Date post: | 05-Dec-2014 |
Category: |
Technology |
Upload: | prodigyview |
View: | 2,067 times |
Download: | 3 times |
Reading, Writing and Securing Session and
Cookies
Overview
Objective
Learn how to read and write data to cookies and session and also how to secure your cookies and sessions.
Requirements
Understanding of Cookies and Sessions in PHP
Estimated Time
10 Minutes
Follow Along With Code Example
1. Download a copy of the example code at www.prodigyview.com/source.
2.Install the system in an environment you feel comfortable testing in.
3.Proceed to examples/system/Sessions.php
Disable Session in Bootstrap
Normally in ProdigyView when the bootstrap is called, the session configuration is created and set based upon the values in the xml configuration file. But for the purposes of this tutorial we are going to manually set the variables.
Lets start by creating a custom bootstrap that disables the initialization of the sessions.
Session Init
Before we initialize the session, we should set what options we want. In this example we are only setting the lifetime of the cookie and the session. By default, the PVSession::init() method will call session_start() function for us. Keep in mind there are many more options that can passed to the init.
www.prodigyview.com
Setting Up Test Variables
Perfect, now we have an active session ready to set data in. First create some sample data to insert and retrieve from cookies and session.
www.prodigyview.com
Basic CookieWith our data we are now going to write and read a basic cookie. This can be simply done with the methods writeCookie, readCookie and deleteCookie.
1. Set the key/name of the cookie
4. Delete the cookie associated with the key/name
3. Read the cookie data basef on the key/name
2. Set the cookie data based on the key/name
Arrays and Cookies
Normally in PHP you cannot set arrays or objects in Cookies and Sessions. Well in ProdigyView this can be done. Just write and read the cookie like you normally would.
1. Set the key/name of the cookie 2. Set the array or object associated to be associated with the key/name
Retrieve the cookie by entering the name/keyDelete the cookie
www.prodigyview.com
Secure CookieSometimes a requirement maybe(and still strongly not advised) to store sensitive information in a cookie. ProdigyView allows a cookie to be encrypted. In the options passed into cookie, set the hash cookie to true.
1. The the options for hashing a cookie 2. Pass the options in when writing and reading the cookie
3. The options should also be passed when deleting a cookie
Writing a SessionWriting a session is very similar to writing a cookie. The methods are writeSession, readSession, and deleteSession.
1. Set the key/name of the session 2. Set the data to be associated with that key/name
3. Retrieve the data associated with the key/name
4. Delete the data from the session
www.prodigyview.com
Store Array in SessionsLike cookies, objects and arrays can be stored in a session.
1. Set the key/name of the session 2. Set the object or array to be associated with that key/name
3. Retrieve the array or object4. Delete the array or object from the session
www.prodigyview.com
Secure SessionNow if you want, you can encrypt data stored in a session. Whether or not this is necessary is controversial because the session is stored on the server and not accessible to the client.
1. The the options for hashing a session 2. Pass the options in when writing and reading the session
3. The options should also be passed when deleting a session
Challenge!This is a challenge designed to better help you understand sessions and cookies in Prodigyview and PHP.
1. Create an object that contains public, private and protected variables. 1 of each is fine.
2. Set those variables with values. Make sure you can retrieve those values.
3. Write the object to a session or cookie normally and write the object to a session or cookie that is encrypted.
4. Read back the object and access the variables. Record the results.
Review1. Use PVSession::writeCookie() to write a
cookie
2. Use PVSession::readCookie() to read a cookie
3. Use PVSession::deleteCookie() to remove a cookie
4. Use PVSession::writeSession() to write a session
5. Use PVSession::readSession() to read a session
6. Use PVSession::deleteSession() to remove a session www.prodigyview.com
API ReferenceFor a better understanding of the sessions, visit the api by clicking on the link below.
PVSession
www.prodigyview.com
More Tutorials
For more tutorials, please visit:
http://www.prodigyview.com/tutorials