Ufceus 20 2 web programming
1 / 17

UFCEUS-20-2 : Web Programming - PowerPoint PPT Presentation

  • Uploaded on

UFCEUS-20-2 : Web Programming. Lecture 4 PHP (3) : Maintaining State – Cookies & Sessions. l ast lecture …. Inbuilt functions Common inbuilt function examples User defined functions - declaration - return statement - values & references - scope (local & global) - arguments

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' UFCEUS-20-2 : Web Programming' - zena

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Ufceus 20 2 web programming

UFCEUS-20-2 : Web Programming

Lecture 4PHP (3) : Maintaining State – Cookies & Sessions

L ast lecture
last lecture …

  • Inbuilt functions

  • Common inbuilt function examples

  • User defined functions

    - declaration

    - return statement

    - values & references

    - scope (local & global)

    - arguments

    - default values

  • Environment Variables & Superglobals

  • $_GET & $_POST

Stateful v. Stateless

  • "State" is a central concern of all sorts of distributed applications, but especially of Web applications. When applied to a protocol, "state" treats each series of interactions as having continuity, much like a single program's state. A "stateless" protocol is one in which there is no such continuity; each request must be processed entirely on its own merits.

  • HTTP and its derivatives are intrinsically "stateless".

  • The request/response cycle of a HTTP interaction does not maintain "memory" of any previous interactions.

Stateful v. Stateless (2)

Stateful Interaction:

Request 1: “What is Alice’s account number?”

Response 1: 145678093

Request 2: “What is her current balance?”

Response 2: £345.65

Stateless Interaction:

Request 1: “What is Alice’s account number?”

Response 1: 145678093

Request 2: “What is Alice’s current balance?”

Response 2: £345.65

Is PHP stateless? (well … yes)

  • On a webserver, PHP scripts have no shared state, so each instance of a PHP script runs in its own logical memory space.

  • The scripts maintain no persisted state, so each script start off fresh as a daisy, with no data to indicate what happened the previous times it was executed.

  • Variables are destroyed as soon as the page script finishes executing.

  • The script can access the ‘referrer’, the address of the previous page, although this can’t really be trusted.


Is PHP stateless? (well … not necessarily)

The usual way to maintain state in PHP scripts is via the use of sessions.

To understand how these work, we need to have a look at what cookies are and how they work …

Client/Server interaction with Cookies

A cookie is a small file that the server embeds on the user's browsers file system. Each time the same browser requests a page, it will send the cookie too. With PHP, you can both create and retrieve cookie values.

Setting / Retrieving / Deleting a Cookie with PHP

Setting a cookie : use the setcookie() function

setcookie(name, value, expire, path, domain);

Retrieve a cookie : use the $_COOKIE superglobal

// Print a cookie echo $_COOKIE["name"]; // A way to view all cookies print_r($_COOKIE);

Delete a cookie : set the time to a past instance

// set the expiration date to one hour ago setcookie("name", "", time()-3600);

Setting & Retrieving a Cookie with PHP


if (!isset($_COOKIE['visits'])) $_COOKIE['visits'] = 0;

$visits = $_COOKIE['visits'] + 1;

setcookie('visits', $visits, time()+3600*24*365);


<!DOCTYPE html>



<title>PHP Cookie Example 1</title>




if ($visits > 1) {

echo("This is visit number $visits.");


else { #First visit

echo('Welcome to my Website! This is your first visit!');





read cookie value to variable, add 1

set cookie to now + 1 year

run script

** Note : the cookie must be sent before any other headers.

Keep refreshing the page to see the cookie at work.

setcookie() keys & values

setcookie(name [,value [,expire [,path [,domain,secure]]]]])

name = cookie name

value = data to store (string)

expire = UNIX timestamp when the cookie expires. Default is that cookie expires when browser is closed.

path = Path on the server within and below which the cookie is available on.

domain = Domain at which the cookie is available for.

secure = If cookie should be sent over HTTPS connection only. Default false.

Cookie limits & notes

  • Each cookie on the user’s computer is connected to a particular domain.

  • Each cookie can store up to 4kB of data.

  • A maximum of 20 cookies can be stored on a user’s PC per domain

  • Only strings can be stored in Cookie files.

  • To store an array in a cookie, convert it to a string by using the serialize()PHP function.

  • The array can be reconstructed using the unserialize() function once it had been read back in.

  • Cookies are stored client-side, so never can’t be trusted completely: They can be easily viewed, modified or created by a 3rd party.

  • They can be turned on and off at will by the user.

PHP Sessions

  • Since HTTP is a stateless protocol – a PHP session can be used to store user information on the server for later use (i.e. username, shopping items, etc).

  • Session information is temporary and will be deleted after the user has left the website. Session data can be made persistent by storing the data in a database.

  • Sessions work by creating a unique id (UID) for each visitor and store variables based on this UID. The UID is either stored in a cookie or is propagated in the URL (if cookies are turned off for instance).

Starting / Resuming a Session


PHP does all the work: It looks for a valid session id in the $_COOKIEor $_GETsuperglobals – if found it initializes the data. If none found, a new session id is created. Note that like setcookie(), this function must be called before any echoed output to browser.

Example session id:


Storing / Retrieving / Deleting Session data

The $_SESSIONsuperglobal array can be used to store any session data.


$_SESSION[‘name’] = $name;

$_SESSION[‘age’] = $age;

To retrieve session values, data is simply read back from the $_SESSIONsuperglobal array.


$name = $_SESSION[‘name’];

$age = $_SESSION[‘age’];

To delete session data – simply unset()a particular session variable



To destroy a session – use the session_destory() function

e.g. session_destory();

Setting & Retrieving a Session value with PHP

must be the first line in script

<?phpsession_start();if(isset($_SESSION['visits'])) { $_SESSION['visits']=$_SESSION['visits']+1;}

else { $_SESSION['visits']=1;}

echo "This is visit number ". $_SESSION['visits'];


** Note : Keep refreshing the page to see the session counter at work.

run script

Typical process flow to save/restore session data in a DB