web technology solutions

Date : 2/18/2014

Web Technology SolutionsClass: State Management with PHP

Tonight

✤ HTTP State OverviewCookies in

PHPSessions in PHPiHear DB and App

ReviewLab

Lab Preview

✤ Install “State” in your authentication sub system.

✤ Install State via Sessions.

✤ Final Project Working Session

✤ Create CRUD functionality for Survey

✤ Install State throughout App.

✤ Auth

✤ Registration

✤ Survey

HTTP Review

✤ HTTP is a “Stateless” protocol

✤ Requests between client and server retain no memory of the previous request or future requests.

✤ OK? So what does that mean to me as an app dev?

HTTP Review

Want to Share info from page to page? You can’t!

Unless you...

HTTP Review

Maintain State via...

Sessions Cookies

HTTP Review

Cookies with PHP

✤ Cookies are small files stored on your (clients) machine.

✤ Consists of clear text in named\value pairs (non-secure)

✤ Send by and stored in your browser.

✤ Sent in the HTTP Header

Cookies with PHP

✤ Cookies are good for

✤ site prefs / personalization

✤ remember non-secure data

✤ shopping cart values

✤ remember me login’s

✤ Anything that doesn’t “break” the functionality of your site.

Cookies with PHP

✤ Cookies are bad for

✤ storing sensitive data

✤ storing required data for app

✤ storage of persistent data

PHP - setCookie

✤ setcookie();

✤ uses the PHP superglobal $_COOKIE (array)

✤ set’s a first party cookie on the client (browser)

✤ safe to store basic data values (not sensitive data like passwords)

✤ Browsers limit size of total count of cookies.

PHP - setCookie

✤ setcookie()

✤ used to create a cookie

✤ param1: name

✤ param2: value

✤ param3: time to live in milsec

✤ param4: folder

✤ param5: domain

✤ param6: secure

✤ setcookie("user", “bob”, time()+3600, "/home", ".site.com", 1);

PHP - setCookie

✤ setcookie()

✤ also used to delete

✤ setcookie ("user", "", time() - 3600);

✤ note the negative seconds.

✤ setcookie("user", “bob”, time()-3600, "/home", ".site.com", 1);

Cookie Example

PHP Sessions

Sessions

Sessions in PHP

✤ Sessions store data on the server (note config)

✤ Sessions also store a session ID cookie on the client

✤ Sessions need to be started on each page

✤ PHP offers an auto start option in the php.ini

Sessions in PHP

✤ Sessions are good for:

✤ Secure data

✤ Quasi-Persistent Storage

✤ Full App functionality.

Sessions in PHP

✤ Three methods for passing Session ID

✤ via Cookie (default)

✤ via DB storage (ok)

✤ via URL (bad)

Sessions in PHP

✤ Sessions are bad for:

✤ Overall very good to use.

✤ Beware session hijacking.

PHP Sessions

✤ To start:

✤ session_start();

✤ needs to be called on EACH page or session data will not be carried onto that page.

✤ $_SESSION[‘name’] = value;

✤ echo $_SESSION[‘name’];

PHP Sessions

✤ To kill session value

✤ unset($_SESSION['name']);

✤ To kill off all session data

✤ $_SESSION = array();

✤ session_destroy();

✤ setcookie('PHPSESSID', '',time()-300, '/',0);

Session Example

PHP Output Control

✤ Output Control allows you to tell PHP when to submit information to the browser.

✤ Great:

✤ Working with header(), avoid errors

✤ Controlling Browser Output

✤ Cons:

✤ Buffer Limits (default bite size of 4096kb)

✤ Memory Limits

Output Buffering

ob_start();

Turns on output buffering

data is held within internal “buffer” waiting to be published to the browser.

Call at start of script

Can have a callback function

Can nest buffers

Output Buffering

ob_end_flush()

Sends the data in the buffer to the browser

Turns off output buffer.

Loop through ob_end_flush() to close all jobs

Output Buffering

ob_end_clean()

//removes data from the buffer (doesn’t go to browser)

ob_flush()

//send data to the browser but buffer remains on

ob_get_contents()

//get the content of the buffer (no browser or erase)

App Review

Lab & Next Week

✤ Lab

✤ implement sessions in app

✤ working session for final

✤ Reading: Chapter 13

See you Tuesday!