Presentation is loading. Please wait.

Presentation is loading. Please wait.

ITM 352 - © Port,Kazman 1 ITM 352 Cookies. ITM 352 - © Port,Kazman 2 Problem… r How do you identify a particular user when they visit your site (or any.

Published byShannon Hill Modified over 8 years ago

Similar presentations

Presentation on theme: "ITM 352 - © Port,Kazman 1 ITM 352 Cookies. ITM 352 - © Port,Kazman 2 Problem… r How do you identify a particular user when they visit your site (or any."— Presentation transcript:

1 ITM 352 - © Port,Kazman 1 ITM 352 Cookies

2 ITM 352 - © Port,Kazman 2 Problem… r How do you identify a particular user when they visit your site (or any page on your site) without always passing it back and forth in HTML forms? r What if they leave your site then come back later and you don't want to make them identify them again? m E.g. username

3 ITM 352 - © Port,Kazman 3 Use a Cookie!

4 ITM 352 - © Port,Kazman 4 What is a cookie? r A cookie is a particular piece of data combined with a unique id that the server sends to the browser to store m Data is stored on the browser and can be requested by the server whenever the user visits r The data is set by you. Usually a user id, but sometimes other things. m Generally one piece of info per cookie r Only the server that sent the cookie can request it from a user's browser (it's handled via the server's URL and can be specialized to particular directories or pages on that server) r The user's browser manages cookie data m What is acceptable, where stored, when to send if requested, how long to keep m The browser can set a suggested expiration time, but no guarantees!

5 ITM 352 - © Port,Kazman 5 Sending a Cookie  To send a cookie you MUST call the set_cookie() function before anything is output to your web browser (just like the header() function).set_cookie() r Otherwise you will get the error below: m Warning: Cannot send session cookie - headers already sent by (output started at session_header_error/session_error.php:2) in session_header_error/session_error.php on line 3 m Warning: Cannot send session cache limiter - headers already sent (output started at session_header_error/session_error.php:2) in session_header_error/session_error.php on line 3

6 ITM 352 - © Port,Kazman 6 Sending a Cookie Examples /* If cookie is not set, set the username as a cookie to identify the user on the next visit. Make it expire in 1 hour */ $username = 'ITM352'; /* MUST BE DONE BEFORE ANY OUTPUT! */ if (!isset($_COOKIE["userid"])) setcookie("userid", $username, time()+3600 ); /* see if a cookie has been set and if so print it */ if (isset($_COOKIE["userid"])) echo $_COOKIE["userid"]; /* set the expiration date to one hour ago with empty data to request the browser to delete cookie */ setcookie ("userid", "", time() - 3600); Do Exercise 1

7 ITM 352 - © Port,Kazman 7 Cookie Considerations r Limitations m Users may delete cookies m Users may disallow cookies m Some browsers don't handle them well m Only good for small bits of data (but you can use multiple cookies) m Only identifies the browser the cookie sent to, not the actual user! (someone using another person's browser will be mistaken for that user) r The only way to be sure the user is authentic is to have them log in with a username and password r Be careful!  setcookie() will always send a new cookie to the browser. If you don't want to overwrite it, just check if it exists before writing.

8 ITM 352 Sessions

9 ITM 352 - © Port,Kazman 9 Problem… r How do you keep data about a particular user around when passing from page to page without always passing it back and forth in HTML forms? What if the user goes away from the site then comes back? m E.g. You might want to keep: user authentication info, shopping cart items, user preferences. (This is not a shared data problem as we have dealt with previously. The main problem is keeping and using individual data for multiple users.)

10 ITM 352 - © Port,Kazman 10 Answer: Use a Session! session page1 page2 page3 identify data identify server side browser side

11 ITM 352 - © Port,Kazman 11 User Sessions r Start a session m session_start(); r Destroy the session when you're done m session_destroy(); r There are more sophisticated things you can do, e.g: m Expire sessions, unregister particular variables, custom sessions storage, cookies, etc.

