You've reached the end of your free preview.
Want to read all 32 pages?
Unformatted text preview: COMP 3322B
Modern Technologies on
World Wide Web
2nd semester 2018-2019
PHP - Part II (O2) Dr. C Wu
Department of Computer Science
The University of Hong Kong Cookies and sessions
Motivation: HTTP is a stateless protocol — requesting
each page is an independent action. How to make the
server remember the state of a client across his/her
multiple page accesses?
Example state information: login information, shopping cart
content, etc. same URL: before login after login Cookies and sessions
Cookies: key/value pairs (variable/value) maintained by browsers
E.g., manage cookies on Chrome:
Preferences=>Settings=>Advanced
=>Content Settings=>Cookies Sessions: key/value pairs (variable/value) maintained on the server,
like server-side cookies Step
1.
The
server
sends
the
cookie
to
the
Step
1.
The
server
client.
Cookies
Step 1. The server sends the cookie to the client.
Step
1.
The
server
sends
the
cookie
to
the
client.
How cookie works: the server sets the cookie and sends it to the client
3. The cookie’s variable
and value is generated and
send to the client. 1.
1. Client
Client requests
requests for a
web
page
(say,
web
page requests
(say, a.php).
1. Client
for a
web page (say, a.php).
1. Client requests for a
4.4.Client
Client(browser)
(browser)
loginName=Kit&loginPassword=xx
web page (say, a.php).
stores
and
maintain
stores
and(browser)
maintain
4. Client
the
cookie
variable.
the
cookie
variable.
stores
and
maintain
4. Client (browser)
the cookie variable.
storesKey
and maintain
Key
Values
Value
theloginName
cookie
Key variable.
Value
loginName
Kit
Kit Value Key 4. Client (browser)
stores and maintain
the cookie variable. 1. Client requests for a
web page (say, a.php). 2. The web page contains
server side processing cod
which indicates setting of
cookie variable.
variable Cookies
stored
in the client machine
cookies stored on the client
from i.cs.hku.hk Kit … loginName …
setcookie("loginName", "K
…
… … Cookies stored in the client machine 2. The web page contains
server
code,
2. Theside
webprocessing
page contains
which
setting of
a
serverindicates
side processing
code,
2. The variable.
web page contains
cookie
variable
which indicates setting of a
server side processing code,
cookie variable.
variable
…which indicates setting of a
"Kit",…)
cookie
variable.
variable
setcookie("loginName",
…
…setcookie("loginName", "Kit",…)
…… Code in a.php indicates create a cookie
3. The
The cookie’s
cookie’s variable
3.
cookie
Code in a.php indicates to create a variable in the client machine.
setcookie("loginName",
"Kit",…)
and
value
is generated
generated
machine.
and
value
is
and
3. The
cookie’s
variable
cookie variable on the client side
Code in a.php indicates create a cookie
…
send
to
theis
client.
send
to
the
client.
variable in the client machine.
and
value
generated and
29
29
and value are generated and 3.send
The to
cookie’s
variable
the
client.
sent to the client HTTP/1.1 200 OK Code in a.php indicates create a cookie 29
variable in the client machine.
and value is generated
and
.... send to the client. Set-Cookie: loginName=Kit 2
… Code in a.php indicates create a co
variable in the client machine. loginName
……
……Kit
Key
Value
…
Cookiesstored
stored…
theclient
clientmachine
machine
Cookies
ininthe
loginName
Kit Cookies stored in the client machine POST /~c0322/a.php HTTP/1.1 Host : i.cs.hku.hk .... Step 1. The server sends the cookie to the client.
…. <!DOCTYPE html> … How does cookie wor
Cookies
Stdoes
2
2. Each
E h time
ti cookie
th
the same computer
t requests
t a
HowStep
work?
St 2
Step
2. Each
E h time
ti
th
the same computer
t reque
page with a browser, it will send the cookie to the How cookie works (cont’d): each time the same browser requests a
pageitwith
a browser,
will
page on the same server,
will send
the cookieitto
thesend
serverthe cookie t server.
server
server.
server
2.
The
cookiescomputer
set previously
St 2
Step
2. Each
E h time
ti
th
the
same
t
requests
t
a
Key setValue
2.
The
cookies
previously
are sent together with the
Key
Value
loginName
Kit
are
sent
together
with
the
page with a browser,
itrequest
will send
the cookie to the loginName Kit
HTTP
to the server.
