Transcript What Are Cookies?

Cookies
Cookies & Session
Web Technology
Introduction
• HTTP is stateless and cannot keep information over a
series of accesses.
• We need to let the server know that this browser is the
one that works on the previous page
– This user is still looking for more products after some he just
selected.
• We need some mechanism to provide memory for a web
server
– Cookies: Browser stores information on client’s side
– Session: Server carries over the information for the browser.
What Are Cookies?
• Cookies were developed to maintain state between
subsequent visits to a webpage, or between visits to
different pages within a website.
• Cookies enable web servers to store and retrieve data
on the clients hard drive.
• Webapp can track a clients path through a website.
– E-commerce may store items selected by a customer.
– A membership site might remember an ID for every use
Cookies can be used to store data on client.
Cookies Restrictions
• Scope of Cookies
–
–
–
–
Expiry information (e.g. 01/01/2004, 03:00:00)
Path information (e.g. /cgi-bin/php)
Domain information (e.g. webserver.com)
A secure parameter (cookies are sent only over secure channel
(i.e. HTTPS)
Parameter Name
Default Value
path
“/” (all directories on the server)
Domain
The domain of server that set the cookies
Expire information
Until the browser is closed.
Secure
Disabled
Our First Cookie
<?
$_COOKIE['count']++;
setcookie("count", $_COOKIE['count'] );
$count = $_COOKIE['count'];
echo "You have been here $count ".($count>1?"times":"time");
?>
<?
echo “ABC”;
$_COOKIE['count']++;
setcookie("count", $_COOKIE['count'] );
$count = $_COOKIE['count'];
echo "You have been here $count ".($count>1?"times":"time");
?>
ABC
Warning: Cannot modify header information - headers already sent by
(output started at C:\AppServ\www\webtech\cookie\index.php:2) in C:\xxx\index.php on line 4
setcookie() Function
int setcookie(string cookiename, string [value], int [lifetime], string [path],
string [domain], int [secure];
• cookiename: value to be used for accessing cookie
• value: value to be stored in cookiename
• lifetime: time when cookie will expire (unit in seconds
since the start of cookie)
• path: subset of paths for which cookie is valid
• domain: which servers cookie will be sent
• secure: prevent cookies being sent over an insecure
connection (standard HTTP)
Setting Cookies
• Setting cookie expiration
$expt = time()+60;
setcookie("count", $count, $expt); //Cookie’s life is 60 seconds (1 minute)
• Setting cookie path
setcookie("count", $count, 0, “./webtech”); // Allowing to use cookies
// under director “webtech”
• Setting cookie domain
setcookie("count", $count, 0, “./”, “.ced.kmutnb.ac.th”);
// Allowing to access any directories on any server that ends with
“ced.kmutnb.ac.th”
Delete Cookies
• Set nothing to cookie name will delete it
<?
setcookie("username");
?>
• If we want to delete the previous one and create it again,
the order is confusing like this
<?
//set the new one
setcookie("username", "Joe");
//delete the old one
setcookie("username");
?>
Check for Cookie Support
<?
if(empty($_GET['check'])) {
//1. Set cookie and redirect to itself
$page = $PHP_SELF."?check=1";
setcookie("testcookie", "1"); // set cookie
header("Location: $page"); //redirect to itself with check variable
} else {
//2. Check if the test cookie is set
if(empty($_COOKIE['testcookie'])) {
echo "Your browser does not support cookie. Please enable cookies.";
}else {
echo "Your browser supports cookies, OK.";
setcookie("testcookie"); // Delete test cookie, then redirect
//header("Location: mainpage.php"); //Redirect to the page we wish
}
}
?>
Session
Cookies & Session
Web Technology
Session
• Sessions use a cookie called PHPSESSID
• When a session starts, PHP checks for this cookie and
sets it if it doesn't exist
• PHPSESSID cookie is a random alphanumeric string.
• Each web client gets a different session ID,
– session ID in the PHPSESSID cookie identifies that web client
uniquely to the server.
• We can create session variables to store information and
carry it over until the session ends or browser is closed.
Store and Retrieve Information
• Session data is stored in the $_SESSION array
• We use session_start() to initiate a session
<?
session_start( ); // start a session
$_SESSION['count'] = $_SESSION['count'] + 1;
print "You've looked at this page " . $_SESSION['count'] . ' times.';
?>
• To end a session, we use session_destroy() or close
browser). <?
session_destroy( ); // End the session
?>
Login Page
Using Session Variable for Login Page
<?
session_start();
if(isset($_SESSION['tct'])) session_destroy();
if($_POST['submit']=="Login")
{
if($_POST['txtUser']=="tct" && $_POST['txtPass']=="tct")
{
$_SESSION['tct'] = "OK";
header('Location: menu.php');
}
$_SESSION['tct'] = "FAILED";
}
?>
<html><head><title>Login Page</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<form action="<? echo $_SERVER["PHP_SELF"]; ?>" method="post">
…………………See Next Slide………………..
Using Session Variable for Login Page (Cont.)
<table width="20%" border="1" align="center">
<tr>
<td width="14%"><strong>User</strong></td>
<td width="86%"><input type="text" name="txtUser" value=""></td>
</tr>
<tr>
<td><strong>Passwd</strong></td>
<td><input type="password" name="txtPass" value=""></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="reset" value="Cancel"><input
type="submit" name="submit" value="Login"></td>
</tr>
</table>
</form>
</body>
</html>
Checking Successful Login
• All pages that are under login control must include this
piece of code at the top of the page. (xxx.php);
<?
session_start();
if(!isset($_SESSION['tct']))
{
header( 'Location: login.php' ) ;
}
?>
Note: This code is saved under chk_login.php.
Menu Page Under Login Control
<?
include('chk_login.php'); //
?>
<html>
<head>
<title>Menu</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<a href="http://www.sun.com">Sun</a><BR>
<a href="login.php">Logout</a>
<?
echo $_REQUEST['PHPSESSID']."<HR>";
?>
</body>
</html>