Web Programming and HTTP Cookies Overview

web programming n.w
1 / 13
Embed
Share

Explore the fundamentals of web programming, cookies, sessions, and HTTP cookies. Learn how information can be stored and accessed across web pages using cookies and sessions. Understand the role of HTTP cookies in maintaining stateful information between HTTP requests. Discover the process of setting, storing, and retrieving cookies using PHP. Delve into HTTP cookie headers and the setcookie() function in PHP for efficient data management.

  • Web Programming
  • Sessions
  • Cookies
  • HTTP
  • PHP
rayaanacharya
skyl_6 Follow

Uploaded on | 1 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Web Programming CSC 242 Professor John Carelli Kutztown University Computer Science Department

  2. Cookies and Sessions Two mechanisms for saving user information on a server information can be accessed at a later time and/or across multiple web pages otherwise, it is lost when the user navigates away from the current page General procedure: 1. Information is collected from the user on the client side generally using an HTML form 2. Information is sent from the form to the server using post or get retrieved in the targeted php file 3. Information stored for later use by saving it using cookies or creating a session Professor John Carelli Kutztown University Computer Science Department

  3. HTTP Cookies, overview HTTP is a stateless protocol No memory of previous states HTTP cookies are a way to store stateful information between separate HTTP requests An HTTP cookie is an item of data that the server sends to the client The client stores the data to use in future requests The data in a cookie can only be read from the issuing domain Source Dylan Schwesinger Kutztown University Computer Science Department

  4. HTTP Cookie Headers Source Dylan Schwesinger Kutztown University Computer Science Department

  5. Cookies Information is stored using the PHP function setcookie() stored as name/value pairs Retrieved using $_COOKIE array Information is stored on the client machine Example: setcookie( name ,$_POST[ name ]); on another web page print Name: {$_COOKIE[ name ]}<br> ; // save a cookie // retrieve information PHP: HTML Form Cookie Example Professor John Carelli Kutztown University Computer Science Department

  6. setcookie setcookie function setcookie(name, value, expire, path, domain,secure, httponly) name: The name of the cookie value: The value of the cookie; can contain up to 4KB of data expire: (Optional) The Unix timestamp for the expiration date path: (Optional) The path to the cookie on the server domain: (Optional) The domain of the cookie secure: (Optional) Whether the cookie must be sent over a secure connection httponly: (Optional) Whether the cookie must use the HTTPprotocol Source Dylan Schwesinger Kutztown University Computer Science Department

  7. Properties of Cookies Cookies have an expiration time after which they are automatically deleted To destroy a cookie, the setcookie function must be called with an expiration date set in the past All of the other parameter values that were used when initially setting the cookie must be the same W3 Schools https://www.w3schools.com/php/php_cookies.asp Professor John Carelli Kutztown University Computer Science Department

  8. Limitations of Cookies MUST be sent by the server to the client BEFORE any HTML is sent i.e. before any print or echo statements otherwise an error occurs and no cookie is sent Can be blocked by the user with appropriate browser settings possibly limiting web-site functionality Limitations on amount of storage only simple key/value pairs number of cookies may be limited Multi-tab browsing sessions could create cookie conflicts same cookie stored by multiple tabs Professor John Carelli Kutztown University Computer Science Department

  9. Sessions Sessions address many of the limitations of cookies Some key differences/improvements compared to cookies: Information is stored on the server machine More information can be stored and more types: arrays, Booleans, etc. Generally, more secure Since user information is not transmitted back to server Can be made to work even if the user has disabled cookies https://www.w3schools.com/php/php_sessions.asp Professor John Carelli Kutztown University Computer Science Department

  10. Sessions, operation Create a session using PHP function session_start() this generates a unique session ID number which is sent to the browser with the name PHPSESSID (if it doesn t already exist) the ID is stored on the client side in a cookie accessible with either session_id() or $_COOKIE[ PHPSESSID ] Once the session is started, information is stored directly in the $_SESSION array information is stored on the server side Remove all session variables with session_unset() Session can be ended with session_destroy() deletes data but does not remove the session cookie PHP: HTML Form Session Example Professor John Carelli Kutztown University Computer Science Department

  11. Sessions, cont Limitation: Since one cookie is generated and saved for the session ID same start-up restriction as for cookies i.e. - session_start() must be executed before any HTML is sent to the client Also, if cookies are disabled, errors could result PHP: HTML Form Session No Cookies Professor John Carelli Kutztown University Computer Science Department

  12. Sessions without cookies It is possible to make sessions work without cookies advantages: don t need to start the session first or be concerned about whether cookies are enabled Controlled with several PHP settings (view with phpinfo()): // if on, use cookies in this session ini_set("session.use_cookies", 0); // if on, only use cookies to store the session id on the client side. // enabling this setting prevents attacks involving passing session ids in URLs. ini_set("session.use_only_cookies", 0); // send session ID via a URL (get) ini_set("session.use_trans_sid", 1); Professor John Carelli Kutztown University Computer Science Department

  13. Sessions without cookies, cont When cookies are turned off for a session, the ID is transmitted using the same URL mechanism used by get Limitations: must be specifically set up less secure since session ID is visible during transmission PHP: HTML Form Session Using Get Professor John Carelli Kutztown University Computer Science Department

Related


No related presentations.

More Related Content