Session and Cookies

Overview Objective Learn the basic configuration of a sessions and cookies in php. Requirements A server with PHP Estimated Time 10 Minutes

Follow Along With Code Example Download a copy of the example code at www.prodigyview.com/source. Install the system in an environment you feel comfortable testing in. Proceed to examples/system/Session_Basics.php

Apply to Normal PHP While the configuration in this tutorial applies to ProdigyView, the concepts apply to normal cookies and sessions in php. You may use these concepts with these two php functions.

What is a Session Sessions is information that relates to a user and is stored on the server. A session will no longer exist once the browser closes. Sessions do not have a size limit. Sensitive information should be stored in the cookie. User saves session User retrieves session

What is a Cookie Cookies is data the stored in the user’s browser. Unlike sessions, cookies will last if a user closes their browser. Cookies have a size limit set by the browser. Sensitive information should not be stored in the cookie. Stored on user’s computer

Configuration In ProdigyView we can configure sessions and cookies to act a certain way. Below, we are disabling the session configuration in the bootstrap and adding our own configuration. We will explain the passed variables in other slides.

Cookie Path & Session Path The cookie path and session is path on your server that you cookie or session will be accessible. Example: If you make your cookie path ‘/store/products’, the cookie will only be available on ‘http://www.example.com/store/products/index.php’. Using ‘/’ will make the cookie or session available in any directory.

Cookie Domain and Session Domain The cookie and session domain is the domain the cookie/session is available on. If your domain is www.example.com, setting you’re cookie/session to that domain will make is only accessible under www.example.com. If it was subdomain.example.com, it will only be available under subdomain.example.com. Setting the domain to ‘.example.com’ will make the session/cookie available under all subdomains.

Cookie Secure & Session Secure Cookie Secure and Session Secure will ensure that your data for a session/cookie will only save over an https connection. It is up to you, the developer, to make sure the value is read only over an https connection.

Cookie and Session HTTP Only In some situations, the requirement may be having this cookie only accessible from a http connection. Setting this value to true will ensure that the cookie/session will NOT be accessible through JavaScript, java(ex: .jar files) and other non-http/https protocols.

Cookie And Session Lifetime Cookie and sessions do not last forever and nor should they. A cookie can be set for years but the average person will probably switch computers every 4-5 years. When setting the amount of time a session/cookie will last, you are passing in the amount of seconds. So if you want the cookie/session to expire in 5 minutes, set it too ’60*5’;

Hash Cookie/Session The option hash a cookie/session is an option only available in ProdigyView and not in normal php. Setting this value to true will encrypt the cookie/session when saving it. This will make it more difficult to tell what the saved data is.

Review Cookie/Session Path: Sets the path that the cookie/session will be accessible from. Cookie/Session Domain: Set what domain the cookie/session will be available on. Cookie/Session Secure: Set if the cookie is writable only over a secure connection. Cookie/Session Lifetime: Set how the long the cookie/session will last. Hash Cookie/Session: Encrypt the cookie/session when saving it.

API Reference For a better understanding of the sessions, visit the api by clicking on the link below. PVSession www.prodigyview.com More Tutorials For more tutorials, please visit: http://www.prodigyview.com/tutorials