HTTP request to the server.
server.
server
1. Client requests for
request for
POST /~c0322/b.php HTTP/1.1 2. 1.
The
cookies
set previously
Client
request
for
another page (say, b.php)
are sent together with the
on the same server. another page (say, b.php)
HTTP
request
the server.
on the
sametoserver.
Key Value lient request for
loginName
Kit
ther page (say, b.php)
…
…
he same server. Cookies stored
in the client machine
cookies stored on the client
from i.cs.hku.hk Key Value oginName Kit … … stored in the client machine Key Value loginName Kit … … Cookies stored in the client machine Key Host : i.cs.hku.hk Value 3. Codes in b.php can use the
.... loginName
Kit
3. Codes
cookie variables previously
set byin b.p
Cookie: loginName=Kit cookie variable
a.php.
....
a.php.
…
3. Codes$_COOKIE['loginName']
b.php can use the ……
$ inCOOKIE['loginName']
cookie variables
previously set$_COOKIE['login
…
$byCOOKIE['login
a.php.
Codes in b.php … 30 Code …
$ COOKIE['loginName'] …
$_COOKIE['loginName']
…
Codes in b.php
30 PHP Cookies
cookies in PHP
Cookies
in
PHP
To declare the use of a cookie variable: To declare the use of a cookie variable: Cookies
in
PHP
cookie expire *me);
setcookie("variableName", "variableValue", cookie
valid time);
To declare the use of a cookie variable: setcookie("variableName",
"variableValue",
cookie valid time);
To access the value
of cookie variable: To declare the use of a cookie variable:
To retrieve the value of a cookie variable:
$ of
COOKIE["
i bl Ncookie
"] valid time);
setcookie("variableName",
"variableValue",
To access the value$_COOKIE["variableName"]
cookie
variable:
$ COOKIE["
$_COOKIE["variableName"]
i bl
Nvariable:
"] in the client browser:
To check
if a cookie
is declared
To access
the
value
of cookie
To check if a $_COOKIE["variableName"]
is declared
isset($_COOKIE["variableName"])
$cookie
COOKIE["
i bl Nin the
"] client browser:
To check if a cookie has been set:
isset($_COOKIE["variableName"])
To check
if a cookie
is
To unset
a cookie
ki declared
variable,
i bl in just
jthe client
set the
hbrowser:
cookie
ki expire
i time
to be
31
To unset
aisset($_COOKIE["variableName"])
cookie
ki anytime
variable,
i bl in
just
j thesetpast.
the
h cookie
ki expire
i
time to be anytime in the past.
31
To unset a cookie
ki variable,
i bl just
j set the
h cookie
ki expire
i
To unset a cookie variable, just set the cookie expiration
time to be anytime in the past.
31
time to be anytime in the past Example 4 (processLogin.php) ... <? $user_name[0]="Kit"; $user_password[0]='password'; $user_account_balance[0]= 1000; $user_name[1]="Bobby"; $user_password[1]="password2"; $user_account_balance[1]= 2000; $user_name[2]="Harry"; $user_password[2]="password3"; $user_account_balance[2]= 3000; ... Example 4 (processLogin.php)
if (in_array($_POST["loginName"], $user_name)) { $key = array_search($_POST["loginName"], $user_name); if ($user_password[$key]==$_POST["loginPassword"]) { setcookie("userName", $user_name[$key], *me()+3600); print "Login correct!<br>"; print "Name :".$user_name[$key]."<br>"; print "Account balance:".$user_account_balance [$key]."<br>"; }else print "Login failure!”; }else { print "No such user!"; } print "<br><a href='login.php'>Back to login page</a>"; ?> setcookie()
Set a cookie variable named
“userName”, value is the
value of variable
$user_name[$key]
The cookie will expire in
3600 seconds
The setcookie() function
should usually appear
BEFORE printing any html
content if we use ob_start(); at the beginning and ob_end_flush(); at the end
of the PHP file, HTML content can be printed before setcookie(..); Example 4 (login.php) Example 5 (login.php)
(login php) <!DOCTYPE HTML PUBLIC " //W3C//DTD HTML 4.01 Transitional//EN"
<!DOCTYPE html>
" ;
<html>
Check if a cookie is set before
<head>
<title>Login page</title>
If the cookie “userName” is
</head>
not set, then we display the
<body>
login form.
