LIS651 lecture 4

1. Thomas Krichel 2005-04-15 LIS651 lecture 4

2. today • sessions

3. sessions • You will recall that HTTP is a stateless protocol. Each request/response is self-contained. • Statefulness is crucial in Web applications. Otherwise users have to authenticate every time they access a new page. • Traditionally, one way to create statefullness is to use cookies. • PHP uses cookies to create a concept of its own, sessions, that makes it all very easy.

4. cookies • A cookie is a piece of attribute/value data. A server can send cookies as value of a HTTP header Set-Cookie:. Multiple headers may be sent. • When the client visits the web site again, it will send the cookie back to the server with a HTTP header Cookie:

5. Set-Cookie • Set-Cookie: name=value; [expires=date;] [path=path;] [domain=domain] [secure] • where • name is the variable name set in the cookie • value is the variable's value • date is a date when the cookie expires • path restricts the cookie to be sent only when requests to a path starting with path are made • domain restricts the sending of the cookie to a certain domain • secure restricts transmission to https

6. Cookies: • The browser compares the request it wants to make with the URL and the domain that sent the cookie. • If the path is not set the cookie will only be sent to a request with the originating URL. • If the cookie matches the request a request header of the form Cookie: name1=value1 ; name2=value2 is sent.

7. sessions • Sessions are a feature of PHP. PHP remembers a session through a special cookie PHPSESSID. • To activate the sessions, include session_start(); at the beginning of your script, before any printing has been done. • One a session is active, you have a special super-global variable $_SESSION. Session data is stored in special files on wotan.

8. $_SESSION • This is an array where you can read and set variables that you want to keep during the session. if($_SESSION[user_name]) { print "welcome $_SESSION[user_name]"; } else { // show users login form print login_form(); }

9. ending sessions • At 9 and 39 past each hour, wotan deletes all session files that have not been changed for 24 minutes or more. • If you want to remove a session yourself, you can call session_destroy() in your script.

10. visit.php <?php $top='<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html><head><title></title><meta http-equiv="content-type" content="text/html; charset=UTF-8"/> </head><body><div>'; $bottom='</div><p> <a href="http://validator.w3.org/check?uri=referer"> <img style="border: 0pt" src="/valid-xhtml10.png" alt="Valid XHTML 1.0!" height="31" width="88" /> </a></p></body></html>';

11. visit.php session_start(); $current=mktime(); // look at the current time if($_SESSION[last_click]) { $passed=$current-$_SESSION[last_click]; $to_print.="$passed seconds have passed since your last visit.\n"; $_SESSION[last_click]=$current; } else { $to_print="This is your first visit.\n"; $_SESSION[last_click]=$current; } print "$top\n$to_print\n$bottom"; ?>

12. Thank you for your attention! http://openlib.org/home/krichel