12 ITM 352 - © Port,Kazman 12 What is a Session? r A session is a particular set of data combined with a unique user id m Data is stored on the server and connected to the user by the session id r The data is set by you r At least the user id is stored on the user's browser as a cookie or as a URL query string or browser header data m Not great, but sometimes ok is to identify user by IP-address (and this is the default for sessions) r You must manage session data m What, where, when, how-long

13 ITM 352 - © Port,Kazman 13 Starting Sessions  To start a session you MUST call the session_start() function before anything is output to your web browser (just like the header() function). session_start() r Otherwise you get the error below: m Warning: Cannot send session cookie - headers already sent by (output started at session_header_error/session_error.php:2) in session_header_error/session_error.php on line 3 m Warning: Cannot send session cache limiter - headers already sent (output started at session_header_error/session_error.php:2) in session_header_error/session_error.php on line 3

14 ITM 352 - © Port,Kazman 14 Starting Sessions - 2 r You must use session_start() on any page that you wish to use session variables EVEN IF YOU HAVE ALREADY CALLED IT PREVIOUSLY!!!!!session_start() r You must also be sure the location where the session data will be stored is accessible (e.g. writable)  May have to specify with session_save_path(); Do Exercise 2

15 ITM 352 - © Port,Kazman 15 Registering Session Variables ** Important ** r Registered session variable values are static: they will only be set once when the corresponding variable is initialized. r If you want them to change dynamically along with changes to the variable, you must assign them a reference to the session variable (note the '&' in the code below): $aVarIdent = &$_SESSION['aVarIdent'];

16 ITM 352 - © Port,Kazman 16 Accessing Session Variables  Session variables are generally not automatically set in a page. You usually must access them from the $_SESSION array m $aVarIdent = $_SESSION['aVarIdent'];  $aVarIdent is local to the page only. To store it back in the session, you must use $_SESSION['aVarIdent'] = $aVarIdent; r If you want to directly affect changes, use references (create an alias) m $aVarIdent = &$_SESSION['aVarIdent'];

17 ITM 352 - © Port,Kazman 17 Example: User Page Hits <?php session_save_path('.'); session_start(); // No output before this! $hits = &$_SESSION['hitcount']; $hits++; /* Uncomment the line below if you want to remove the session and clear the registered variables. */ // session_destroy(); ?> You've hit this page times. "> Hit this page again

18 ITM 352 - © Port,Kazman 18 A Useful Bit of Code… foreach ($_SESSION as $sessVar => $value) $$sessVar = &$_SESSION[$sessVar]; r Converts all session values to variables (that are aliased to session values) r Note that you can register ANY data type for a session and PHP will automatically encode and decode it in a session for you! m $myArray = array(1,2,3,4); m $_SESSION['myArray'] = $myArray; Do Exercises 3-4

19 ITM 352 - © Port,Kazman 19 What's A Shopping Cart Anyway? r Any information that keeps track of what a particular user wants from page to page. m Quantities array corresponding to products array m "Order arrays" on a single array m A single Orders array with functions to add, remove, get individual orders r Being tied to a "particular user" this cries out for the use of sessions!

20 ITM 352 - © Port,Kazman 20 So What's a Shopping Cart? r A shopping cart holds information about a particular user's choices and preferences m Must be able to uniquely identify user for the time choices are being made and used m Must tie particular user choice data to unique id r E.g. BSimpson chooses: 2 large gumballs 0 medium gumballs 5 small gumballs

21 ITM 352 - © Port,Kazman 21 Shopping Cart Designs r Need to maintain the following data for each unique user's purchase: m Quantity of large gumballs m Quantity of medium gumballs m Quantity of small gumballs r First, choose a data structure to store each users data. Some examples m Associative arrays: array('large'=>2, 'med'=>0, 'small'=>5); m indexed arrays (assumes implicit order if gumball sizes): array(2, 0, 5); m Array Orders: $anOrder = new Order; $anOrder[] = array('large' => 2); $anOrder[]= array('med' => 0); $anOrder[] = array('small' => 5); m Strings: 'large:2, med:0, small:5'