<?
if (!isset($_COOKIE["userName"]) ){
print '<form action="processLogin.php" method="post">';
print 'Login
Login name <input type
type="text"
text name
name="loginName"
loginName />
/>';;
print 'Password <input type="password" name="loginPassword" />';
print '<input type="submit" />';
print '</form>';
} ?>
</body>
</html> 34 Example 4 (login.php) Example 5 (login.php)
(login php) <!DOCTYPE HTML PUBLIC " //W3C//DTD HTML 4.01 Transitional//EN"
<!DOCTYPE html>
" ;
<html>
<head>
<title>Login page</title>
</head>
<body>
<?
if (!isset($_COOKIE["userName"]) ){
print '<form action="processLogin.php" method="post">';
print 'Login
Login name <input type="text"
type text name
name="loginName"
loginName />
/>';;
print 'Password <input type="password" name="loginPassword" />';
print '<input type="submit" />';
print '</form>';
}else{
A
i cookie
ki variable
i bl
Accessing
print "Hello! Welcome ".$_COOKIE["userName"];
print "<br />";
$_COOKIE['variableName']
print "<a href='logout.php'>Logout</a>";
}
can access the variable set
?>
previously.
</body>
35
</html> Example 4 (logout.php)
<? setcookie("userName", "", *me()-3600); print "<p>You have logged out.</p>"; print "<a href='login.php'>Back to login page</a>"; ?> Unset cookie variable
Just set the expiration
time to a previous time Client-server
interaction
(retrieving
login.php)
Step 1. The server sends the cookie to the client.
2. Server runs login.php 3. The cookie’s variable
and value is generated and
send to the client. <!DOCTYPE html> <html> <head>
<etle>Login page</etle> </head> 2. The web page contains
<body> <?
server side processing code,
if (!isset($_COOKIE["userName"]) ){ which indicates setting of a
print '<form aceon="processLogin.php" method="post">';
cookie variable.
variable
print 'Login name <input type="text" name="loginName" >';
print 'Password <input type="password" … name="loginPassword">'; print '<input type="submit">';
setcookie("loginName", "Kit",…)
print '</form>'; }else{
…
print "Hello! Welcome ".$_COOKIE["userName"]; 3. The cookie’s variable
Code in a.php indicates create a cookie
print "<br>"; variable in the client machine.
and value is generated and print “<a href=“logout.php”>Logout</a>"; 3. HTTP response sent to client
} send to the client.
29
?> HTTP/1.1 200 OK </body> …. </html> Harry ********* 1. Client requests for a
web page (say, a.php). Cookies stored in the client machine
login.php 4. Client (browser)
stores and maintain
the cookie variable. 2. The web page contains
server side processing cod
which indicates setting of
cookie variable.
variable
… Value … 4. Client browser display of login.php Key Kit Kit loginName loginName …
setcookie("loginName", "K
…
Value … Key … Code in a.php indicates create a co
variable in the client machine. 4. Client (browser)
stores and maintain
the cookie variable. Cookies stored in the client machine GET /~c0322/login.php HTTP/1.1 1. Client requests for a Host : i.cs.hku.hk login.php
web
page (say, a.php).
.... <!DOCTYPE html> … <form aceon="processLogin.php" method=“post"> … Step 1. The server sends the cookie to the client. Client-server
interaction
(retrieving
processLogin.php)
Step 1. The server sends the cookie to the client.
6. Server runs processLogin.php Kit Value Key 4. Client (browser)
stores and maintain
the cookie variable. 2. The web page contains
server side processing cod
which indicates setting of
cookie variable.
variable 3. The cookie’s variable
7. HTTP response sent and value is generated and
to client
send
to the client. 1. Client requests for a
web page (say, a.php). Cookies stored in the client machine loginName …
setcookie("loginName", "K
…
Value loginName
Kit
8. Client browser display of processLogin.php
…
… … Key … Code in a.php indicates create a co
variable in the client machine. 4. Client (browser)
stores and maintain
the cookie variable. <? …. if (in_array($_POST["loginName"], $user_name)) { $key = array_search($_POST["loginName"], $user_name); 2. The web page contains if ($user_password[$key]==$_POST["loginPassword"]) { server side processing code, setcookie("userName", $user_name[$key], *me()+3600); which indicates setting of a print "Login correct!<br>"; print "Name :".$user_name[$key]."<br>"; cookie variable.
variable print "Account balance:".$user_account_balance [$key]."<br>"; }else …print "Login failure!”; }else setcookie("loginName", "Kit",…)
{ … print "No such user!"; } Code in a.php indicates create a cookie
print "<br><a href='login.php'>Back to login page</a>"; variable in the client machine.
