This week though, we covered using Session variables and Cookies with PHP, so this post will cover these subjects in the following way:
- PHP Session
- PHP Cookies
PHP Session
First off, let me start with a short note on what a Session is in general.
A session is used to store information on a single user on the server. Once a session is set, it will be available for use on every page of the hosted web application.
Sessions actually work by assigning a unique ID (UID) to every user. This UID can either be stored in a cookie file or passed along with the URL. This way the web server can keep track of who the user is, therefore overcoming the problem introduced by the fact that HTTP is stateless, as I had previously discussed in a previous post where I covered an introduction to cookies.
The important thing to remember about Session variables is that they have to be deleted once the user leaves the web site, as although these take little space individually, a hosted application receiving a lot of hits from different users every day would easily generate a lot of session variables, thus negatively effecting the performance of the hosting server.
Starting a Session with PHP
Before you could declare a session variable in PHP, you must first start the session by calling the 'session_start()' function. This will register the user's session on the server, assign a UID for that user's session and allow you to start saving user information.
N.B - It is important to call this function at the start, before the <HTML> tag.
<? PHP session_start(); ?>
<HTML>
.
.
.
</HTML>
Storing a Session variable with PHP
To store a session variable you must use the superglobal variable '$_SESSION' and define the name of the session variable you want to declare within square brackets and inverted commas like so:
<?php
$_SESSION['userName'] = 'John';
?>
The example above will store will store the value: 'John' in the session variable named 'userName'. To output the value of this session variable on the browser screen we use the function 'echo()'
<?php
echo $_SESSION['userName'];
?>
Removing a Session
To remove session variables there are two methods, either remove a specific session variable or remove all the registered variables all at once.
To remove a specific session variable you must use the 'unset()' function an pass the session variable you want to remove as a parameter like so:
<?php
unset($_SESSION['userName']);
?>
If on the other hand, you have more than one registered session variables and you want to remove them all at once, you simply use the 'session_destroy()' function.
<?php
session_destroy();
?>
PHP Cookies
| Cookies with PHP |
This action is normally used to identify users which have already visited the website before, therefore, unlike a session, a cookie is not temporary.
But what use can this have you might ask? Well for instance, take Google Plus, you only login your account details the first time, then when you visit the site a second time from the same machine (while taking it into consideration that cookies are enabled) the site automatically knows who you are, logs you in immanently and provides you with links to all your Google applications, such as Gmail, Blogger, Docs, Calendar, etc..
Create a cookie using PHP
A quick note before explaining how to create a cookie, I would like to point out that you can set a cookie to expire within a stipulated amount of time.
So, to create a cookie in PHP you must use the function 'setcookie()' before the <HTML> tag of a PHP page like so:
<?php setcookie('user', 'John', time()+3600); ?>
<HTML>
.
.
.
</HTML>
The example above creates a cookie named 'user', stores the value: 'John' and sets it to expire in 1 hour.
N.B. - The third parameter represents the expiry time in seconds. Therefore if you want the parameter to expire in 5 days, simply calculate how many seconds 5 days amount to and pass that value in the parameter.
Retrieve a cookie using PHP
To retrieve a cookie you must use the superglobal variable named, '$_COOKIE' and define the cookie's name in square brackets and inverted commas. But to be safe, it is good practice to check if that cookie exists before trying to read it's value.
This is achieved by using a PHP function which I used in my last post regarding coursework 2 and that is the 'isset()' function. Basically this function receives a parameter and returns a boolean value, stating whether or not the received parameter exists or not.
<?php
if(isset($_COOKIE['user'])){
echo "Welcome back ".$_COOKIE['user'];
}
?>
Deleting a cookie using PHP
To do this, there isn't a specific function dedicated to do this job, instead you use the previously mentioned 'setcookie()' function and set an expiry parameter which has already passed, for example:
<?php
//sets the expiry to 1 hour ago
setcookie('user', '', time()-3600);
?>
Conclusion
So, which are the best, Cookies or Sessions?
The answer is NONE, you should not use one technology instead of the other, but mesh the use of the two together to get the best of both worlds.
What I mean by this is you could store the user's name and encrypted password in a cookie to enable auto-login and use session variables to store information on the user's temporary item basket.
No comments:
Post a Comment