UNIT VI: Cookies and Sessions. Notes: B. Sc. SE.

SY III Sem

UNIT VI: Cookies and Sessions

Using Cookies:
Cookies are small bits of textual information that a Web server sends to a browser and
that the browser later returns unchanged when visiting the same Web site or domain.

By letting the server read information it sent the client previously, the site can provide
visitors with a number of conveniences such as presenting the site the way the visitor
previously customized it or letting identifiable visitors in without their having to reenter
a password.

There are four typical ways in which cookies can add value to your site. These are:

1. Identifying a user during an e-commerce session. Many online shopping sites

provide facility to use a shopping cart or basket to put item into it, and then continue
shopping.
HTTP connection is usually closed after each page is sent, when a user selects a new
item to add to the cart, how does the store know that it is the same user who put the
previous item in the cart? This problem can be solved using cookies.

Cookies create a small file on user’s machine & stores are the items selected by
user & then can be accessed from any page of website.

2. Remembering usernames and passwords. Cookies let a user log in to a site

automatically, providing a significant convenience for users of unshared
computers.

Many large sites require you to register to use their services, but it is inconvenient to
remember and enter the username and password each time you visit. Cookies are a
good alternative for low-security sites. When a user registers, a cookie containing a
unique user ID is sent to him. When the client reconnects at a later date, the user ID is
returned automatically, the server looks it up, determines it belongs to a registered
user that chose auto-login, and permits access without an explicit username and
password.
The site might also store the user’s address, credit card number, and so forth in a
database and use the user ID from the cookie as the key to retrieve the data. This
approach prevents the user from having to reenter the data each time.

3. Customizing sites. Sites can use cookies to remember user preferences.

Many sites let you customize the look of the main page. They might let you pick which
weather report you want to see, what stock symbols should be displayed, what sports
results you care about (yes, the Orioles are still losing), how search

Prepared By: Mr. M.G Rajegave. COCSIT Latur. Page 1

)
 UNIT VI: Cookies and Sessions. Notes: B. Sc. SE. SY III Sem

results should be displayed, and so on. Since it would be inconvenient for you to
have to set up your page each time you visit their site, they use cookies to remember
what you wanted.
For simple settings, the site could accomplish this customization by storing the page
settings directly in the cookies.
4. Focusing advertising. Cookies let the site remember which topics interest
certain users and show advertisements relevant to those interests.
With cookies, we can identify user interests by remembering user previous
searches. This approach enables you to show directed ads on visits to users.

Some Problems with Cookies:

1. Due to privacy problems, some users turn off cookies.

2. You should be careful not to use cookies for sensitive or important information.
3. Cookies can be deleted.

Setting cookies:

The most important thing to understand about cookies is that they must be sent from the server
to the client before any other information.

For setting cookies PHP provides setcookie function:

Syntax is as follows:

setcookie (name, value);

Or
setcookie(name, value, expire, path, domain);

Ex:
setcookie (“username”, “amol”);

The second line of code will send a cookie to the browser with a name username and a
value amol.

Accessing cookies
To retrieve a value from a cookie, you can use the $_COOKIE superglobal variable using the
cookie name:
Syntax is:
$variable_name= $_COOKIE[cookiename];

Ex:
$user=$_COOKIE [“username”];

In the example below, we will create a cookie named "user" and assign the value "Amol
mane" to it. We also specify that the cookie should expire after one hour:

Prepared By: Mr. M.G Rajegave. COCSIT Latur. Page 2

)
 UNIT VI: Cookies and Sessions. Notes: B. Sc. SE. SY III Sem

<?php
setcookie("user", "Amol Mane", time()+3600);
?>
<html>
.....

In the example below, we retrieve the value of the cookie named "user" and display it on a
page:

<?php
// Print a cookie
echo $_COOKIE["user"];
// A way to view all cookies
print_r($_COOKIE);
?>

Program using cookie for remembering username & password:

Prepared By: Mr. M.G Rajegave. COCSIT Latur. Page 3

)
 UNIT VI: Cookies and Sessions. Notes: B. Sc. SE. SY III Sem

After setting & storing cookie, if you run with blank username & password then username &
password will be taken from cookie.

Prepared By: Mr. M.G Rajegave. COCSIT Latur. Page 4

)
 UNIT VI: Cookies and Sessions. Notes: B. Sc. SE. SY III Sem

Using Session:
Session is the time span between login & logout on a particular website by user.

When you are working with an application, you open it, do some changes and then you close it.
This is much like a Session. The computer knows who you are. It knows when you start the
application and when you end. But on the internet there is one problem: the web server does
not know who you are and what you do because the HTTP address doesn't maintain state.

A PHP session solves this problem by allowing you to store user information on the server for
later use (i.e. username, shopping items, etc). However, session information is temporary and
will be deleted after the user has left the website. If you need a permanent storage you may
want to store the data in a database.

Sessions work by creating a unique id (UID) for each visitor and store variables based on this
UID. The UID is either stored in a cookie.

A PHP session variable is used to store information about, or change settings for a user
session. Session variables hold information about one single user, and are available to
all pages in one application.