?>
29 Cookies stored in the client machine 3. The cookie’s variable
and value is generated and
send to the client. POST /~c0322/processLogin.php HTTP/1.1 5. Client requests for 1. Client requests for a
processLogin.php Host : i.cs.hku.hk login.php
web
page (say, a.php).
.... HTTP/1.1 200 OK …. Set-Cookie: userName=Harry; Expires=Fri, 4 Jan 2019 12:45:15 GMT …. Step 1. The server sends the cookie to the client.
Login correct!<br> Name: Harry<br> Account balance: 3000<br> <br><a href='login.php'>Back to login page</a> Client-server
interaction
(retrieving
login.php
again)
Step 1. The server sends the cookie to the client.
10. Server runs login.php … 4. Client (browser)
stores and maintain
the cookie variable. 2. The web page contains
server side processing co
which indicates setting of
cookie variable.
variable
… 12. Client browser display of login.php 3. The cookie’s variable
11. HTTP response sent and value is generated and
to client
send to the client. 1. Client requests for a
web page (say, a.php). Cookies stored in the client machine Value Kit Key loginName Kit Value loginName …
setcookie("loginName", "
…
Key … Code in a.php indicates create a c
variable in the client machin 4. Client (browser)
stores and maintain
the cookie variable. … 3. The cookie’s variable
and value is generated and
send to the client.
9. Client requests for a 1.
login.php again
web
page (say, a.php). <!DOCTYPE html> <html> <head>
<etle>Login page</etle> </head> 2. The web page contains
<body> <?
server side processing code,
if (!isset($_COOKIE["userName"]) ){ which indicates setting of a
print '<form aceon="processLogin.php" method="post">';
cookie variable.
variable
print 'Login name <input type="text" name="loginName" >';
print 'Password <input type="password" … name="loginPassword">'; print '<input type="submit">';
setcookie("loginName", "Kit",…)
print '</form>'; }else{
…
print "Hello! Welcome ".$_COOKIE["userName"]; Code in a.php indicates create a cookie
print "<br>"; variable in the client machine.
print “<a href=“logout.php”>Logout</a>"; } 29
?> </body> </html>
Cookies stored in the client machine GET /~c0322/login.php HTTP/1.1 Host : i.cs.hku.hk Cookie: userName=Harry .... HTTP/1.1 200 OK …. <!DOCTYPE html> … Hello! Welcome Harry<br> <a href=“logout.php”>Logout</a> Step 1. The server sends the cookie to the client. Client-server
interaction
(retrieving
logout.php)
Step 1. The server sends the cookie to the client. Value Key 4. Client (browser)
stores and maintain
the cookie variable. 2. The web page contains
server side processing co
which indicates setting of
cookie variable.
variable 3. The cookie’s variable
and value is generated and
15. HTTP response sent to client
send to the client. 1. Client requests for a
web page (say, a.php). logout.php Kit …
setcookie("loginName", "
… Cookies stored in the client machine loginName Code in a.php indicates create a c
variable in the client machin Value loginName
Kit
16. Client browser display of logout.php
…
… … 2. The web page contains
server14. Server runs logout.php
side processing code,
which indicates setting of a
cookie
variable.
variable
<? 4. Client (browser)
stores and maintain
the cookie variable.
Key … 3. The cookie’s variable
and value is generated and
send to the client.
13.
1. Client requests for a logout.php
web
page (say, a.php). Cookies stored in the client machine GET /~c0322/logout.php HTTP/1.1 Host : i.cs.hku.hk Cookie: userName=Harry .... setcookie("userName", "", *me()-3600); … print "<p>You have logged out.</p>"; setcookie("loginName",
"Kit",…) print "<a href='login.php'>Back to login … page</a>"; ?>
Code in a.php indicates create a cookie
variable in the client machine. HTTP/1.1 200 OK …. Set-Cookie: userName=; Expires=Fri, 4 Jan 2019 10:45:15 GMT …. Step 1. The server sends the cookie to the client.
