Developing State-enabled Applications With PHP by John L
Installment 1
Developing State-enabled Applications With PHP
When a user is browsing through a website and is surfing from one web page to
another, sometimes the website needs to remember the actions (e.g. choices)
performed by the user. For example, in a website that sells DVDs, the user
typically browses through a list of DVDs and selects individual DVDs for check
out at the end of the shopping session. The website needs to remember which
DVDs the user has selected because the selected items needs to be presented
again to the user when the user checks out. In other words, the website needs
to remember the State - i.e. the selected items - of the user's browsing
activities.
However, HTTP is a Stateless protocol and is ill-equipped to handle States. A
standard HTML website basically provides information to the user and a series
of links that simply directs the user to other related web pages. This
Stateless nature of HTTP allows the website to be replicated across many
servers for load balancing purposes. A major drawback is that while browsing
from one page to another, the website does not remember the State of the
browsing session. This make interactivity almost impossible.
In order to increase interactivity, the developer can use the session handling
features of PHP to augment the features of HTTP in order to remember the State
of the browsing session. The are basically 2 ways PHP does this: 1. Using
cookies 2. Using Sessions
The next installment discusses how to manage sessions using cookies...
Installment 2
Cookies
Cookies are used to store State-information in the browser. Browsers are
allowed to keep up to 20 cookies for each domain and the values stored in the
cookie cannot exceed 4 KB. If more than 20 cookies are created by the website,
only the latest 20 are stored. Cookies are only suitable in instances that do
not require complex session communications and are not favoured by some
developers because of privacy issues. Furthermore, some users disable support
for cookies at their browsers.
The following is a typical server-browser sequence of events that occur when a
cookie is used: 1. The server knows that it needs to remember the State of
browsing session 2. The server creates a cookie and uses the Set-Cookie header
field in the HTTP response to pass the cookie to the browser 3. The browser
reads the cookie field in the HTTP response and stores the cookie 4. This
cookie information is passed along future browser-server communications and can
be used in the PHP scripts as a variable
PHP provides a function called setcookie() to allow easy creation of cookies.
The syntax for setcookie is: int setcookie(string name, [string val], [int
expiration_date], [string path], string domain, [int secure])
The parameters are: 1. name - this is a mandatory parameter and is used
subsequently to identify the cookie 2. value - the value of the cookie - e.g.
if the cookie is used to store the name of the user, the value parameter will
store the actual name - e.g. John 3. expiration_date - the lifetime of the
cookie. After this date, the cookie expires and is unusable 4. path - the path
refers to the URL from which the cookie is valid and allowed 5. domain - the
domain the created the cookie and is allowed to read the contents of the cookie
6. secure - specifies if the cookie can be sent only through a secure
connection - e.g. SSL enable sessions
The following is an example that displays to the user how many times a specific
web page has been displayed to the user. Copy the code below (both the php and
the html) into a file with the .php extension and test it out.
[?php //check if the $count variable has been associated with the count cookie
if (!isset($count)) { $count = 0; } else { $count++; } setcookie("count",
$count, time()+600, "/", "", 0); ?]
[html] [head] [title]Session Handling Using Cookies[/title] [/head] [body] This
page has been displayed: [?=$count ?] times. [/body] [/html]
The next installment discusses how to manage sessions using PHP session
handling functions with cookies enabled...
Installment 3
PHP Session Handling - Cookies Enabled
Instead of storing session information at the browser through the use of
cookies, the information can instead be stored at the server in session files.
One session file is created and maintained for each user session. For example,
if there are three concurrent users browsing the website, three session files
will be created and maintained - one for each user. The session files are
deleted if the session is explicitly closed by the PHP script or by a daemon
garbage collection process provided by PHP. Good programming practice would
call for sessions to be closed explicitly in the script.
The following is a typical server-browser sequence of events that occur when a
PHP session handling is used: 1. The server knows that it needs to remember the
State of browsing session 2. PHP generates a sssion ID and creates a session
file to store future information as required by subsequent pages 3. A cookie is
generated wih the session ID at the browser 4. This cookie that stores the
session ID is transparently and automatically sent to the server for all
subsequent requests to the server
The following PHP session-handling example accomplishes the same outcome as the
previous cookie example. Copy the code below (both the php and the html) into a
file with the .php extension and test it out.
[?php //starts a session session_start();
//informs PHP that count information needs to be remembered in the session file
if (!session_is_registered("count")) { session_register("count"); $count = 0; }
else { $count++; }
$session_id = session_id(); ?]
[html] [head] [title]PHP Session Handling - Cookie-Enabled[/title] [/head]
[body] The current session id is: [?=$session_id ?] This page has been
displayed: [?=$count ?] times. [/body] [/html]
A summary of the functions that PHP provides for session handling are: 1.
boolean start_session() - initializes a session 2. string session_id([string
id]) - either returns the current session id or specify the session id to be
used when the session is created 3. boolean session_register(mixed name [,
mixed ...]) - registers variables to be stored in the session file. Each
parameter passed in the function is a separate variable 4. boolean
session_is_registered(string variable_name) - checks if a variable has been
previously registered to be stored in the session file 5.
session_unregister(string varriable_name) - unregisters a variable from the
session file. Unregistered variables are no longer valid for reference in the
session. 6. session_unset() - unsets all session variables. It is important to
note that all the variables remain registered. 7. boolean session_destroy() -
destroys the session. This is opposite of the start_session function.
The next installment discusses how to manage sessions using PHP session
handling functions when cookies are disabled...
Installment 4
PHP Session Handling - Without Cookies
If cookies are disabled at the browser, the above example cannot work. This is
because although the session file that stores all the variables is kept at the
server, a cookie is still needed at the browser to store the session ID that is
used to identify the session and its associated session file. The most common
way around this would be to explicitly pass the session ID back to the server
from the browser as a query parameter in the URL.
For example, the PHP script generates requests subsequent to the start_session
call in the following format:
http://www.yourhost.com/yourphpfile.php?PHPSESSID=[actual session ID]
The following are excerpts that illustrate the discussion:
Manually building the URL: $url =
"http://www.yoursite.com/yourphppage.php?PHPSESSID=" . session_id(); [a
href="[?=$url ?]"]Anchor Text[/a]
Building the URL using SID: [a
href="http://www.yoursite.com/yourphppage.php?[?=SID ?]"]Anchor Text[/a]
About the Author
This PHP scripting article is written by John L. John L is the Webmaster of The
Ultimate BMW Blog! (http://www.bimmercenter.com).
The Ultimate BMW Blog!
|
