Date post: | 18-Jan-2015 |
Category: |
Education |
Upload: | pradip-kharbuja |
View: | 779 times |
Download: | 0 times |
Topic 3 : Cookies & SessionsEr. Pradip Kharbuja
Statelessness• The problem with HTTP as a delivery platform is that it
is stateless.
The only data you have in the form is the data you take with you.
• This problem is solved by using
1. get
2. post
3. cookies
4. session
Statelessness [Contd.]• HTTP permits the sending of data to web pages.
• Two methods for this are provided:
1. GET
2. POST
• When it is time to send information (for example, from form elements), it is encoded by the client and then sent in one of these two ways.
Space gets replaced with a special code (%20) or +
GET• Using the GET method, the information that is encoded
gets sent as an extension to the URL.
-It will appear as something like:
-http://<url>/result.php?num=6&faces=7
• This information is available to PHP via the $_GET variable.
• We can make use of the GET protocol by changing the action in our form to GET.
Example Using GET - PHP<form action = "dice_roll_get.php" method = "get">
<p>How many dice</p>
<input type = "text" name = "num">
<p>How many faces?</p>
<input type = "text" name = "faces">
<input type = "submit" value = "Roll">
<input type = "reset" value = "Clear values">
</form>
• Develop the php page to get the number and faces & display them.
Overview of GET• It is very easy to use.
• It is extremely easy to create simple web services and APIs using GET method.
Example : Facebook, Twitter, etc.
• Parameters remain in browser history because they are part of the URL.
• Can be bookmarked.
• You can manipulate it through URLs entirely.
This is something the Post protocol does not do as easily.
Restictions of GET Method• There are restrictions on how much information can be
sent using GET.
-And on the type of information.
-It cannot send binary data, only alphanumeric characters.
• It can send a maximum of 1024 characters.
• It should never be used to send sensitive data, such as passwords.
-They get shown into the URL.
The POST Protocol• The POST protocol is most useful on a day-to-day basis.
• POST has no limitations on size of data.
• It has no limitations on data types.
You can use it to send binary data too.
• It works by placing the encoded data in a standard HTTP header.
So the data does not appear in the URL.
GET vs POSTGET POST
History
Parameters remain in
browser history because
they are part of the URL
Parameters are not
saved in browser history.
Bookmark Can be bookmarked. Can not be bookmarked.
BACK button / re-submit
behaviour:
GET requests are re-
executed but may not be
re-submitted to server
The browser usually
alerts the user that data
will need to be re-
submitted.
Parameters
can send but the
parameter data is
limited Safest to use less
than 2K of parameters,
Can send parameters,
including uploading files,
to the server.
Hack Easier to hack More difficult to hack
GET vs POST [Contd.]GET POST
Restrictions on form
data type:
Yes, only ASCII characters
allowed.
No restrictions. Binary
data is also allowed.
Security:
GET is less secure
compared to POST because
data sent is part of the
URL. So it's saved in
browser history and server
logs in plaintext.
POST is a little safer
than GET because the
parameters are not
stored in browser history
or in web server logs.
Restrictions on form
data length:
Yes, since form data is in
the URL and URL length is
restricted. A safe URL
length limit is often 2048
characters but varies by
browser and web server.
No restrictions
GET vs POST [Contd.]GET POST
Usability:
GET method should not
be used when sending
passwords or other
sensitive information.
POST method used when
sending passwords or
other sensitive
information.
Visibility:
GET method is visible to
everyone (it will be
displayed in the
browser's address bar)
and has limits on the
amount of information to
send.
POST method variables
are not displayed in the
URL.
Cached: Can be cached Not cached
Large variable values:7607 character
maximum size.
8 Mb max size for the
POST method.
The Limitations of POST and GET• That data persists only as long as the script is running.
If we reload a page that contains a script, it will usually ask if we want to resend the data.
• If we move outside the confines of a single PHP script, we will lose the data.
That is a consequence of HTTP’s statelessness.
Cookies• Cookies are used to identify a user.
• Cookies are little files stored on a user’s computer that contain certain pieces of information.
They can be read in a web page and accessed to ensure data can be available between pages.
How to Create a Cookie?• Cookies are set using the function.
-This takes two parameters – a name for the cookie and its value.
• You can add a third to define an expiration time. eg. //expires on the end of
session
eg. //expires after 60 second
• The function must appear before tag.
• Cookies are available on the next page load.-You cannot set and access a cookie in the same pass.
Cookies• Accessing Cookies using $_COOKIE
• Modifying Cookies
• Unsetting or Deleting Cookies
set the time to previous time
eg.
Cookies Exmple
Limitations of Cookies1. Not all clients support them. Cookies can be disabled on user
browsers.
2. Users can delete a cookies.
3. No security for sensitive data.
4. They can only hold a small amount of information.
5. Cookies are browser specific.
-The real work of your application should happen on the server.
Sessions• Sessions fulfill the same role, but most of the information does
not get stored on a user’s computer.
It is available only as long as their browser is open and the session is active.
• Sessions are managed by a pair of cookies.
-One on the server
-One on the client
• The client cookie contains only a reference to a session stored on the server.
-So you can't take advantage of session with cookies disabled.
Working with Sessions• To setup a session, we use the session_start( ) function of PHP.
•
• It must appear before <html> tag.
• variable is used to access & store session
•
•
•
Destroying Sessions•
• You can destroy a session completely using function.
Sessions Example
Program Architecture• PHP fits in the application layer of N-Tier architecture.
PHP
HTML
??
Presentation
Application
Data
Conclusion• HTTP is a stateless protocol.
-Which makes it a little difficult to make dynamic web pages.
• PHP offers cookies and sessions as a way to resolve this problem.
Terminology• Cookie
A small piece of data stored on a user’s computer to ease dynamic application development.
• Session
A temporary mapping between the state of a server and a client’s system.
Questions???
End of Topic 3