ufceus 20 2 web programming
Skip this Video
Download Presentation
UFCEUS-20-2 : Web Programming

Loading in 2 Seconds...

play fullscreen
1 / 17

UFCEUS-20-2 : Web Programming - PowerPoint PPT Presentation

  • Uploaded on

UFCEUS-20-2 : Web Programming. Lecture 4 PHP (3) : Maintaining State – Cookies & Sessions. l ast lecture …. Inbuilt functions Common inbuilt function examples User defined functions - declaration - return statement - values & references - scope (local & global) - arguments

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' UFCEUS-20-2 : Web Programming' - zena

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
ufceus 20 2 web programming

UFCEUS-20-2 : Web Programming

Lecture 4PHP (3) : Maintaining State – Cookies & Sessions

l ast lecture
last lecture …
  • Inbuilt functions
  • Common inbuilt function examples
  • User defined functions

- declaration

- return statement

- values & references

- scope (local & global)

- arguments

- default values

  • Environment Variables & Superglobals
  • $_GET & $_POST

Stateful v. Stateless

  • "State" is a central concern of all sorts of distributed applications, but especially of Web applications. When applied to a protocol, "state" treats each series of interactions as having continuity, much like a single program\'s state. A "stateless" protocol is one in which there is no such continuity; each request must be processed entirely on its own merits.
  • HTTP and its derivatives are intrinsically "stateless".
  • The request/response cycle of a HTTP interaction does not maintain "memory" of any previous interactions.

Stateful v. Stateless (2)

Stateful Interaction:

Request 1: “What is Alice’s account number?”

Response 1: 145678093

Request 2: “What is her current balance?”

Response 2: £345.65

Stateless Interaction:

Request 1: “What is Alice’s account number?”

Response 1: 145678093

Request 2: “What is Alice’s current balance?”

Response 2: £345.65


Is PHP stateless? (well … yes)

  • On a webserver, PHP scripts have no shared state, so each instance of a PHP script runs in its own logical memory space.
  • The scripts maintain no persisted state, so each script start off fresh as a daisy, with no data to indicate what happened the previous times it was executed.
  • Variables are destroyed as soon as the page script finishes executing.
  • The script can access the ‘referrer’, the address of the previous page, although this can’t really be trusted.

Is PHP stateless? (well … not necessarily)

The usual way to maintain state in PHP scripts is via the use of sessions.

To understand how these work, we need to have a look at what cookies are and how they work …


Client/Server interaction with Cookies

A cookie is a small file that the server embeds on the user\'s browsers file system. Each time the same browser requests a page, it will send the cookie too. With PHP, you can both create and retrieve cookie values.


Setting / Retrieving / Deleting a Cookie with PHP

Setting a cookie : use the setcookie() function

setcookie(name, value, expire, path, domain);

Retrieve a cookie : use the $_COOKIE superglobal

// Print a cookie echo $_COOKIE["name"]; // A way to view all cookies print_r($_COOKIE);

Delete a cookie : set the time to a past instance

// set the expiration date to one hour ago setcookie("name", "", time()-3600);


Setting & Retrieving a Cookie with PHP


if (!isset($_COOKIE[\'visits\'])) $_COOKIE[\'visits\'] = 0;

$visits = $_COOKIE[\'visits\'] + 1;

setcookie(\'visits\', $visits, time()+3600*24*365);


<!DOCTYPE html>



<title>PHP Cookie Example 1</title>




if ($visits > 1) {

echo("This is visit number $visits.");


else { #First visit

echo(\'Welcome to my Website! This is your first visit!\');





read cookie value to variable, add 1

set cookie to now + 1 year

run script

** Note : the cookie must be sent before any other headers.

Keep refreshing the page to see the cookie at work.


setcookie() keys & values

setcookie(name [,value [,expire [,path [,domain,secure]]]]])

name = cookie name

value = data to store (string)

expire = UNIX timestamp when the cookie expires. Default is that cookie expires when browser is closed.

path = Path on the server within and below which the cookie is available on.

domain = Domain at which the cookie is available for.

secure = If cookie should be sent over HTTPS connection only. Default false.


Cookie limits & notes

  • Each cookie on the user’s computer is connected to a particular domain.
  • Each cookie can store up to 4kB of data.
  • A maximum of 20 cookies can be stored on a user’s PC per domain
  • Only strings can be stored in Cookie files.
  • To store an array in a cookie, convert it to a string by using the serialize()PHP function.
  • The array can be reconstructed using the unserialize() function once it had been read back in.
  • Cookies are stored client-side, so never can’t be trusted completely: They can be easily viewed, modified or created by a 3rd party.
  • They can be turned on and off at will by the user.

PHP Sessions

  • Since HTTP is a stateless protocol – a PHP session can be used to store user information on the server for later use (i.e. username, shopping items, etc).
  • Session information is temporary and will be deleted after the user has left the website. Session data can be made persistent by storing the data in a database.
  • Sessions work by creating a unique id (UID) for each visitor and store variables based on this UID. The UID is either stored in a cookie or is propagated in the URL (if cookies are turned off for instance).

Starting / Resuming a Session


PHP does all the work: It looks for a valid session id in the $_COOKIEor $_GETsuperglobals – if found it initializes the data. If none found, a new session id is created. Note that like setcookie(), this function must be called before any echoed output to browser.

Example session id:



Storing / Retrieving / Deleting Session data

The $_SESSIONsuperglobal array can be used to store any session data.


$_SESSION[‘name’] = $name;

$_SESSION[‘age’] = $age;

To retrieve session values, data is simply read back from the $_SESSIONsuperglobal array.


$name = $_SESSION[‘name’];

$age = $_SESSION[‘age’];

To delete session data – simply unset()a particular session variable



To destroy a session – use the session_destory() function

e.g. session_destory();


Setting & Retrieving a Session value with PHP

must be the first line in script

<?phpsession_start();if(isset($_SESSION[\'visits\'])) { $_SESSION[\'visits\']=$_SESSION[\'visits\']+1;}

else { $_SESSION[\'visits\']=1;}

echo "This is visit number ". $_SESSION[\'visits\'];


** Note : Keep refreshing the page to see the session counter at work.

run script