Sessions Without Cookies

Loading...

Del curso dictado por University of Michigan

Building Database Applications in PHP

228 calificaciones

Explore Related Videos

At Coursera, you will find the best lectures in the world. Here are some of our personalized recommendations for you

University of Michigan

Building Database Applications in PHP

228 calificaciones

Curso 3 de 4 en SpecializationWeb Applications for Everybody

In this course, we'll look at the object oriented patterns available in PHP. You'll learn how to connect to a MySQL using the Portable Data Objects (PDO) library and issue SQL commands in the the PHP language. We'll also look at how PHP uses cookies and manages session data. You'll learn how PHP avoids double posting data, how flash messages are implemented, and how to use a session to log in users in web applications. We'll then build the first 'complete' application that has multiple screens to Create, Read, Update and Delete (CRUD) our data. This brings all the previous concepts together and will form the basis for all later web applications.

De la lección

PHP Cookies and Sessions

We look at how PHP uses cookies and manages session data.

Sessions Without Cookies4:45

Code Walkthrough - Cookies and Sessions10:26

Conoce a los instructores

Charles Severance
Professor
School of Information

So I just got done talking with you about how PHP uses cookies and sessions.

But there's a really cool feature in PHP that has to do with

sessions that don't require cookies.

Now it's a kind of a narrow application.

Probably 99% of the applications just use sessions.

But the applications that I work on personally have to do with

teaching and learning.

So you might have the same application and in one course, you're a teacher and

in another course, you're a student.

And you might want to have both of those courses open up into two tabs at the same

time, whereas there's one cookie for both of those tabs for one website.

So if you want to have a different session in one tab than the other tab, you can't

use cookies for that and that's why I know and like sessions without cookies.

So basically most applications, like I said 99% of them, just use cookies and

don't worry about it.

Just don't think about it, but if you really need to function with an iframe or

have more than one session active, away you go.

And it's really cool for PHP.

So here's a little bit of code and I'll sort of walk you through this.

How we can actually make sessions work without cookies.

Okay, so here's some magic bits and you can go Google how you do this.

But this basically says we're not going to use cookies for our sessions and

we're going to transform the output automatically

to make it as easy as possible for doing this.

We do a session start the same as we ever do, and there's some screen there,

and this code is pretty much the same as before

where we're going to have sessions of value.

If it's empty, we're going to set it to zero.

If it's below three, we're going to add one to it.

And then if it's above three, we're going to destroy it and restart it.

So it's the same, zero, one, two, three, zero, one, two, empty,

zero, one, two, three.

And so that's what it is and we got both a form that we're going to submit and

a href that we're going to submit, to click back and forth.

So this is how this works.

So if we take a look at this, we want to make it so

that we're passing this identifier.

We still end up with a session identifier.

The place that it's stored on disc is the exact same thing.

But we need to pass this from one request to another.

And so we either have a form right here that we can submit or

we can click on the anchor tag.

But we have to somehow pass from this request to the next one.

And so if we take a look at the view source of this,

we can see the two tricks that are happening.

So the first thing that happens is we put out href= nocookie.php and

then PHP added ?PHPSESSID.

So if you click on this anchor tag, that's the click it's going to go to and so

the session ID is being passed as a getParameter.

So that's how you do it for

anchor tags that are going back to the same application.

For the form, so we have a hidden field right here that is added by PHP.

So if you'll notice,

we didn't put this out, added by PHP, which is the session ID.

And it's that same ID, the same identifier, that identifier and

that identifier.

I don't know why it's wrong there, but it's okay.

That should be the same there.

So there's our session, and away we go.

So if we hit a form, we send in post data, and session start,

whether it's a get or a post, session [SOUND] start [SOUND] looks for

those things and away you go, okay?

So then what happens is if we click the button,

in this case I click the GET request, okay?

And we've added one in the session, so it's now one and away you go.

And you can see the only kind of compromise that you

have is on GET request, you see the session ID.

On a POST request, you don't because it's hidden,

but there's no way to hide it from a GET request.

So that's basically how you do cookieless [SOUND] sessions.

And that's just a whoosh by.

You can read up on how that works on the Internet.

Session ID isn't in everything.

It's not automatically added.

But basically hrefs in forums, they get added automatically.

We'll learn sometimes while we're talking to URLs that are not just hrefs or forms.

But basically the URL, we've revealed that and if you like copy and

paste the URL, you got other ways to have to protect the session

because it's revealed to the user and they might bookmark it.

And so if you're going to do these cookieless sessions,

there is few more things that you have to learn.

Okay, but for 99% of you, we're going to use cookies to do sessions.

Sessions and cookies work really well in PHP with a dollar underscore cookie,

the set cookie call, the dollar underscore session, and the session start, and

the session destroy make things happen really easily.

And so up next,

we're going to learn a lot more about what we might do with these sessions in PHP.

Explora nuestro catálogo

Inscríbete de manera gratuita y obtén recomendaciones personalizadas, actualizaciones y ofertas.

Coursera brinda acceso universal a la mejor educación del mundo, al asociarse con las mejores universidades y organizaciones, para ofrecer cursos en línea.

© 2019 Coursera Inc. Todos los derechos reservados.

Descargar en la App Store

Consíguelo en Google Play