0 Bewertungen0% fanden dieses Dokument nützlich (0 Abstimmungen)
397 Ansichten25 Seiten
Cookies are a bit of information that the server can give to a client. On every subsequent request the client will give that information back to the server. Each cookie can be used to store up to 4KB of data. A maximum of 20 cookies can be stored on a user's PC per domain.
Cookies are a bit of information that the server can give to a client. On every subsequent request the client will give that information back to the server. Each cookie can be used to store up to 4KB of data. A maximum of 20 cookies can be stored on a user's PC per domain.
Copyright:
Attribution Non-Commercial (BY-NC)
Verfügbare Formate
Als PDF, TXT herunterladen oder online auf Scribd lesen
Cookies are a bit of information that the server can give to a client. On every subsequent request the client will give that information back to the server. Each cookie can be used to store up to 4KB of data. A maximum of 20 cookies can be stored on a user's PC per domain.
Copyright:
Attribution Non-Commercial (BY-NC)
Verfügbare Formate
Als PDF, TXT herunterladen oder online auf Scribd lesen
Once a web server completes a client's request for a web page, the connection between the two goes away. There is no way for a server to recognize that a sequence of requests all originate from the same client.
Cookies A cookie is a bit of information that the server can give to a client. On every subsequent request the client will give that information back to the server, thus identifying itself. Each cookie on the users computer is connected to a particular domain. Each cookie be used to store up to 4KB of data. A maximum of 20 cookies can be stored on a users PC per domain.
Example 1. User sends a request for page at www.example.com for the first time. page request
Example 2. Server sends back the page html to the browser AND stores some data in a cookie on the users PC. cookie data html
Example 3. At the next page request for domain www.example.com, all cookie data associated with this domain is sent too. page request cookie data
Set a cookie setcookie(name[,value[,expire[,path[,domain[,secure]]]]]) name = cookie name value = data to store (string) expire = UNIX timestamp when the cookie expires. Default cookie expires when browser is closed. path = Path on the server within and below which the cookie is available on. domain = Domain to which the cookie is available for. secure = If cookie should be sent over HTTPS connection only. Default false.
Example setcookie('name','Robert') Sets the cookie called name on the users PC containing the data Robert. It will be available to all pages in the same directory or subdirectory of the page that set it (the default path and domain). of the page that set it (the default path and domain). It will expire and be deleted when the browser is closed (default expire).
Example setcookie('age','20',time()+60*60*24*30) Sets the cookie called age on the users PC containing the data 20. It will be available to all pages in the same directory or subdirectory of the page that set it (the default path and domain). It will expire and be deleted after 30 days. It will expire and be deleted after 30 days.
Example setcookie('gender','male',0,'/') Sets the cookie called gender on the users PC containing the data male. It will be available within the entire domain that set it. It will expire and be deleted when the browser is closed.
Read cookie data All cookie data is available through the superglobal $_COOKIE: $variable = $_COOKIE['cookie_name']; or $variable = $HTTP_COOKIE_VARS['cookie_name']; Example: $age = $_COOKIE['age'];
Storing an array Only strings can be stored in Cookie files. To store an array in a cookie, convert it to a string by using the serialize() PHP function. The array can be reconstructed using the unserialize() function once it had been read back in. Note that cookie size is limited.
Delete a cookie To remove a cookie, simply overwrite the cookie with a new one with an expiry time in the past. setcookie('cookie_name','',time()-6000);
Note As the setcookie command involves sending a HTTP header response, it must be executed before any html is echoed to the browser, including whitespace. echoed correct! incorrect. echoed whitespace before setcookie
Cookie Limitations The important thing to note is that some people browse with them turned off. e.g. in Fire Fox, Tools Options Privacy Cookies are stored client-side, so never trust them completely: They can be easily viewed, modified or created by a 3 rd party. They can be easily viewed, modified or created by a 3 rd party.
What is session? A Session refers to all the request that a single client makes to a server for some period of time. A session is specific to the user and for each user a new session is created to track all the request from that user.
How do Sessions work? They are based on assigning each user a unique number called session id. e.g. 26fe536a534d3c7cde4297abb45e275a This session id is stored in a cookie, or passed in the URL between pages while the user browses. pages while the user browses. The data to be stored (e.g. name, log-in state, etc.) is stored securely server-side in a PHP superglobal, and referenced using the session id.
Starting a Session session_start(); PHP does all the work: It looks for a valid session id in the $_COOKIE or $_GET superglobals if found it initializes the data. If none found, a new session id is created.
Storing Session Data The $_SESSION super-global array can be used to store any session data. $_SESSION['name'] = $name; $_SESSION['age'] = $age;
Reading Session Data Data is simply read back from the $_SESSION super-global array. e.g. $name = $_SESSION['name']; $age = $_SESSION['age']; $age = $_SESSION['age'];
Session Propagation Sessions need to pass the session id between pages as a user browses to track the session. It can do this in two ways: Cookie propagation Cookie propagation URL propagation
Cookie Propagation A cookie is stored on the users PC containing the session id. It is read in whenever session_start(); is called to initialize the session.
URL Propagation The session id is propagated in the URL some_folder/index.php?sid=26fe536a534d3c7cde4297abb45e275a PHP provides a global constant to append the session id to any internal links, SID. <a href="nextpage.php?<?=SID?>">Next page</a>
Which one..? The default setup of a PHP server is to use both methods. it checks whether the user has cookies enabled. If cookies are on, PHP uses cookie propagation. If cookies are off it uses URL propagation.
Destroying a Session Often not required, but if we want to destroy a session: // clear all session variables $_SESSION = array(); // delete the session cookie if there is one // delete the session cookie if there is one if (isset($_COOKIE[session_name()])) { setcookie(session_name(),'',time()-42000,'/'); } // destroy session session_destroy();
Cookies Sessions Limited storage space Practically unlimited space Insecure storage client-side Reasonably securely stored server-side User controlled No user control