1 / 17

Understanding Cookies and Sessions in HTTP: A Guide to User Authentication

This chapter explores the concepts of cookies and sessions in HTTP, which is a stateless protocol. Cookies enable the storage of user data in the browser, while sessions allow data to be stored on the server, enhancing security. Through practical examples, we illustrate how to implement login functionality, including the creation of login forms, user validation, setting cookies, and managing user sessions effectively. Key scripts demonstrate the entire login process, from authentication to successful login and logout procedures.

nydia
Download Presentation

Understanding Cookies and Sessions in HTTP: A Guide to User Authentication

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 12 Cookies and Sessions Part 1

  2. Stateless Protocol • Hypertext Transfer Protocol (HTTP) is stateless • No shopping cards • No logging

  3. Cookies & Session • Cookies • Store data in the user’s browser • Session • Store data on the server • More secure

  4. Example • includes/login_page.inc.php • Displays errors • Display form and calls login.php on submit • Script 12.1 on page 369 • Purpose: Login form

  5. Example • includes/login_functions.inc.php • function redirect_user($page=‘index.php’) • function check_login($dbc, $email, $pass) • Script 12.2 on pages 372-3 • Purpose: Validation of login

  6. Example • login.php • If form is submitted • require ('includes/login_functions.inc.php'); • check_login($dbc, $email, $pass) • Set cookies • Redirect to loggedin.php • include login_page.inc.php • Script 12.3 on pages 378 • Purpose: User interface – Central manager

  7. Example • loggedin.php • If (cookies are not set) • Redirect to login.php • Welcome page • Link to logout • Script 12.4 on page 381 • Purpose: Page when logged in

  8. Example • logout.php • If (cookies are not set) • Redirect to index.php • Delete cookies • Script 12.6 on page 385 • Purpose: Page when logged out

  9. login.php • Script 12.3 on pages 378 • http://cscdb.nku.edu/csc301/frank/ch12/login.php • ch12\script_12_03\login.php

  10. login.php list ($check, $data) = check_login($dbc, $_POST['email'], $_POST['pass']); if ($check) { // OK! // Set the cookies: setcookie ('user_id', $data['user_id']); setcookie ('first_name', $data['first_name']); // Redirect: redirect_user('loggedin.php');

  11. function check_login • Script 12.2 on pages 372-3 • ch12\login_functions.inc.php

  12. function check_login $q = "SELECT user_id, first_name FROM users WHERE email='$e' AND pass=SHA1('$p')"; $r = @mysqli_query ($dbc, $q); // Run the query. // Check the result: if (mysqli_num_rows($r) == 1) { // Fetch the record: $row = mysqli_fetch_array ($r, MYSQLI_ASSOC); // Return true and the record: return array(true, $row);

  13. function check_login return array(false, $errors);

  14. function redirect_user • Script 12.2 on pages 372-3 • ch12\login_functions.inc.php

  15. login_page.inc.php • Script 12.1 on page 369 • ch12\login_page.inc.php

  16. loggedin.php • Script 12.4 on page 381 • ch12\script_12_04\loggedin.inc.php echo "<h1>Logged In!</h1> <p>You are now logged in, {$_COOKIE['first_name']}!</p> <p><a href=\"logout.php\">Logout</a></p>";

  17. logout.php • Script 12.6 on page 385 • ch12\script_12_06\logout.php // Delete the cookies: setcookie('user_id', '', time()-3600, '/', '', 0, 0); setcookie('first_name', '', time()-3600, '/', '', 0, 0);

More Related