|
When a user is browsing
through a website and is surfing from one web page to
another, sometimes the website needs to remember the
actions (e.g. choices) performed by the user. For example,
in a website that sells DVDs, the user typically browses
through a list of DVDs and selects individual DVDs for
check out at the end of the shopping session. The website
needs to remember which DVDs the user has selected because
the selected items needs to be presented again to the user
when the user checks out. In other words, the website
needs to remember the State - i.e. the selected items - of
the user's browsing activities.
However, HTTP is a
Stateless protocol and is ill-equipped to handle States. A
standard HTML website basically provides information to
the user and a series of links that simply directs the
user to other related web pages. This Stateless nature of
HTTP allows the website to be replicated across many
servers for load balancing purposes. A major drawback is
that while browsing from one page to another, the website
does not remember the State of the browsing session. This
make interactivity almost impossible.
In order to increase
interactivity, the developer can use the session handling
features of PHP to augment the features of HTTP in order
to remember the State of the browsing session. The are
basically 2 ways PHP does this:
- Using cookies
- Using Sessions
The next installment
discusses how to manage sessions using cookies...
Installment 2
Cookies
Cookies are used to store
State-information in the browser. Browsers are allowed to
keep up to 20 cookies for each domain and the values
stored in the cookie cannot exceed 4 KB. If more than 20
cookies are created by the website, only the latest 20 are
stored. Cookies are only suitable in instances that do not
require complex session communications and are not
favoured by some developers because of privacy issues.
Furthermore, some users disable support for cookies at
their browsers.
The following is a typical
server-browser sequence of events that occur when a cookie
is used:
- The server knows that it
needs to remember the State of browsing session
- The server creates a
cookie and uses the Set-Cookie header field in the
HTTP response to pass the cookie to the browser
- The browser reads the
cookie field in the HTTP response and stores the
cookie
- This cookie information
is passed along future browser-server communications
and can be used in the PHP scripts as a variable
PHP provides a function
called setcookie() to allow easy creation of cookies. The
syntax for setcookie is:
int setcookie(string name,
[string val], [int expiration_date], [string path], string
domain, [int secure])
The parameters are:
- name - this is a
mandatory parameter and is used subsequently to
identify the cookie
- value - the value of the
cookie - e.g. if the cookie is used to store the name
of the user, the value parameter will store the actual
name - e.g. John
- expiration_date - the
lifetime of the cookie. After this date, the cookie
expires and is unusable
- path - the path refers
to the URL from which the cookie is valid and allowed
- domain - the domain the
created the cookie and is allowed to read the contents
of the cookie
- secure - specifies if
the cookie can be sent only through a secure
connection - e.g. SSL enable sessions
The following is an example
that displays to the user how many times a specific web
page has been displayed to the user. Copy the code below
(both the php and the html) into a file with the .php
extension and test it out.
[?php
//check if the $count variable has been associated with the count cookie
if (!isset($count)) {
$count = 0;
} else {
$count++;
}
setcookie("count", $count, time()+600, "/", "", 0);
?]
[html]
[head]
[title]Session Handling Using Cookies[/title]
[/head]
[body]
This page has been displayed: [?=$count ?] times.
[/body]
[/html]
The next installment
discusses how to manage sessions using PHP session
handling functions with cookies enabled...
Installment 3
PHP Session Handling -
Cookies Enabled
Instead of storing session
information at the browser through the use of cookies, the
information can instead be stored at the server in session
files. One session file is created and maintained for each
user session. For example, if there are three concurrent
users browsing the website, three session files will be
created and maintained - one for each user. The session
files are deleted if the session is explicitly closed by
the PHP script or by a daemon garbage collection process
provided by PHP. Good programming practice would call for
sessions to be closed explicitly in the script.
The following is a typical
server-browser sequence of events that occur when a PHP
session handling is used:
- The server knows that it
needs to remember the State of browsing session
- PHP generates a sssion
ID and creates a session file to store future
information as required by subsequent pages
- A cookie is generated
wih the session ID at the browser
- This cookie that stores
the session ID is transparently and automatically sent
to the server for all subsequent requests to the
server
The following PHP
session-handling example accomplishes the same outcome as
the previous cookie example. Copy the code below (both the
php and the html) into a file with the .php extension and
test it out.
[?php //starts a session
session_start(); //informs PHP that count information
needs to be remembered in the session file if
(!session_is_registered("count")) {
session_register("count"); $count = 0; } else {
$count++; } $session_id = session_id(); ?] [html] [head]
[title]PHP Session Handling - Cookie-Enabled[/title]
[/head] [body] The current session id is: [?=$session_id
?] This page has been displayed: [?=$count ?] times.
[/body] [/html]
A summary of the functions
that PHP provides for session handling are:
- boolean start_session()
- initializes a session
- string
session_id([string id]) - either returns the current
session id or specify the session id to be used when
the session is created
- boolean
session_register(mixed name [, mixed ...]) - registers
variables to be stored in the session file. Each
parameter passed in the function is a separate
variable
- boolean
session_is_registered(string variable_name) - checks
if a variable has been previously registered to be
stored in the session file
- session_unregister(string
varriable_name) - unregisters a variable from the
session file. Unregistered variables are no longer
valid for reference in the session.
- session_unset() - unsets
all session variables. It is important to note that
all the variables remain registered.
- boolean
session_destroy() - destroys the session. This is
opposite of the start_session function.
The next installment
discusses how to manage sessions using PHP session
handling functions when cookies are disabled...
Installment 4
PHP Session Handling -
Without Cookies
If cookies are disabled at
the browser, the above example cannot work. This is
because although the session file that stores all the
variables is kept at the server, a cookie is still needed
at the browser to store the session ID that is used to
identify the session and its associated session file. The
most common way around this would be to explicitly pass
the session ID back to the server from the browser as a
query parameter in the URL.
For example, the PHP script
generates requests subsequent to the start_session call in
the following format:
http://www.yourhost.com/yourphpfile.php?PHPSESSID=[actual
session ID]
The following are excerpts
that illustrate the discussion:
Manually building the URL:
$url =
"http://www.yoursite.com/yourphppage.php?PHPSESSID="
. session_id();
[a href="[?=$url ?]"]Anchor Text[/a]
Building the URL using SID:
[a
href="http://www.yoursite.com/yourphppage.php?[?=SID
?]"]Anchor Text[/a]
|
