Internet Programming

Chapter Seven

Session and Cookies

Management in PHP

1 Prepared by Tesfa K. 04/01/2024

 What is a Cookie?
Cookie: a small amount of information sent by a server
to a browser, and stored on a client browser then sent
back by the browser on future page requests.
With PHP, you can both create and retrieve cookie
values.
cookies have many uses:
authentication
user tracking (A cookie is often used to identify a user)
maintaining user preferences, etc.
cookie's data consists of a single name/value pair, sent in
the header of the client's HTTP GET or POST request.
2 Prepared by Tesfa K. 04/01/2024
 How long does a cookie exist?
1) session cookie : the default type; a temporary cookie
that is stored only in the browser's memory
when the browser is closed, temporary cookies will be
erased
can not be used for tracking long-term information
safer, because no programs other than the browser can
access them
2) persistent cookie : one that is stored in a file on the
browser's computer
can track long-term information
potentially less secure, because users (or programs they run)
can open cookie files, see/change the cookie values, etc.
3 Prepared by Tesfa K. 04/01/2024
 How to Create a Cookie?
 The setcookie() function is used to set a cookie.
 The setcookie() function must appear before the <html> tag.
Syntax
setcookie(name, value, expire);
 Name - name is Used to refer the cookies.
The cookie name can be essentially thought of in terms of a variable
name.
 Value - A cookie value is simply a piece of data mapped to the cookie
name.
This could be a user identification number, background color, date,
anything.
 Expiration date - This date defines the lifetime of the cookie.
Once this timestamp equals the current date and time, the cookie will
expire.
4
 Expire
Prepared dateK.is optional.
by Tesfa 04/01/2024
If an expire date is not included, the cookie will expire at the end of
 Example
 In the example below, we create a cookie named "user" and assign
the value "Alex" to it.
 We also specify that the cookie should expire after one hour:
<?php
setcookie("user", "Alex ", time()+3600);
?>
<html>
<body>
</body>
</html>
 setcookie causes your script to send a cookie to the user's browser.
 You can set multiple cookies (20-50) per user.

5 Prepared by Tesfa K. 04/01/2024

 How to Retrieve a Cookie Value?
The PHP $_COOKIE associative array variable is
used to retrieve a cookie value.
In the example below, we retrieve the value of the
cookie named "user" and display it on a page.
<?php
// Print a cookie
echo $_COOKIE["user"];
// A way to view all cookies
print_r($_COOKIE);
?>

6 Prepared by Tesfa K. 04/01/2024

 How to Retrieve a Cookie Value?...
 In the following example we use the isset() function to
find out if a cookie has been set:
<html>
<body>
<?php
if (isset($_COOKIE["user"]))
echo "Welcome " . $_COOKIE["user"] . "!<br />";
else
echo "Welcome guest!<br />";
?>
</body>
</html>
7 Prepared by Tesfa K. 04/01/2024
 Setting a persistent cookie in PHP
to set a persistent cookie, pass a third parameter
for its timeout in seconds
time function returns the current time in seconds
<?php
$expireTime = time() + 60*60*24*7; //1 week from now
setcookie ("user", "Alex", $expireTime);
?>
<html>
<body>
</body>
</html>
8 Prepared by Tesfa K. 04/01/2024
 Removing a persistent cookie
If the server wants to remove a persistent cookie, it
should set it again, passing a timeout that is prior to the
present time.
When deleting a cookie you should assure that the
expiration date is in the past.
Example:
<?php
// set the expiration date to one hour ago
setcookie("user", "", time()-3600);
?>

9 Prepared by Tesfa K. 04/01/2024

 PHP Sessions
 session: represent a series of HTTP requests and responses between a
specific Web browser and server.
 A PHP session variable is used to store information about user session.
PHP Session Variables
 The HTTP protocol doesn't maintain state.
 A PHP session solves this problem by allowing you to store user
information on the server for later use (i.e. username, shopping items,
etc).
 However, session information is temporary and will be deleted after
the user has left the website. If you need a permanent storage you may
want to store the data in a database.
 Sessions work by creating a unique id (UID) for each visitor and store
variables based on this UID.

10 Prepared by Tesfa K. 04/01/2024

 How sessions are established
 client's browser makes an initial request to the server
 server notes client's IP address and stores some local
session data, and sends a session ID back to client.
 client sends that same session ID back to server on future
requests
 server uses session ID to retrieve the data for the client's
session later.

11 Prepared by Tesfa K. 04/01/2024

 Starting a PHP Session
 Before you can store user information in your PHP session,
you must first start up the session.
 Note: The session_start() function must appear before the
<html> tag.
<?php session_start(); ?>
<html>
<body>
</body>
</html>
 The code above will register the user's session with the server,
and assign a UID for that user's session.
 The correct way to store and retrieve session variables is to
use the PHP $_SESSION associative array variable:
12 Prepared by Tesfa K. 04/01/2024
 Example
 In the example below, we create a simple page-views counter.
 The isset() function checks if the "views" variable has already
been set.
If "views" has been set, we can increment our counter.
 If "views" doesn't exist, we create a "views" variable, and set it to 1:
<?php
session_start();
if(isset($_SESSION['views']))
$_SESSION['views']=$_SESSION['views']+1;
Else
$_SESSION['views']=1; // store session data
echo "Views=". $_SESSION['views']; //retrieve session data
?>

13 Prepared by Tesfa K. 04/01/2024

 Destroying a Session
 If you wish to delete some session data, you can use the unset() or
the session_destroy() function.
 The unset() function is used to free the specified session variable
<?php
unset($_SESSION['views']);
?>
 You can also completely destroy the session by calling the
session_destroy() function:
<?php
session_destroy();
?>
 Note: session_destroy() will reset your session and you will lose all
your stored session data.

14 Prepared by Tesfa K. 04/01/2024