Chapter

5
Sessions and Cookies
management in PHP
 2

What are cookies?

!  A cookie is a small packet of information
stored on the browser.

!  A cookie is a small file with the maximum

of size of 4KB that the web server stores
on the client computer.

!  It contains information about the viewer

that can be retrieved and used at a later
time.
!  The information is passed back and forth
between the server and browser via HTTP
headers.

Compiled By: Yonas H.(MSc.) Thursday, May 2, 19

 3

Attributes of a Cookie
!  Name: The actual cookie text consists of the
name of the cookie and the value stored there

!  Expiration Date: The time where the cookie

expires

!  Domain Name: specifies a general domain name

to which the cookie should apply

!  Path: used to specify where the cookie is

valid for a particular server

!  Security: If a cookie is secure, it must be

sent over a secure communication channel
(HTTPS server)
Compiled By: Yonas H.(MSc.) Thursday, May 2, 19
 4

Creating Cookies
! A cookie is created with the PHP
built-in setcookie() function, which
takes at least one argument, the name
of the cookie.
! Syntax:
setcookie (name,value,expire );
! Note:
The setcookie() function must appear
BEFORE the <html> tag
Compiled By: Yonas H.(MSc.) Thursday, May 2, 19
 5
setcookie (name ,value , expire);
!  The second argument is the value that will be
stored in the cookie such as a username, date, e-
mail, and so on.
!  It is not a good idea to put any kind of
sensitive personal information in cookie
files because cookie files are readable text
files.
!  Other optional arguments include the expiration
date of the cookie, and the path where the cookie
is valid, and lastly, whether or not to make the
cookie secure.

!  If you do not set the expiration date, the cookie

will be removed when the browser session ends.

Compiled By: Yonas H.(MSc.) Thursday, May 2, 19

 6

Example
<?php
setcookie("user","Aster");
setcookie("color","blue");
echo $_COOKIE[“user”];
?>

Compiled By: Yonas H.(MSc.) Thursday, May 2, 19

 7

Example 2
! You can also set the expiration time of
the cookie in another way.
! It may be easier than using seconds.

! In the example above the expiration time

is set to a month (60 sec * 60 min * 24
hours * 30 days).
Compiled By: Yonas H.(MSc.) Thursday, May 2, 19
 8

How to Retrieve a Cookie

Value?
!  The cookies are stored in the PHP global
$_COOKIE array.
!  When a cookie is set, PHP assigns it to the
global $_COOKIE associative array.
!  $_COOKIE array will contain all the cookie
values saved for that page.
<?php
if(!empty($_COOKIE['color'])){
echo "<pre>";
print_r($_COOKIE);
echo "</pre>”; } ?>
Compiled By: Yonas H.(MSc.) Thursday, May 2, 19
 9

Deleting a Cookie
! When cookies are created, they are,
by default, deleted when the user
closes his or her browser.
! If you want to delete the cookie
right now, even before the user
closes his or her browser?You simply
subtract from the current time to
some earlier date.

Compiled By: Yonas H.(MSc.) Thursday, May 2, 19

 10

Example

<?php
setcookie("cookie_name”,” ”,time( )-1);
?>

Compiled By: Yonas H.(MSc.) Thursday, May 2, 19

 11

Cont. …
! In the following example we use the
isset() function to find out if a
cookie has been set:

Compiled By: Yonas H.(MSc.) Thursday, May 2, 19

 12

Session
! A session is a way to store
information (in variables) to be
used across multiple pages.
! Unlike a cookie, the information is
not stored on the users computer.
! A session is the time that a user
spends at a Web site.

Compiled By: Yonas H.(MSc.) Thursday, May 2, 19

 13

Session
! PHP provides us with a mechanism to
manage sessions so that we can keep
track of what a visitor is doing,
what he or she likes, what he or she
wants, and soon, even after the user
logs off.
! Like cookies, the idea is to
maintain state.

Compiled By: Yonas H.(MSc.) Thursday, May 2, 19

 14

Session
! A PHP session, like a cookie, is a
way for the PHP to keep track of
that Web site visitor even after he
or she leaves or logs off.
! When you work with an application,
you open it, do some changes, and
then you close it. This is much like
a Session.
!  The computer knows who you are.
!  It knows when you start the application and when
you end.
Compiled By: Yonas H.(MSc.) Thursday, May 2, 19

 15

Session
But on the internet there is one problem:

!  the web server does not know who you are

or what you do, because the HTTP address
doesn't maintain state.

!  Session variables solve this problem by

storing user information to be used
across multiple pages (e.g. username,
favorite color, etc).
!  By default, session variables last until the
user closes the browser.

Compiled By: Yonas H.(MSc.) Thursday, May 2, 19

 16

Session
! Session variables hold information
about one single user, and are
available to all pages in one
application.
! Tip: If you need a permanent
storage, you may want to store the
data in a database.

