PHP114

From mi-linux
Jump to navigationJump to search

As discussed in the cookies chapter, achieving state in a web based system is critical to the functionality of most modern websites. Cookies are an ideal way to store a small piece of information, but when greater quantities of data (or sensitive data) is required to be held "in state", a more appropriate method would be to use sessions.

Basics of Sessions

Sessions are in essence, the same as cookies in that a series of variables and their associated content can be stored and retrieved between pages. The primary difference is that session variables are stored on the server whereas cookies are stored on the client. A number of advantages can be gained from storing variables on the server:

  1. Secure information (such as passwords) need not be sent backwards and forwards repeatedly between client and server in viewable text format
  2. Using cookies, larger quantities of variables slow down the request/response transaction, as each one needs to be sent with every page move on a given site

So how does the server know which variables belong to which user?

In order to match variables with users, a unique session id is generated and is stored as either a cookie on the browser (if cookie support is enabled) or is sent as part of the URL. Storing as cookies is preferable, as the session id is less likely to be seen by other users.

IMPORTANT NOTE: In order to use sessions, each PHP file that uses sessions has to have the PHP command:

session_start();

at the top of the file

A form based example

Create the following and name the file "page1.php"

<? session_start(); ?>
 <html>
   <head>
     <title>Sessions - Main Page</title>
   </head>
   <body>
 <?
   if (isset($_SESSION["firstName"]))
   {
     echo "<h1>Welcome ".$_SESSION["firstName"]." ".$_SESSION["lastName"]."</h1>";
   }
   else
   {
     echo "<h1>Welcome Visitor - please sign in</h1>";
   }
 ?>
 <p>If you have not visited the <a href="register.php">Registration Page</a>, please do so now.</p>
 </body>
 </html>

And create the registration page and name this "register.php"

<? session_start(); ?>
 <html>
   <head>
     <title>Sessions - Registration Page</title>
   </head>
   <body>
     <form method="post" action="<?= $_SERVER["PHP_SELF"]; ?>">
 <?
   $firstName=""; $lastName="";

   if (isset($_POST["updateDetails"])) // if a request to update the session has been received...
   {
     $_SESSION["firstName"]=$_POST["firstName"];
     $_SESSION["lastName"]=$_POST["lastName"];
     echo "<h1>UPDATED!</h1>";
   }

   if (isset($_SESSION["firstName"])) // if the names are already set in the session...
   {
     $firstName=$_SESSION["firstName"];
     $lastName =$_SESSION["lastName"];
   }
 ?>
     <p>Enter First Name: <input type="text" name="firstName" value="<?= $firstName; ?>"></p>
     <p>Enter Last Name: <input type="text" name="lastName" value="<?= $lastName; ?>"></p>
     <p><input type="submit" name="updateDetails" value="Update"></p>
     </form>
     <p><a href="page1.php">Back to page 1</a></p>
   </body>
 </html>

EXERCISE: try and add some session variables in your site.

Authentication and Sessions Example

Ready to move on?

PHP198 - Final Thoughts on PHP introduction