 |
Developing State-enabled Applications With PHP
|
by: John L
When a user
is browsing through a website and is surfing from one web page
to another, sometimes the website needs to remember the actions
(e.g. choices) performed by the user. For example, in a website
that sells DVDs, the user typically browses through a list of
DVDs and selects individual DVDs for check out at the end of
the shopping session. The website needs to remember which DVDs
the user has selected because the selected items needs to be
presented again to the user when the user checks out. In other
words, the website needs to remember the State - i.e. the selected
items - of the user's browsing activities.
However,
HTTP is a Stateless protocol and is ill-equipped to handle States.
A standard HTML website basically provides information to the
user and a series of links that simply directs the user to other
related web pages. This Stateless nature of HTTP allows the
website to be replicated across many servers for load balancing
purposes. A major drawback is that while browsing from one page
to another, the website does not remember the State of the browsing
session. This make interactivity almost impossible.
In order
to increase interactivity, the developer can use the session
handling features of PHP to augment the features of HTTP in
order to remember the State of the browsing session. The are
basically 2 ways PHP does this:
- Using
cookies
- Using
Sessions
Cookies
Cookies are used to store State-information in the browser.
Browsers are allowed to keep up to 20 cookies for each domain
and the values stored in the cookie cannot exceed 4 KB. If more
than 20 cookies are created by the website, only the latest
20 are stored. Cookies are only suitable in instances that do
not require complex session communications and are not favoured
by some developers because of privacy issues. Furthermore, some
users disable support for cookies at their browsers.
The following
is a typical server-browser sequence of events that occur when
a cookie is used:
- The server
knows that it needs to remember the State of browsing session
- The server
creates a cookie and uses the Set-Cookie header field in the
HTTP response to pass the cookie to the browser
- The browser
reads the cookie field in the HTTP response and stores the
cookie
- This
cookie information is passed along future browser-server communications
and can be used in the PHP scripts as a variable
PHP provides
a function called setcookie() to allow easy creation of cookies.
The syntax for setcookie is:
int
setcookie(string name, [string val], [int expiration_date],
[string path], string domain, [int secure])
The parameters
are:
- name
- this is a mandatory parameter and is used subsequently to
identify the cookie
- value
- the value of the cookie - e.g. if the cookie is used to
store the name of the user, the value parameter will store
the actual name - e.g. John
- expiration_date
- the lifetime of the cookie. After this date, the cookie
expires and is unusable
- path
- the path refers to the URL from which the cookie is valid
and allowed
- domain
- the domain the created the cookie and is allowed to read
the contents of the cookie
- secure
- specifies if the cookie can be sent only through a secure
connection - e.g. SSL enable sessions
The following
is an example that displays to the user how many times a specific
web page has been displayed to the user. Copy the code below
(both the php and the html) into a file with the .php extension
and test it out.
[?php
//check if the $count variable has been associated with the count cookie
if (!isset($count)) {
$count = 0;
} else {
$count++;
}
setcookie("count", $count, time()+600, "/", "", 0);
?]
[html]
[head]
[title]Session Handling Using Cookies[/title]
[/head]
[body]
This page has been displayed: [?=$count ?] times.
[/body]
[/html]
The next
installment discusses how to manage sessions using PHP session
handling functions with cookies enabled...
PHP Session
Handling - Cookies Enabled
Instead
of storing session information at the browser through the use
of cookies, the information can instead be stored at the server
in session files. One session file is created and maintained
for each user session. For example, if there are three concurrent
users browsing the website, three session files will be created
and maintained - one for each user. The session files are deleted
if the session is explicitly closed by the PHP script or by
a daemon garbage collection process provided by PHP. Good programming
practice would call for sessions to be closed explicitly in
the script.
The following
is a typical server-browser sequence of events that occur when
a PHP session handling is used:
- The server
knows that it needs to remember the State of browsing session
- PHP generates
a sssion ID and creates a session file to store future information
as required by subsequent pages
- A cookie
is generated wih the session ID at the browser
- This
cookie that stores the session ID is transparently and automatically
sent to the server for all subsequent requests to the server
The following
PHP session-handling example accomplishes the same outcome as
the previous cookie example. Copy the code below (both the php
and the html) into a file with the .php extension and test it
out.
[?php
//starts a session
session_start();
//informs PHP that count information needs to be remembered in the session file
if (!session_is_registered("count"))
{
session_register("count"); $count = 0; } else { $count++;
}
$session_id = session_id();
?]
[html]
[head]
[title]PHP Session Handling - Cookie-Enabled[/title]
[/head]
[body]
The current session id is: [?=$session_id ?] This page has been displayed:
[?=$count ?] times.
[/body]
[/html]
A summary
of the functions that PHP provides for session handling are:
- boolean
start_session() - initializes a session
- string
session_id([string id]) - either returns the current session
id or specify the session id to be used when the session is
created
- boolean
session_register(mixed name [, mixed ...]) - registers variables
to be stored in the session file. Each parameter passed in
the function is a separate variable
- boolean
session_is_registered(string variable_name) - checks if a
variable has been previously registered to be stored in the
session file
- session_unregister(string
varriable_name) - unregisters a variable from the session
file. Unregistered variables are no longer valid for reference
in the session.
- session_unset()
- unsets all session variables. It is important to note that
all the variables remain registered.
- boolean
session_destroy() - destroys the session. This is opposite
of the start_session function.
The next
installment discusses how to manage sessions using PHP session
handling functions when cookies are disabled...
PHP Session
Handling - Without Cookies
If
cookies are disabled at the browser, the above example cannot
work. This is because although the session file that stores
all the variables is kept at the server, a cookie is still needed
at the browser to store the session ID that is used to identify
the session and its associated session file. The most common
way around this would be to explicitly pass the session ID back
to the server from the browser as a query parameter in the URL.
For example,
the PHP script generates requests subsequent to the start_session
call in the following format:
http://www.yourhost.com/yourphpfile.php?PHPSESSID=[actual
session ID]
The following
are excerpts that illustrate the discussion:
Manually
building the URL:
$url
= "http://www.yoursite.com/yourphppage.php?PHPSESSID=" . session_id();
[a href="[?=$url ?]"]Anchor Text[/a]
Building
the URL using SID:
[a
href="http://www.yoursite.com/yourphppage.php?[?=SID ?]"]Anchor
Text[/a]
About
The Author
John
L is the webmaster of http://www.bimmercenter.com..
daboss@bimmercenter.com
|
