1 / 11

Lecture 12 Sessions and Authentication

Lecture 12 Sessions and Authentication. MIS 3501, 2014 Spring Jeremy Shafer Department of MIS Fox School of Business Temple University April 10, 2014. Agenda for today. Review homework assignment The mysqli_real_escape_string () function Authentication and Sessions.

oki
Download Presentation

Lecture 12 Sessions and Authentication

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lecture 12Sessions and Authentication MIS 3501, 2014 Spring Jeremy Shafer Department of MIS Fox School of Business Temple University April 10, 2014

  2. Agenda for today • Review homework assignment • The mysqli_real_escape_string() function • Authentication and Sessions

  3. mysqli_real_escape_string Please see: http://www.w3schools.com/php/func_mysqli_real_escape_string.asp PHP Programming with MySQL, 2nd Edition

  4. Authentication • Use a one-way encryption function. For example: md5() • The thinking goes like this: • Never store the decrypted password • Store a one-way encrypted password instead • When a user attempts to login in, encrypt their input • Compare the two encrypted passwords to see if the match PHP Programming with MySQL, 2nd Edition

  5. Sessions • A session refers to a period of activity when a PHP script stores state information on a Web server PHP Programming with MySQL, 2nd Edition

  6. Using Sessions to Save State Information • Sessions allow you to maintain state information even when clients disable cookies in their Web browsers PHP Programming with MySQL, 2nd Edition

  7. Starting a Session • The session_start() function starts a new session or continues an existing one • The session_start() function generates a unique session ID to identify the session • A session ID is a random alphanumeric string that looks something like: 7f39d7dd020773f115d753c71290e11f • The session_start() function creates a text file on the Web server. PHP Programming with MySQL, 2nd Edition

  8. Starting a Session (continued) • The session_start() function does not accept any arguments, nor does it return a value that you can use in your script <?php session_start(); ... • You must call the session_start() function before you send the Web browser any output PHP Programming with MySQL, 2nd Edition

  9. Working with Session Variables • Session state information is stored in the $_SESSIONautoglobal • When the session_start() function is called, PHP either initializes a new $_SESSIONautoglobal or retrieves any variables for the current session (based on the session ID) into the $_SESSIONautoglobal PHP Programming with MySQL, 2nd Edition

  10. What are they good for? • Session variables are good for storing data that needs to shared between separate pages in your application. PHP Programming with MySQL, 2nd Edition

  11. For example: index.php form.php handler.php For Customers We can use a $_SESSION variable to indicate if a user is currently logged in or not. login.php report.php For Employees

More Related