Cookies and Sessions
•Before starting control structures in php, am going to illustrate two important concepts in web applications area, Cookies and Sessions.
•What is a Cookie?
•a cookie is a file embedded from the server to the user’s computer. Its purpose is identifying a user.
•When you deal with web applications, actually you don’t know who the user that uses your application is. Unlike traditional or real-life applications, For example, if you work in a bank, and a user asks you to exchange him money from his bank account, you have some remarks that identify this person, such as: his name, identification number, his picture, his signature, and more details that distinguish him from others.
•If we want to apply this job online, we don’t know the user who deals with the application. So we make some procedures that help us distinguish one user from another. First thing is asking the user for a username, and password. Second thing is checking for compatibility with registered data in our database. Thirdly, if it is compatible then we’ll create a cookie that distinguishes the user from a guest. In some cases the user has privileges more than a guest. User could access data, where guest is not allowed.
•Otherwise the cookie will not be created, for one of two reasons, first one is the cookie file has already been set in the past, and its expiration date is not reached, or given username and password from the user are not compatible.
•How to create a cookie?
•To create a cookie in php we use a built-in function called setcookie that has three parameters. First parameter is cookie name, second one is cookie value, and last one is expiration time setcookie(“name”,value,expiration).
$expiration = time() + 60 *60 * 1;
// this cookie will expire after an hour.
$value = “anas”;
setcookie(“$name”, “$value”, $expiration);
/* this will set a cookie called user,
its value anas, and will expire after an hour from executing this script */
•function time() returns value of current time as a Unix timestamp.
•$expiration value is the time when the cookie will be expired, in our example we need the cookie to expire after an hour from the execution, time() + 60*60*1
•we use this format because function time deals with seconds, which means 60 seconds multiplied by 60 minutes gives an hour, we multiplied it with 1 to determine one hour. we could multiply it with any number of hours.
•$value is the value of the cookie we want to set.
•$name is the name of the cookie we want to set.
•How to retrieve a cookie?
•We might retrieve a cookie using an array called $_COOKIE, we’ll discuss arrays in more details in chapter 4.
•But, now we’ll use it by only telling you that this is an array, and how to use it in your script.
•To retrieve a cookie that has already been set do as followed:
echo $_COOKIE[“user”]; // will print cookie user value
•We use $_COOKIE[“user”] to get value of a cookie called user, in our example we used $_COOKIE to print its value in the web page using echo.
•How to delete a cookie?
•In some cases we might want to delete a cookie before the expiration time has been reached. For example the user clicked on log out link in your page. When a user asks you to log him out from the page, it means that the user wants to delete information he entered, in another words he wants to delete the cookie file, but in fact, user doesn’t know what is a cookie, or in the best case he has minimum knowledge about cookies. So it is your responsible as a programmer to delete these cookies you had set before, and prevent your user information from being accessed by unauthorized users.
•To delete a cookie we use the same method to set a cookie, which means that we’ll use setcookie function again, but with expiration date in the past, for example $expiration = time() – 60*60; which means any time in the past.
•setcookie(“$name”, ”$value”, $expiration);
What is a session?
•Php session is a variable used to store information about single user.
•Sessions are available to all pages in one application.
•Sessions are stored on the server for later use, unlike cookies that are stored on user computer.
•Session information is temporarily and will be deleted after the user has left the website.
How do sessions work?
•Sessions work by creating a unique id (UID) for each visitor, and store variables based on this UID. The UID is either stored in a cookie or is propagated with the URL.
•How to start a session?
•To start a session simply call function session_start(); which will start your session.
•This function call must be before the <html> tag.
How to store a session variable?
•As we said before sessions have many advantages such as, it is being stored on the server, deleted after user navigates from your site, has UID, and more.
•One of the applications that you might use session in it, is getting online users and guests.
•To store a session we use built-in array called $_SESSION;
•Below an example for starting a session called views, which tells the visitor of your application, how many pages he had visited, we’ll now only put the structures for this application, and it will be improved and developed after taking a deep look at control structures.
// Page views
// programmer Anas Jaghoub
// created at 11/oct/2009
$_SESSION[‘views’] = 1;
// this starts a session called views
// and stored temporarily at server.
<h1>You have visited <?php echo $_SESSION[‘views’]; ?> pages at this visit to my site</h1>
How to destroy a session?
In order to destroy a session in php you could use one of these two built-in functions, unset(session name) or session_destroy();
•Each function has advantages and times to use, depending on its properties, for example unset($_SESSION[‘views’]); this function call will reset $_SESSION[‘views’] and return it to the beginning status which is 1.
•Where calling session_destroy(); will completely delete your session and you will loose all your stored data.
PS, To download this lesson as PDF file click here Lesson 2: Introduction to PHP – Part I