Starting a PHP Session

Prepared By: Mr. M.G Rajegave. COCSIT Latur. Page 5

)
 UNIT VI: Cookies and Sessions. Notes: B. Sc. SE. SY III Sem

Before you can store user information in your PHP session, you must first start up the
session.

Note: The session_start() function must appear BEFORE the <html> tag:

<?php session_start(); ?>

<html>
<body>
</body>
</html>

The code above will register the user's session with the server, allow you to start saving user
information, and assign a UID for that user's session.

Storing a Session Variable

The correct way to store and retrieve session variables is to use the PHP $_SESSION
variable:

<?php
session_start();
// store session data
$_SESSION['views']=1;
?>
<html>
<body>
<?php
//retrieve session data
echo "Pageviews=". $_SESSION['views'];
?>
</body>
</html>

Output:

Pageviews=1

Destroying a Session

If you wish to delete some session data, you can use the unset() or the session_destroy()
function.

The unset() function is used to free the specified session variable:

Prepared By: Mr. M.G Rajegave. COCSIT Latur. Page 6

)
 UNIT VI: Cookies and Sessions. Notes: B. Sc. SE. SY III Sem

<?php
unset($_SESSION['views']);
?>

You can also completely destroy the session by calling the session_destroy() function:

<?php
session_destroy();
?>

Note: session_destroy() will reset your session and you will lose all your stored session data.

Program using session for storing username on one page & getting in another page;
Login2.html
<html>
<head>
<title>Login Here</title>
</head>
<body>
<h1 align="center">Session Demo </h1>
<h1 align="center">Login Here.. </h1> <hr>
<form method="POST" action="session2.php">
<table border="1" align="center" width="600">
<tr>
<td>User Name</td>
<td><input type="text" name="T1" size="20"></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="T2" size="20"></td>
</tr>
<tr>
<td></td>
<td><input type="submit" value="Login" name="B1"></td>
</tr>
</table>
</form>
</body>
</html>

session2.php

Prepared By: Mr. M.G Rajegave. COCSIT Latur. Page 7

)
 UNIT VI: Cookies and Sessions. Notes: B. Sc. SE. SY III Sem

<?php session_start(); ?>

<?php
print "<h1 align=center>Session Demo </h1><hr>";
$user=$_POST["T1"];
$pass=$_POST["T2"];
if($user=="cocsit" && $pass=="cocsit1" )
{
print "<h1 align=center>Login Success </h1><hr>";
print "<h2 align=center>Welcome : " .$user ."</h2><hr>";
//store user into session
$_SESSION["user"]=$user;
print "<h2 align=center> <a href=main.php >
Goto Main Page : </a></h2><hr>";
}
else
{
print "<h1 align=center>Login Fail </h1><hr>";
}
?>

main.php
<?php session_start() ?>
<body>
<h1 align="center"> Welcome In Our Site </h1> <hr>
<h1 align="center"> User ID :
<?php
//getting user id from session
$user= $_SESSION["user"];
print $user;
?>
</h1>
<h2 align="center" >
<a href="">About Us </a>|
<a href="">Adminstration</a> |
<a href="">Downloads </a>|
<a href="">Contact Us </a> </h2>
</body>

Prepared By: Mr. M.G Rajegave. COCSIT Latur. Page 8

)
 UNIT VI: Cookies and Sessions. Notes: B. Sc. SE. SY III Sem

Prepared By: Mr. M.G Rajegave. COCSIT Latur. Page 9

)
 UNIT VI: Cookies and Sessions. Notes: B. Sc. SE. SY III Sem

Sessions and Cookies:

We can either use cookies or session for logging in and logging out or identifying user in your
site.
Both are easy to use in PHP, but when to use Cookie & when to use Session is depending
upon the following benefits of cookie & session.

Sessions have the following advantages over cookies:

1. They are generally more secure (because the data is being retained on the server).
2. They allow for more data to be stored.
3. They can be used without cookies.
Whereas cookies have the following advantages over sessions:
1. They are easier to program.
2. They require less of the server.

In general, to store and retrieve just a couple of small pieces of information use cookies. For
most of your Web applications, though, you’ll use sessions.

[Explain what Session is & what Cookies is]

Improving Session Security:

Important information (like username, password) is generally stored in a session (you should
never store important information in a cookie), for that security is more important.

Prepared By: Mr. M.G Rajegave. COCSIT Latur. Page 10

)
 UNIT VI: Cookies and Sessions. Notes: B. Sc. SE. SY III Sem

In sessions there are two important things: these are the session ID, which is a reference point
to the session data, and the session data itself, stored on the server.

An unauthorized person tries to hack or access a user session through the session ID than the
data on the server.

The session ID is the key to the session data. By default, PHP will store this in a cookie,
which is better for security.

It is possible in PHP to use sessions without cookies, it is harmful: If you identify another
user’s session ID, then you can easily access to their data. So storing the session ID in a
cookie makes it somewhat harder to steal.

One method of preventing hijacking is to store some sort of user identifier in the session.

Instead of storing this value in the session as it is if we use md5() function for encrypting data,
then we can add security.

This function returns a 32-character hexadecimal string based upon a value. In

general, no two strings will have the same md5() result.

$_SESSION['agent'] = md5($data);

Prepared By: Mr. M.G Rajegave. COCSIT Latur. Page 11

)