
} else {
//2. Check if the test cookie is set
if(empty($_COOKIE['testcookie'])) {
echo "Your browser does not support cookie. Please enable cookies.";
}else {
echo "Your browser supports cookies, OK.";
setcookie("testcookie"); // Delete test cookie, then redirect
//header("Location: mainpage.php"); //Redirect to the page we wish }
?>

10. Cookies & Session Web Technology

11. Session Sessions use a cookie called PHPSESSID
When a session starts, PHP checks for this cookie and sets it if it doesn't exist
PHPSESSID cookie is a random alphanumeric string.
Each web client gets a different session ID,
session ID in the PHPSESSID cookie identifies that web client uniquely to the server.
We can create session variables to store information and carry it over until the session ends or browser is closed.

12. Store and Retrieve Information
Session data is stored in the $_SESSION array
We use session_start() to initiate a session
To end a session, we use session_destroy() or close browser).
<?
session_start( ); // start a session
$_SESSION['count'] = $_SESSION['count'] + 1;
print "You've looked at this page " . $_SESSION['count'] . ' times.';
?>
<?
session_destroy( ); // End the session
?>

13. Login Page

14. Using Session Variable for Login Page
<?
session_start();
if(isset($_SESSION['tct'])) session_destroy();
if($_POST['submit']=="Login") {
if($_POST['txtUser']=="tct" && $_POST['txtPass']=="tct")
$_SESSION['tct'] = "OK";
header('Location: menu.php'); }
$_SESSION['tct'] = "FAILED";
?>
<html><head><title>Login Page</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<form action="<? echo $_SERVER["PHP_SELF"]; ?>" method="post">
…………………See Next Slide………………..

15. Using Session Variable for Login Page (Cont.)
<table width="20%" border="1" align="center">
<tr>
<td width="14%"><strong>User</strong></td>
<td width="86%"><input type="text" name="txtUser" value=""></td>
</tr>
<td><strong>Passwd</strong></td>
<td><input type="password" name="txtPass" value=""></td>
<td colspan="2" align="center"><input type="reset" value="Cancel"><input type="submit" name="submit" value="Login"></td>
</table>
</form>
</body>
</html>

16. Checking Successful Login
All pages that are under login control must include this piece of code at the top of the page. (xxx.php);
<?
session_start();
if(!isset($_SESSION['tct'])) {
header( 'Location: login.php' ) ; }
?>
Note: This code is saved under chk_login.php.

17. Menu Page Under Login Control
<?
include('chk_login.php'); //
?>
<html>
<head>
<title>Menu</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<a href="
<a href="login.php">Logout</a>
echo $_REQUEST['PHPSESSID']."<HR>";
</body>
</html>