<p>You have logged out.</p> <a href='login.php'>Back to login page</a> 29 Sessions
Sessions
Sessions
Sessions
Sessions
Sessions
Sessions
Sessions
Sessions
Session
variables are just like server side cookie How session
works
Session
variables
are
just
like
server
side
cookie
Session
variables
are
just
like
server
side
cookie
Session
variables
areare
justmaintained
likeserver
serverside
side
cookie
variable.
The
variables
oncookie
the
server
Session
variables
are
just
like
Session
variables
are
just
like
server
side
cookie
variable.
The
variables
are
maintained
on
the
server
variable.
The
variables
are
maintained
on
the
server
variable.
The
variables
are
maintained
on
the
server
Session
variables
are just
like
server
side
cookie
side.
Session
variables
areare
just
like
server
side
cookie
variable.
The
variables
maintained
on
the
server
1.
A visits
a on
session
1 Client
Cli The
ivariables
i processLogin.php
L are
i maintained
h and
d login,
l i login.php,
i a session
variable.
the
server
through
is started for
side.
side.
side.
variable.
TheAvariables
the
server
variable.
The
are are
maintained
the
1.
visits
session
1 Client
Clivariables
i i processLogin.php
L i maintained
h and
d login,
l ionaon
i server side. “balance”
isprocessLogin.php
registered
client
the
the client,
and variable
1.
A visits
login,
1 Client
Cli
ivisits
L Li i for
h hand
dand
l dAlogin,
iserver.
1.
Client
Aivisits
a session
1Client
Cli
i iprocessLogin.php
lii on
iaa session
i
side.
1.
A
processLogin.php
and
login,
session
1
Cli
i
i
L
i
h
d
l
i
is registered
registered
on
the
server.
1.
Client
A visits
processLogin.php
and
athe
session
1 “balance”
Cli “balance”
i iis
L for
i for
hclient
dAlogin,
lAon
i on
i
variable
“balance”
client
the
server.
variable
is
registered
for
client
A
server.
side. variable
variable
“balance”
isprocessLogin.php
registered
for hclient
Alogin,
oni the
server.
1.
Client
A
visits
and
a
session
1
Cli
i
i
L
i
d
l
i
variable
“balance”
is
registered
for
client
A
on
the
1.
A visits
1 Client
Cli
i i processLogin.php
L i h and
d login,
l i a session
i server.
K
V l
Value
“balance”
is registered
for client
A Key
on
server.
variablevariable
“balance”
is registered
for client
A on
thethe
server.
client A
KKey
VValue
K Key
Key
V lValue
Value
K
V ll
client
A
K
Key
V
Value
l
client
A
balance
1000
clientAA
K
Key
V l
Value
client
client A
balance
1000
balance
1000
balance
1000
K
Key
V
Value
lA
balance
1000
Session
variables
for
client
balance
1000
client A
K
Key
V l A
Value
Session
variables
for
client
client A
Session
variables
for
client
Session
variables
for
client
A
balance
1000
Session
variables
for client
A AA
Session
variables
for
client
Key
Value
processLogin.php
balance
1000
Key
Value
processLogin.php
Key
ValueA
Key
Value
Session
variables
for
client
processLogin.php
KeyKey
Value
processLogin.php
processLogin.php
Value
processLogin.php
balance
2000
Session
variables for2000
client A
balance
server
balance
2000
Key
Value
processLogin.php
balance
2000
balance
2000
balance
2000
server
server
SessionKey
variables forValue
client B
server
server
server
processLogin.php
Session
variables
for
client
client
B B
balance
2000
Session
variables
forclient
client
Session
variables
for for
client
BB BBB
Session
variables
Session
variables
for
client
client
client
server
client
BB B
client
B client
balance
2000
Session
variables for
client B
2.
Client
B
visits
processLogin.php
and
login,
a
session
server
client B
2.2.Client
B Bvisits
and
login,
aa session
2.Client
Client
Bvisits
visits
processLogin.php
and
login,
aa session
processLogin.php
and
login,
session
2. Cli...
View
Full Document
- Fall '13
- Dr. C. Wu
- Computer Science, World Wide Web, Web browser, HTTP cookie, Client-server, Hypertext Transfer Protocol
