COMP3512

winter 2024

lec-php-05

Up and Coming

RECALL

<?php
$customer = $_GET['cust-name'];
$egg_style = $_GET['egg-style'] ?? 'scrambled';
$side = $_GET['side'] ?? 'bacon';
$drink = $_GET['drink'] ?? 'coffee';

include 'order.view.php';

Given the above, write the markup that would result from going to this URL:

<body>
    <h1>Your Breakfast Is Ready, <?= $customer; ?></h1>
    <p>One order of eggs, <?= $egg_style ?>.</p>
    <p>Side of <?= $side ?></p>
    <p>And a cuppa <?= $drink ?></p>
</body>

order.php

order.view.php

order.php?cust-name=Miko&side=hash+browns

RECALL

Assuming we run the above blob of code, what values does $another_variable have on lines 4, 6, 8, and 12?

<?php
$some_variable = "hi";

$another_variable = $some_variable ?? "foo";  

$another_variable = $yet_another_variable ?? "bar"; 

$another_variable = $pancakes ?? "baz"; 

$yet_another_variable = "bye";

$another_variable = $yet_another_variable ?? "bar";

let's talk about these things today:

◉ Why is a cookie like a remora?
​◉ What flavours of cookies are there and how do I bake them?
◉ What's a common cookie gotcha?
◉ How do cookies tie into The Project?

Cookies

Why does the client get all the fun? What about the server?
◉ How do I read/write delicious data to the session store?
◉ What's a common session gotcha?
◉ How do sessions tie into The Project?

PHP Sessions

Prologue

As far as a web server is concerned, every request for a resource is from "some rando person".

This is a problem.

Prologue: The Sequel

The Application tab in your browser inspector is a wonderful beast.

Get familiar with it.

COOKIES

Why is a cookie like a remora?

remora

cookie

Let's try something

  1. Open browser in Guest Mode (clean slate).
  2. Pop open the Application tab.

     
  3. Pop open the Network tab, select Doc.
  4. Go to GitHub.com.

     
  5. Pop open the Application tab.

     
  6. Pop open the Network tab and go to the Sign in link.

🤔 See any cookies?

🤔 Notice anything in the Response Headers that's cookie-ish?

🤔 See any cookies now? What do you notice about them?

🤔 Notice anything in the Request Headers that's cookie-ish?

In summary...

RECAP

  • Cookies are small blobs of text in key/value format that your browser is allowed to save.
  • We can see cookies using our browser tools (for example, in the Application tab in Chrome & Edge and Storage in Firefox).
    • Because of this, what sort of things should you NOT store in cookies?
  • Cookies are associated with a domain.  You don't see ALL your cookies in the devtools, only the ones relevant to the page you're currently on.
  • There's an Expires field; values seem to be a date/time stamp or Session.
  • Cookies are created by a browser when it receives a Set-Cookie header in a response.
  • After a cookie has been created, it's "stuck" (like a remora!) to further requests your browser makes. The cookies will appear in your Request Headers in a Cookie entry.

I think you should be summarizing like this, but I'm feeling all generous like.

What flavours of cookies are there and how do I bake them?

1-cookies
DEMO
make-a-cookie.php
1-cookies
DEMO
mood.php

RECAP

  • Use setcookie() to set cookies; they can be session cookies or persistent cookies
    • Use strtotime() to make your persistent cookie code readable.
    • Modify the path to / if you want the cookie to be available within the entire domain.
  • A session cookie will go away when the browser window (not just tab) is closed.
  • A persistent cookie will stay until it expires. (Though I've been noticing odd behaviour on Codespaces.)
  • Use the $_COOKIE superglobal to get a cookie value.
    • Gotcha: you can't use $_COOKIE to set a cookie - that's what setcookie() is for!
    • Don't forget to see if the cookie is there by using isset() or !empty().

What's a common cookie gotcha?

2-cookie-gotcha
DEMO
gotcha.php

RECAP

  • Your PHP can't write anything to the response before calling setcookie().
    • So no echoes, no markup, and no function calls that write to the response.
    • This makes sense, right? Cookies are created by a Set-Cookie Response Header. And headers are, by definition at the HEAD of a response. If you write anything other than a header to the response and THEN attempt to write a header...it's not a header anymore!

How do cookies tie into The Project?

From Milestone 3:

"A persistent cookie is used to store the last date and time the user logged in; this date and time should be displayed at the bottom of the Theatre List and Now Playing pages."

BRAIN BREAK

PHP SESSIONS

Why does the client get all the state fun?

What about the server?

RECAP

  • Just like a browser can store little blobs of text, so can your web server store little blobs of text in some location (the session store) of the server's hard drive.
    • In our Codespaces, this location is /tmp. You can see the session files (along with some other stuff) by using the command ls /tmp.
    • You can spot a session file because it starts with sess_ followed by a hella-long ID.
  • Session files contain key/value pairs, kinda like a cookie; unlike cookies, there is some extra information stored that indicates the type of data stored. 

How do I read/write delicious data to the session store?

3-sessions
DEMO
start-a-session.php
3-sessions
DEMO
open-page.php

RECAP

  • You can use the session store in your code if you call session_start(). Once that's done, you can use the $_SESSION superglobal in the same way you can use $_GET and $_POST.
  • When you call session_start(), important things happen:
    • A unique ID for your session is created.
    • The page response will have a request to make a cookie with the key PHPSESSID and the unique ID as the value.
    • An empty file will be placed in the session store called sess_(unique ID).
    • From this point onward, using $_SESSION will write/read things from the file!
  • If you delete the PHPSESSID cookie using your dev tools, you can trick your code into thinking you're not connected to the session anymore.
    • This is useful if you're hacking around...but it DOES leave the session file in your session store. You can delete it with rm (name of session file).
    • If you want to see how to properly get rid of a session, see the logout.php code in lab-03!

What's a common session gotcha?

3-session-gotcha
DEMO
order-is-important.php
3-session-gotcha
DEMO
writing-gotcha.php
3-session-gotcha
DEMO
reading-gotcha.php

RECAP

  • If you attempt to call session_start() after writing anything to the response, it'll blow up. Why? Think back to cookies....
  • If you forget to call session_start() and go $_SESSION['key']=(some value), then you're not actually writing to the session store! You're just writing  to an array called $_SESSION!
  • If you forget to call session_start() and then try to access the session (like echo $_SESSION['foo']), it'll blow up, because the $_SESSION variable doesn't exist!

How do sessions tie into The Project?

From Milestone 4:

"If a user enters the username admin and password pw into the Login Form, the login status is saved using PHP session state, and the form then redirects to the Theatre List. "

lec-php-05

By Jordan Pratt

Made with Slides.com

lec-php-05

cookies | PHP sessions

  • 194

More from Jordan Pratt