In this course, we'll look at the object oriented patterns available in PHP. You'll learn how to connect to a MySQL using the Portable Data Objects (PDO) library and issue SQL commands in the the PHP language. We'll also look at how PHP uses cookies and manages session data. You'll learn how PHP avoids double posting data, how flash messages are implemented, and how to use a session to log in users in web applications. We'll then build the first 'complete' application that has multiple screens to Create, Read, Update and Delete (CRUD) our data. This brings all the previous concepts together and will form the basis for all later web applications.
Sessions Without Cookies
Loading...
Del curso dictado por University of Michigan
Building Database Applications in PHP
150 calificaciones
University of Michigan
150 calificaciones
Curso 3 de 4 en SpecializationWeb Applications for Everybody
De la lección
PHP Cookies and Sessions
We look at how PHP uses cookies and manages session data.
Conoce a los instructores
Charles SeveranceAssociate Professor
School of Information
So I just got done talking with you about how PHP uses cookies and sessions.
But there's a really cool feature in PHP that has to do with
sessions that don't require cookies.
Now it's a kind of a narrow application.
Probably 99% of the applications just use sessions.
But the applications that I work on personally have to do with
teaching and learning.
So you might have the same application and in one course, you're a teacher and
in another course, you're a student.
And you might want to have both of those courses open up into two tabs at the same
time, whereas there's one cookie for both of those tabs for one website.
So if you want to have a different session in one tab than the other tab, you can't
use cookies for that and that's why I know and like sessions without cookies.
So basically most applications, like I said 99% of them, just use cookies and
don't worry about it.
Just don't think about it, but if you really need to function with an iframe or
have more than one session active, away you go.
And it's really cool for PHP.
So here's a little bit of code and I'll sort of walk you through this.
How we can actually make sessions work without cookies.
Okay, so here's some magic bits and you can go Google how you do this.
But this basically says we're not going to use cookies for our sessions and
we're going to transform the output automatically
to make it as easy as possible for doing this.
We do a session start the same as we ever do, and there's some screen there,
and this code is pretty much the same as before
where we're going to have sessions of value.
If it's empty, we're going to set it to zero.
If it's below three, we're going to add one to it.
And then if it's above three, we're going to destroy it and restart it.
So it's the same, zero, one, two, three, zero, one, two, empty,
zero, one, two, three.
And so that's what it is and we got both a form that we're going to submit and
a href that we're going to submit, to click back and forth.
So this is how this works.
So if we take a look at this, we want to make it so
that we're passing this identifier.
We still end up with a session identifier.
The place that it's stored on disc is the exact same thing.
But we need to pass this from one request to another.
And so we either have a form right here that we can submit or
we can click on the anchor tag.
But we have to somehow pass from this request to the next one.
And so if we take a look at the view source of this,
we can see the two tricks that are happening.
So the first thing that happens is we put out href= nocookie.php and
then PHP added ?PHPSESSID.
So if you click on this anchor tag, that's the click it's going to go to and so
the session ID is being passed as a getParameter.
So that's how you do it for
anchor tags that are going back to the same application.
For the form, so we have a hidden field right here that is added by PHP.
So if you'll notice,
we didn't put this out, added by PHP, which is the session ID.
And it's that same ID, the same identifier, that identifier and
that identifier.
I don't know why it's wrong there, but it's okay.
That should be the same there.
So there's our session, and away we go.
So if we hit a form, we send in post data, and session start,
whether it's a get or a post, session [SOUND] start [SOUND] looks for
those things and away you go, okay?
So then what happens is if we click the button,
in this case I click the GET request, okay?
And we've added one in the session, so it's now one and away you go.
And you can see the only kind of compromise that you
have is on GET request, you see the session ID.
On a POST request, you don't because it's hidden,
but there's no way to hide it from a GET request.
So that's basically how you do cookieless [SOUND] sessions.
And that's just a whoosh by.
You can read up on how that works on the Internet.
Session ID isn't in everything.
It's not automatically added.
But basically hrefs in forums, they get added automatically.
We'll learn sometimes while we're talking to URLs that are not just hrefs or forms.
But basically the URL, we've revealed that and if you like copy and
paste the URL, you got other ways to have to protect the session
because it's revealed to the user and they might bookmark it.
And so if you're going to do these cookieless sessions,
there is few more things that you have to learn.
Okay, but for 99% of you, we're going to use cookies to do sessions.
Sessions and cookies work really well in PHP with a dollar underscore cookie,
the set cookie call, the dollar underscore session, and the session start, and
the session destroy make things happen really easily.
And so up next,
we're going to learn a lot more about what we might do with these sessions in PHP.
Explora nuestro catálogo
Inscríbete de manera gratuita y obtén recomendaciones personalizadas, actualizaciones y ofertas.
Coursera brinda acceso universal a la mejor educación del mundo, al asociarse con las mejores universidades y organizaciones, para ofrecer cursos en línea.
© 2018 Coursera Inc. Todos los derechos reservados.
