last revised 7 November 2008
| CSC 325 | Grinnell College | Fall, 2008 |
| Databases and Web Application Design | ||
.
This laboratory session provides practice with cookies and with session variables within PHP.
For this lab, you may want to refer to these references:
Cookies are small pieces of data that a server sends to a browser for storage. When a browser contacts a server, it sends along any cookies for that server under the variable $_COOKIES. Similarly, a server can set one or more cookies on the browser for retrieval at a later time.
The first part of program session-cookies.php illustrates the typical use of cookies, with these lines:
$today = date('l, F j, Y');
$timestamp = date('g:i A');
if (strcmp($_COOKIE[LAST_VISIT], "") == 0) {
$lasttime = "";
} else {
$lasttime = $_COOKIE[LAST_VISIT];
}
$LAST_VISIT = $today . " at " . $timestamp;
// set last_visit cookie with date/time, with expiration for 2 full weeks
setcookie ("LAST_VISIT", $LAST_VISIT, time() + 3600*24*14);
if ($_COOKIE[VISIT_NUMBER] == 0) {
$visitcount = 0;
} else {
$visitcount = $_COOKIE[VISIT_NUMBER];
}
// set visit_number cookie with count, with expiration for 2 full weeks
setcookie ("VISIT_NUMBER",1 + $visitcount, time() + 3600*24*14);
Here are a few additional notes:
Copy programs session-cookies.php, session-cookies-2.php, session-cookies-3.php to your account from my subdirectory ~walker/public_html/courses/325.fa08/labs/.
Check if your browser is usually set to accept cookies.
If your browser does not usually accept cookies, change the setting for what follows. You can change the settings back at the end of this lab.
Read the "History Information" section of the session-cookies.php page (near the top of
the page).
Click reload a few times, and describe what, if anything changes.
The Web page session-cookies.php tries to save a cookie to keep track of whether or not you have visited this page previously.
Go to your browser, as described in Step 2, to locate the cookie for this Web page. (If your browser does not let you view the cookie directly, ask an instructor, lab assistant, or friend to help you locate the file of cookies for your computer or computer account.) Describe what information is set by session-cookies.php.
Use your browser to delete the cookie associated with session-cookie.php, and access that page again. Describe what appears now in the "History Information" section of that page.
Examine what, if any, other cookies your browser has stored recently. Consider the work you have done with the Web over the past week, and give a rough estimate of the fraction of your Web-based work that has yielded cookies on your computer.
Now, look at the session-cookies.php program in more detail, and make these adjustments:
In program session-cookies.php, move the code segment for cookies from the beginning of the program to somewhere after the DOCTYPE line. Run the program in your browser, and describe what happens.
Restore the original session-cookies.php program. Then modify the program so that it sets a cookie for the first date the browser loads the page as well as the most recent access date.
Note that once cookies are enabled, a script can leave an identifying tag on your browser. When the browser comes back to the program later on, the server can retrieve this identifying information. If a database is used to track user preferences and activities, then the identifying information from the cookie could provide an entry to the database, so the server will know what you have done in the past.
Effectively, session variables are cookies that remain active only while the browser is actively interacting with the server. When time elapses, or when you close your browser, the session variables disappear. (If cookies are not allowed by a user, then information for sessions may be placed in a query string at the end of a URL.)
The following lines from session-cookies-2.php illustrate typically processing of session variables.
// check if person has logged in previously
session_start();
$processingOK = "not yet";
$firstLogin = "no";
if (isset ($_SESSION['authorized'])) {
// user already logged in
$processingOK = $_SESSION['authorized'];
} else {
// user not logged in, so check password
$password = trim($_POST['password']);
if ($password == 'Test') {
// correct password given
$processingOK = 'ok';
$_SESSION['authorized'] = 'ok';
$firstLogin="yes";
} else {
// invalid password
}
}
Here are some notes regarding session variables:
From session-cookies.php, use the Try this link, and check what happens.
Next try supplying a password (anything except the correct password Test) in the box for session-cookies.php, and check what happens.
Reload session-cookies.php and check your visit count and time. Do the new programs session-cookies-2.php and session-cookies-3.php change the cookies, even if a correct password is not given?
Look again in the listing of cookies for your browser. What variable(s) seem to be set for session variables?
Before going to the next steps, erase the session variable(s) in your browser.
Log in correctly using the Test password, and then again try the "Try this link" option. Can you use session-cookies-3.php now?
Review the code for session-cookies.php, session-cookies-2.php, and session-cookies-3.php, and explain how this code uses session variables to keep track whether or not a user has supplied the correct password sometime in the recent past.
This document is available on the World Wide Web as
http://www.cs.grinnell.edu/~walker/courses/325.fa08/lab-php-sessions.shtml
|
created 3 November 2008 last revised 7 November 2008 |
|
| For more information, please contact Henry M. Walker at walker@cs.grinnell.edu. |