Compiled By: Yonas H.(MSc.) Thursday, May 2, 19

 17

Session
! The session filename contains the
unique ID number for the session.
! The next time the visitor asks for
the page, his or her browser hands
the ID number back to the server.
! The server uses the session ID
number to locate the file with the
name that corresponds to the same
session ID number.

Compiled By: Yonas H.(MSc.) Thursday, May 2, 19

 18

Session
! The session file contains the actual
session data;
!  for example, username, preferences, or
items in the shopping cart—information
about the visitor that was stored the
last time he or she visited the page.

! If this is the first time the user

has visited the page, his or her
preferences will be collected and
stored into the session file, to be
retrieved later on.
Compiled By: Yonas H.(MSc.) Thursday, May 2, 19
 19

Session

! Sessions work by creating a unique id
(UID) for each visitor and store
variables based on this UID. The UID
is either stored in a cookie or is
propagated in the URL.

Compiled By: Yonas H.(MSc.) Thursday, May 2, 19

 20

Starting PHP session

!  A PHP session is started with the
session_start() function.

!  Typically session_start()is called on top

of the page, and then session variables are
registered in the superglobal $_SESSION
array.

!  The session_start()function creates a

session or resumes one that has already
started.

!  Note: The session_start() function must

appear BEFORE the <html> tag:
Compiled By: Yonas H.(MSc.) Thursday, May 2, 19
 21

Starting PHP session

Synatx:
session_start();
! Registering a Session:
$_SESSION['username’]= "john";
$_SESSION['password’]=$_POST['passwd'];

Compiled By: Yonas H.(MSc.) Thursday, May 2, 19

 22

Deleting Session Variables

unset($_SESSION[‘session_name’]);
Example: Unset a single session
variable
!  unset($_SESSION['color']);

session_destroy()
! destroys all of the data associated
with the current session
Syntax: session_destroy( ) ;
Compiled By: Yonas H.(MSc.) Thursday, May 2, 19
 23

Destroying a Session
!  If you wish to delete some session data,you can
use the unset() or the session_destroy() function.

!  The unset() function is used to free the specified

session variable:
!  unset($_SESSION[‘session_name’]);

!  You can also completely destroy the session by

calling the session_destroy() function:
session_destroy();

Note: session_destroy() will reset your session

and you will lose all your stored session data.

Compiled By: Yonas H.(MSc.) Thursday, May 2, 19

 24

Cont. …
!  In the example below, we create a simple page-
views counter. The isset() function checks if the
"views" variable has already been set.

!  If "views" has been set, we can increment our

counter. If "views" doesn't exist, we create a
"views" variable, and set it to 1:

output

Compiled By: Yonas H.(MSc.) Thursday, May 2, 19

 25

PHP Error Handling

! The default error handling in PHP is

very simple.
! An error message with filename, line
number and a message describing the
error is sent to the browser.

Compiled By: Yonas H.(MSc.) Thursday, May 2, 19

 26

PHP Error Handling

! When creating scripts and web
applications, error handling is
an important part.
! If your code lacks error checking
code, your program may look very
unprofessional and you may be
open to security risks.

Compiled By: Yonas H.(MSc.) Thursday, May 2, 19

 27

PHP Error Handling

! We will show different error
handling methods:
! Simple "die()" statements
! Custom errors and error triggers
! Error reporting

Compiled By: Yonas H.(MSc.) Thursday, May 2, 19

 28

PHP Error Handling

! The example shows a simple script that
opens a text file:

! If the file does not exist you might get

an error like this:

Compiled By: Yonas H.(MSc.) Thursday, May 2, 19

 29

Cont’
! To avoid that the user gets an error
message like the one above, we test
if the file exist before we try to
access it:

output

Compiled By: Yonas H.(MSc.) Thursday, May 2, 19

 30

PHP Exception Handling

! Exceptions are used to change the
normal flow of a script if a
specified error occurs.
! Exception handling is used to change
the normal flow of the code execution
if a specified error (exceptional)
condition occurs.
! This condition is called an
exception.

Compiled By: Yonas H.(MSc.) Thursday, May 2, 19

 31

What is a PHP Filter?

!  PHP filters are used to validate and filter
data coming from insecure sources, like
user input.

!  A PHP filter is used to validate and filter

data coming from insecure sources.

!  To test, validate and filter user input or

custom data is an important part of any web
application.

!  The PHP filter extension is designed to

make data filtering easier and quicker.

Compiled By: Yonas H.(MSc.) Thursday, May 2, 19

 32

Why use a Filter?

!  to make data filtering easier and
quicker.

!  Almost all web applications depend on

external input.

!  Usually this comes from a user or another

application (like a web service).

!  By using filters you can be sure your

application gets the correct input type.

Compiled By: Yonas H.(MSc.) Thursday, May 2, 19

 33

THANK YOU

Compiled By: Yonas H.(MSc.) Thursday, May 2, 19