Reading, Writing and Securing Session and Cookies

Overview Objective Learn how to read and write data to cookies and session and also how to secure your cookies and sessions. Requirements Understanding of Cookies and Sessions in PHP Estimated Time 10 Minutes

Follow Along With Code Example Download a copy of the example code at www.prodigyview.com/source. Install the system in an environment you feel comfortable testing in. Proceed to examples/system/Sessions.php

Disable Session in Bootstrap Normally in ProdigyView when the bootstrap is called, the session configuration is created and set based upon the values in the xml configuration file. But for the purposes of this tutorial we are going to manually set the variables. Lets start by creating a custom bootstrap that disables the initialization of the sessions.

Session Init Before we initialize the session, we should set what options we want. In this example we are only setting the lifetime of the cookie and the session. By default, the PVSession::init() method will call session_start() function for us. Keep in mind there are many more options that can passed to the init. www.prodigyview.com

Setting Up Test Variables Perfect, now we have an active session ready to set data in. First create some sample data to insert and retrieve from cookies and session. www.prodigyview.com

Basic Cookie With our data we are now going to write and read a basic cookie. This can be simply done with the methods writeCookie, readCookie and deleteCookie. 1. Set the key/name of the cookie 4. Delete the cookie associated with the key/name 3. Read the cookie data basef on the key/name 2. Set the cookie data based on the key/name

Arrays and Cookies Normally in PHP you cannot set arrays or objects in Cookies and Sessions. Well in ProdigyView this can be done. Just write and read the cookie like you normally would. 1. Set the key/name of the cookie 2. Set the array or object associated to be associated with the key/name Retrieve the cookie by entering the name/key Delete the cookie www.prodigyview.com

Secure Cookie Sometimes a requirement maybe(and still strongly not advised) to store sensitive information in a cookie. ProdigyView allows a cookie to be encrypted. In the options passed into cookie, set the hash cookie to true. 1. The the options for hashing a cookie 2. Pass the options in when writing and reading the cookie 3. The options should also be passed when deleting a cookie

Writing a Session Writing a session is very similar to writing a cookie. The methods are writeSession, readSession, and deleteSession. 1. Set the key/name of the session 2. Set the data to be associated with that key/name 3. Retrieve the data associated with the key/name 4. Delete the data from the session www.prodigyview.com

Store Array in Sessions Like cookies, objects and arrays can be stored in a session. 1. Set the key/name of the session 2. Set the object or array to be associated with that key/name 3. Retrieve the array or object 4. Delete the array or object from the session www.prodigyview.com

Secure Session Now if you want, you can encrypt data stored in a session. Whether or not this is necessary is controversial because the session is stored on the server and not accessible to the client. 1. The the options for hashing a session 2. Pass the options in when writing and reading the session 3. The options should also be passed when deleting a session

Challenge! This is a challenge designed to better help you understand sessions and cookies in Prodigyview and PHP. Create an object that contains public, private and protected variables. 1 of each is fine. Set those variables with values. Make sure you can retrieve those values. Write the object to a session or cookie normally and write the object to a session or cookie that is encrypted. Read back the object and access the variables. Record the results.

Review Use PVSession::writeCookie() to write a cookie Use PVSession::readCookie() to read a cookie Use PVSession::deleteCookie() to remove a cookie Use PVSession::writeSession() to write a session Use PVSession::readSession() to read a session Use PVSession::deleteSession() to remove a session www.prodigyview.com

API Reference For a better understanding of the sessions, visit the api by clicking on the link below. PVSession www.prodigyview.com More Tutorials For more tutorials, please visit: http://www.prodigyview.com/tutorials