HTTP is stateleess
Browser/Server communication
Sample Cookie
Name COUNTRY
Value IRN%2C81.31.164.249
Host .php.net
Path /
Secure No
Expires Mon, 06 Oct 2008 08:54:47 GMT
Cookie Setting
PHP
: bool
setcookie ( string
$name [, string
$value [, int
$expire [, string
$path [, string
$domain [, bool
$secure [, bool
$httponly ]]]]]] )
e
.g
.
setcookie("TestCookie", "testValue", time()+3600, "/~rasmus/", ".example.com", 1);
Javascript
:
document
.cookie
HTML
:
Set
-Cookie
: UserID
=JohnDoe
; Max
-Age
=3600; Version
=1 Javascript
function setCookie(name
, value
, expires
, path
, domain
, secure
) {
document
.cookie
= name
+ "=" + escape
(value
) +
((expires
) ?
"; expires=" + expires
.toGMTString
() : "") +
((path
) ?
"; path=" + path
: "") +
((domain
) ?
"; domain=" + domain
: "") +
((secure
) ?
"; secure" : "");
}
function getCookie
(name
) {
var dc
= document
.cookie
;
var prefix
= name
+ "=";
var begin
= dc
.indexOf
("; " + prefix
);
if (begin
== -1) {
begin
= dc
.indexOf
(prefix
);
if (begin
!= 0) return null;
} else {
begin
+= 2;
}
var end = document
.cookie
.indexOf
(";", begin
);
if (end == -1) {
end = dc
.length
;
}
return unescape
(dc
.substring
(begin
+ prefix
.length
, end));
}
function deleteCookie(name, path, domain) {
if (getCookie(name)) {
document.cookie = name + "=" +
((path) ? "; path=" + path : "") +
((domain) ? "; domain=" + domain : "") +
"; expires=Thu, 01-Jan-70 00:00:01 GMT";
}
}
Unique Identification Number for each User
PHP functions
- session.save_handler = files
- session.save_path = "c:/wamp/tmp"
- session.use_cookies = 1
- session.name = PHPSESSID
- session.auto_start = 0
- session.cookie_lifetime = 0
- session.gc_probability = 1
- session.gc_divisor = 1000
- session.gc_maxlifetime = 1440
Examples
<?php
// page1.php
session_start();
echo 'Welcome to page #1';
$_SESSION['favcolor'] = 'green';
$_SESSION['animal'] = 'cat';
$_SESSION['time'] = time();
?>
<?php
// page2.php
session_start();
echo 'Welcome to page #2<br />';
echo $_SESSION['favcolor'].' <br/>'; // green
echo $_SESSION['animal'].' <br/>'; // cat
echo date('Y m d H:i:s', $_SESSION['time']).' <br/>';
?>
<?php
session_start();
if (empty($_SESSION['count'])) {
$_SESSION['count'] = 1;
} else {
$_SESSION['count']++;
}
?>
<p>
Hello visitor, you have seen this page
<?php echo $_SESSION['count']; ?> times.
</p>
Session File
file: c
:\wamp\tmp\sess_ngf4u2op5q7e3n8bvgcd2rh7d1
content
: favcolor
|s
:5:"green";animal
|s
:3:"cat";time
|i
:1222673637;
Security Issues
- Attacks: Interception, Prediction, brute-force, and fixation.
- Read this for a general overview.
- Read Session Fixation by Mitja Kolsek
Security Advises
- change id if needed, use session_regenerate_id
- record IP address (browser, etc.) and check it everytime ??
- Use SSL
- Eearly Expiry on Sessions
- Don't use URLs or hidden fields, use only Cookies
- Check session data storage and make sure it is not public
Application Details
A phone book in which we can add, edit, search for, and delete entities.
Database
One table:
(id, first_name, last_name, number, created_at)