Learn the basics of configuring cookies and sessions in php. This tutorial covers the basics of configuring session and cookies in normal php and Prodigyview.
2. Overview
Objective
Learn the basic configuration of a sessions and cookies in
php.
Requirements
A server with PHP
Estimated Time
10 Minutes
3. Follow Along With Code
Example
1. Download a copy of the example code at
www.prodigyview.com/source.
2. Install the system in an environment you feel
comfortable testing in.
3. Proceed to examples/system/Session_Basics.php
4. Apply to Normal PHP
While the configuration in this tutorial applies to ProdigyView,
the concepts apply to normal cookies and sessions in php. You
may use these concepts with these two php functions.
session_set_cookie_params
http://php.net/manual/en/function.session-set-cookie-params.php
setcookie
http://php.net/manual/en/function.setcookie.php
5. What is a Session
Sessions is information that relates to a user and is stored
on the server. A session will no longer exist once the
browser closes. Sessions do not have a size limit.
Sensitive information should be stored in the session.
User retrieves session infomration
User saves session information
6. What is a Cookie
Cookies is data the stored in the user’s browser. Unlike
sessions, cookies will last if a user closes their browser.
Cookies have a size limit set by the browser. Sensitive
information should not be stored in the cookie.
Stored on user’s computer
7. Configuration
In ProdigyView we can configure sessions and cookies to act a certain
way. Below, we are disabling the session configuration in the bootstrap
and adding our own configuration. We will explain the passed variables
in other slides.
1. Disable init in
bootstrap
2. Set cookie and
session defaults
3. Initialize the
session class
8. Cookie Path & Session Path
The cookie path and session is path on your server that you cookie
or session will be accessible. Example: If you make your cookie path
‘/store/products’, the cookie will only be available on
‘http://www.example.com/store/products/index.php’.
Using ‘/’ will make the cookie or session available in any directory.
9. Cookie Domain and Session
Domain
The cookie and session domain is the domain the cookie/session
is available on. If your domain is www.example.com, setting
you’re cookie/session to that domain will make is only accessible
under www.example.com. If it was set to
subdomain.example.com, it will only be available under
subdomain.example.com.
Setting the domain to ‘.example.com’ will make the
session/cookie available under all subdomains.
10. Cookie Secure & Session
Secure
Cookie Secure and Session Secure will ensure that your
data for a session/cookie will only save over an https
connection.
It is up to you, the developer, to make sure the value is
read only over an https connection.
11. Cookie and Session HTTP
Only
In some situations, the requirement may be having this cookie
only accessible from a http connection. Setting this value to
true will ensure that the cookie/session will NOT be accessible
through JavaScript, java(ex: .jar files) and other non-
http/https protocols.
12. Cookie And Session Lifetime
Cookie and sessions do not last forever and nor should they. A
cookie can be set for years but the average person will probably
switch computers every 4-5 years.
When setting the amount of time a session/cookie will last, you
are passing in the amount of seconds. So if you want the
cookie/session to expire in 5 minutes, set it to ’60*5’;
13. Hash Cookie/Session
The option hash a cookie/session is an option only available
in ProdigyView and not in normal php. Setting this value to
true will encrypt the cookie/session when saving it. This will
make it more difficult to tell what the saved data is.
14. Review
1. Cookie/Session Path: Sets the path that the
cookie/session will be accessible from.
2. Cookie/Session Domain: Set what domain the
cookie/session will be available on.
3. Cookie/Session Secure: Set if the cookie is writable
only over a secure connection.
4. Cookie/Session Lifetime: Set how the long the
cookie/session will last.
5. Hash Cookie/Session: Encrypt the cookie/session
when saving it.
15. API Reference
For a better understanding of the sessions, visit the api by
clicking on the link below.
PVSession
More Tutorials
For more tutorials, please visit:
http://www.prodigyview.com/tutorials
www.prodigyview.com