Session and Cookies
PHP Session and Cookie Configuration Tutorial
Dec 03, 2014
Learn the basics of configuring cookies and sessions in php. This tutorial covers the basics of configuring session and cookies in normal php and Prodigyview.
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Session and Cookies
Overview
Objective
Learn the basic configuration of a sessions and cookies in php.
Requirements
A server with PHP
Estimated Time
10 Minutes
Follow Along With Code Example
1. Download a copy of the example code at www.prodigyview.com/source.
2.Install the system in an environment you feel comfortable testing in.
3.Proceed to examples/system/Session_Basics.php
Apply to Normal PHP
While the configuration in this tutorial applies to ProdigyView, the concepts apply to normal cookies and sessions in php. You may use these concepts with these two php functions.
session_set_cookie_params
http://php.net/manual/en/function.session-set-cookie-params.php
setcookie
http://php.net/manual/en/function.setcookie.php
What is a SessionSessions is information that relates to a user and is stored on the server. A session will no longer exist once the browser closes. Sessions do not have a size limit. Sensitive information should be stored in the session.
User saves session information
User retrieves session infomration
What is a CookieCookies is data the stored in the user’s browser. Unlike sessions, cookies will last if a user closes their browser. Cookies have a size limit set by the browser. Sensitive information should not be stored in the cookie.
Stored on user’s computer
ConfigurationIn ProdigyView we can configure sessions and cookies to act a certain way. Below, we are disabling the session configuration in the bootstrap and adding our own configuration. We will explain the passed variables in other slides.
1. Disable init in bootstrap
2. Set cookie and session defaults
3. Initialize the session class
Cookie Path & Session Path
The cookie path and session is path on your server that you cookie or session will be accessible. Example: If you make your cookie path ‘/store/products’, the cookie will only be available on ‘http://www.example.com/store/products/index.php’.
Using ‘/’ will make the cookie or session available in any directory.
Cookie Domain and Session Domain
The cookie and session domain is the domain the cookie/session is available on. If your domain is www.example.com, setting you’re cookie/session to that domain will make is only accessible under www.example.com. If it was set to subdomain.example.com, it will only be available under subdomain.example.com.
Setting the domain to ‘.example.com’ will make the session/cookie available under all subdomains.
Cookie Secure & Session Secure
Cookie Secure and Session Secure will ensure that your data for a session/cookie will only save over an https connection.
It is up to you, the developer, to make sure the value is read only over an https connection.
Cookie and Session HTTP Only
In some situations, the requirement may be having this cookie only accessible from a http connection. Setting this value to true will ensure that the cookie/session will NOT be accessible through JavaScript, java(ex: .jar files) and other non-http/https protocols.
Cookie And Session Lifetime
Cookie and sessions do not last forever and nor should they. A cookie can be set for years but the average person will probably switch computers every 4-5 years.
When setting the amount of time a session/cookie will last, you are passing in the amount of seconds. So if you want the cookie/session to expire in 5 minutes, set it to ’60*5’;
Hash Cookie/Session
The option hash a cookie/session is an option only available in ProdigyView and not in normal php. Setting this value to true will encrypt the cookie/session when saving it. This will make it more difficult to tell what the saved data is.
Review1. Cookie/Session Path: Sets the path that the
cookie/session will be accessible from.
2. Cookie/Session Domain: Set what domain the cookie/session will be available on.
3. Cookie/Session Secure: Set if the cookie is writable only over a secure connection.
4. Cookie/Session Lifetime: Set how the long the cookie/session will last.
5. Hash Cookie/Session: Encrypt the cookie/session when saving it.
API ReferenceFor a better understanding of the sessions, visit the api by clicking on the link below.
PVSession
www.prodigyview.com
More Tutorials
For more tutorials, please visit:
http://www.prodigyview.com/tutorials
Related Documents
