170 likes | 283 Views
UFCEUS-20-2 : Web Programming. Lecture 4 PHP (3) : Maintaining State – Cookies & Sessions. l ast lecture …. Inbuilt functions Common inbuilt function examples User defined functions - declaration - return statement - values & references - scope (local & global) - arguments
E N D
UFCEUS-20-2 : Web Programming Lecture 4PHP (3) : Maintaining State – Cookies & Sessions
last lecture … • Inbuilt functions • Common inbuilt function examples • User defined functions - declaration - return statement - values & references - scope (local & global) - arguments - default values • Environment Variables & Superglobals • $_GET & $_POST
Stateful v. Stateless • "State" is a central concern of all sorts of distributed applications, but especially of Web applications. When applied to a protocol, "state" treats each series of interactions as having continuity, much like a single program's state. A "stateless" protocol is one in which there is no such continuity; each request must be processed entirely on its own merits. • HTTP and its derivatives are intrinsically "stateless". • The request/response cycle of a HTTP interaction does not maintain "memory" of any previous interactions.
Stateful v. Stateless (2) Stateful Interaction: Request 1: “What is Alice’s account number?” Response 1: 145678093 Request 2: “What is her current balance?” Response 2: £345.65 Stateless Interaction: Request 1: “What is Alice’s account number?” Response 1: 145678093 Request 2: “What is Alice’s current balance?” Response 2: £345.65
Is PHP stateless? (well … yes) • On a webserver, PHP scripts have no shared state, so each instance of a PHP script runs in its own logical memory space. • The scripts maintain no persisted state, so each script start off fresh as a daisy, with no data to indicate what happened the previous times it was executed. • Variables are destroyed as soon as the page script finishes executing. • The script can access the ‘referrer’, the address of the previous page, although this can’t really be trusted. • $_SERVER['HTTP_REFERER']
Is PHP stateless? (well … not necessarily) The usual way to maintain state in PHP scripts is via the use of sessions. To understand how these work, we need to have a look at what cookies are and how they work …
Client/Server interaction with Cookies A cookie is a small file that the server embeds on the user's browsers file system. Each time the same browser requests a page, it will send the cookie too. With PHP, you can both create and retrieve cookie values.
Setting / Retrieving / Deleting a Cookie with PHP Setting a cookie : use the setcookie() function setcookie(name, value, expire, path, domain); Retrieve a cookie : use the $_COOKIE superglobal // Print a cookie echo $_COOKIE["name"]; // A way to view all cookies print_r($_COOKIE); Delete a cookie : set the time to a past instance // set the expiration date to one hour ago setcookie("name", "", time()-3600);
Setting & Retrieving a Cookie with PHP <?php if (!isset($_COOKIE['visits'])) $_COOKIE['visits'] = 0; $visits = $_COOKIE['visits'] + 1; setcookie('visits', $visits, time()+3600*24*365); ?> <!DOCTYPE html> <html> <head> <title>PHP Cookie Example 1</title> </head> <body> <?php if ($visits > 1) { echo("This is visit number $visits."); } else { #First visit echo('Welcome to my Website! This is your first visit!'); } ?> </body> </html> read cookie value to variable, add 1 set cookie to now + 1 year run script ** Note : the cookie must be sent before any other headers. Keep refreshing the page to see the cookie at work.
setcookie() keys & values setcookie(name [,value [,expire [,path [,domain,secure]]]]]) name = cookie name value = data to store (string) expire = UNIX timestamp when the cookie expires. Default is that cookie expires when browser is closed. path = Path on the server within and below which the cookie is available on. domain = Domain at which the cookie is available for. secure = If cookie should be sent over HTTPS connection only. Default false.
Cookie limits & notes • Each cookie on the user’s computer is connected to a particular domain. • Each cookie can store up to 4kB of data. • A maximum of 20 cookies can be stored on a user’s PC per domain • Only strings can be stored in Cookie files. • To store an array in a cookie, convert it to a string by using the serialize()PHP function. • The array can be reconstructed using the unserialize() function once it had been read back in. • Cookies are stored client-side, so never can’t be trusted completely: They can be easily viewed, modified or created by a 3rd party. • They can be turned on and off at will by the user.
PHP Sessions • Since HTTP is a stateless protocol – a PHP session can be used to store user information on the server for later use (i.e. username, shopping items, etc). • Session information is temporary and will be deleted after the user has left the website. Session data can be made persistent by storing the data in a database. • Sessions work by creating a unique id (UID) for each visitor and store variables based on this UID. The UID is either stored in a cookie or is propagated in the URL (if cookies are turned off for instance).
Starting / Resuming a Session session_start(); PHP does all the work: It looks for a valid session id in the $_COOKIEor $_GETsuperglobals – if found it initializes the data. If none found, a new session id is created. Note that like setcookie(), this function must be called before any echoed output to browser. Example session id: 26fe536a534d3c7cde4297abb45e275a
Storing / Retrieving / Deleting Session data The $_SESSIONsuperglobal array can be used to store any session data. e.g. $_SESSION[‘name’] = $name; $_SESSION[‘age’] = $age; To retrieve session values, data is simply read back from the $_SESSIONsuperglobal array. e.g. $name = $_SESSION[‘name’]; $age = $_SESSION[‘age’]; To delete session data – simply unset()a particular session variable e.g. unset($_SESSION[‘name’]); To destroy a session – use the session_destory() function e.g. session_destory();
Setting & Retrieving a Session value with PHP must be the first line in script <?phpsession_start();if(isset($_SESSION['visits'])) { $_SESSION['visits']=$_SESSION['visits']+1;} else { $_SESSION['visits']=1;} echo "This is visit number ". $_SESSION['visits']; ?> ** Note : Keep refreshing the page to see the session counter at work. run script