22 ITM 352 - © Port,Kazman 22 Shopping Cart Designs (cont.) r Now need to tie user data to each unique users choices. m First, must have unique IDs for choices. Many ways to do this: r Use a unique user id r Use the IP address of the contacting system r Create a unique ID and pass it to the user's system as a cookie m Second, must tie unique ID to data structures and make this data persistent r Associative arrays, keys are IDs r Individual file with name as ID Do Exercise 5

23 ITM 352 - © Port,Kazman 23 Using Cookies for Login and Session ID <?php session_save_path('.'); // Use this to save the session between browser sessions session_id("Hits"); // Start the session. No output before this! session_start(); $hits = &$_SESSION['hitcount']; $hits++; /* Uncomment the line below if you want to remove the session * and clear the registered variables. */ // session_destroy(); ?> You've hit this page times. "> Hit this page again Be careful not to output anything after getting login! Do Exercise 6

Download ppt "ITM 352 - © Port,Kazman 1 ITM 352 Cookies. ITM 352 - © Port,Kazman 2 Problem… r How do you identify a particular user when they visit your site (or any."

Similar presentations

CookiesPHPMay-2007 : [‹#›] Maintaining State in PHP Part I - Cookies.

CookiesPHPMay-2007 : [‹#›] Maintaining State in PHP Part I - Cookies.
UFCE8V-20-3 Information Systems Development 3 (SHAPE HK)

UFCE8V-20-3 Information Systems Development 3 (SHAPE HK)
Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.

Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
PHP (2) – Functions, Arrays, Databases, email and sessions.

PHP (2) – Functions, Arrays, Databases, and sessions.
©2009 Justin C. Klein Keane PHP Code Auditing Session 7 Sessions and Cookies Justin C. Klein Keane

©2009 Justin C. Klein Keane PHP Code Auditing Session 7 Sessions and Cookies Justin C. Klein Keane
Chapter 10 Managing State Information PHP Programming with MySQL.

Chapter 10 Managing State Information PHP Programming with MySQL.
CSE 154 LECTURE 13: SESSIONS. Expiration / persistent cookies setcookie(name, value, expiration); PHP $expireTime = time() + 60*60*24*7; # 1 week.

CSE 154 LECTURE 13: SESSIONS. Expiration / persistent cookies setcookie("name", "value", expiration); PHP $expireTime = time() + 60*60*24*7; # 1 week.
Php cookies & sessions.

Php cookies & sessions.
Chapter 10 Maintaining State Information Using Cookies.

Chapter 10 Maintaining State Information Using Cookies.
Lecture 7 – Form processing (Part 2) SFDV3011 – Advanced Web Development 1.

Lecture 7 – Form processing (Part 2) SFDV3011 – Advanced Web Development 1.
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.

Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.
Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.

Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.
CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.

CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.
CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.

CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.
PHP Tutorial - Anas Jaghoub Chapter 2 Control Structures.

PHP Tutorial - Anas Jaghoub Chapter 2 Control Structures.
JavaScript, Fourth Edition

JavaScript, Fourth Edition
CSE 154 LECTURE 12: COOKIES. Including files: include include(filename); PHP include(header.html); include(shared-code.php); PHP inserts the entire.

CSE 154 LECTURE 12: COOKIES. Including files: include include("filename"); PHP include("header.html"); include("shared-code.php"); PHP inserts the entire.
CS453: State in Web Applications (Part 1) State in General Sessions (esp. in PHP) Prof. Tom Horton.

CS453: State in Web Applications (Part 1) State in General Sessions (esp. in PHP) Prof. Tom Horton.
269200 Web Programming Language Week 7 Dr. Ken Cosh Security, Sessions & Cookies.

Web Programming Language Week 7 Dr. Ken Cosh Security, Sessions & Cookies.
Chapter 8 Cookies And Security JavaScript, Third Edition.

Chapter 8 Cookies And Security JavaScript, Third Edition.

Similar presentations

Ads by Google