C # basic knowledge of System Application Cookie/Session and php reading Cookie/Session

Source: Internet
Author: User
Tags set cookie

This article focuses on the Cookie-related knowledge in the system application Articles of the graduation project "personal computer use record cleanup software" series, this section describes the basic knowledge of cookies and the two Session management mechanisms of Cookie and Session in PHP. combine your PHP courses and cookies. reminder: because the author wrote a little late, his ideas were a little messy, and he was not satisfied with the article discussion and layout. It was too disorganized. Please try again!

I. Basic cookie knowledge

<一> . What is Cookie?
Cookies/Cookies set the data (usually encrypted) stored on the Client Side on some websites to protect user identities ), it is a mechanism for storing data on a remote browser and tracking and identifying users. (see Wikipedia http://zh.wikipedia.org/wiki/Cookie)
Cookies are always stored on the client. They are divided into memory cookies and hard disk cookies Based on the storage location on the client. the memory Cookie is maintained by the browser and saved in the memory. When the browser is closed, it will disappear. hard Disk cookies are stored in the hard disk. They will be saved for a long time unless they are manually cleared or expired.

<二> . Cookie Working Principle
A Cookie is generated by the server by adding special instructions to the HTTP response header and sent to the browser. The browser saves the Cookie value to a directory folder, send the Cookie to the server the next time you request the same website. the server can set or read information contained in Cookies to maintain the state of the user's session with the server. among them, the most typical application of Cookies is to determine the user login website information and save the website input text | select and other page information.
The Cookie mechanism is perfectly interpreted.

<三> . Windows file path (Supplement)
Next we will add the browser history and Cookie storage location related to this project to clear the history records (for your computer only ).
1. in Windows, the Cookie is saved at "C: \ Users \ dell \ AppData \ Roaming \ Microsoft \ Windows \ Cookies ". cookie records information such as user ID, password, browser webpage, and stay time. as shown in:

2. in Windows, the Temporary Internet Files are stored in "C: \ Users \ dell \ AppData \ Local \ Microsoft \ Windows \ Temporary Internet Files ", it stores the content of recently browsed web pages (web pages, images, media copies, etc.) for fast query and speed improvement in the future. as shown in:

3. in Windows, the path of the IE History is "C: \ Users \ dell \ AppData \ Local \ Microsoft \ Windows \ History". The historical records are the addresses of websites that have been visited recently, it is stored by time and site. as shown in:

Ii. Basic session knowledge

<一> . What is Session?
When it comes to cookies, we have to talk about the session. What exactly is it? What are the differences between them?
Session refers to the time interval between an end user and the interactive system for communication. It usually refers to the time from entering the website to closing the browser. when a program needs to create a session for a client request, the server first checks whether the client request contains a session ID that uniquely identifies the session (stored in a local cookie ), if a session is included, it indicates that the client has already created a session, and the server will search and use the session according to the session id; if this parameter is not included, a session is created for the client and a session id associated with the session is generated (it is a unique identifier and will not be repeated and is not easy to access long string ). the session id assigned by visitors to the website is either stored in the cookie of the client (the session uses the cookie with the expiration time set to 0) or transmitted through the URL.
Session is stored on the server. When a user connects to the server, the server generates a Session ID, which is used to access the Session bucket of the server. sessionID is saved on the client and saved using cookies. When a user submits a page, the SessionID is submitted to the server to process Session data. once the Cookie is disabled on the client, the Session will also become invalid.

<二> . Session and cookie comparison
Many cookies are used in the same way as Session. The two methods store user interaction information. Their differences are as follows:
1. The biggest difference between the two is that the cookie is stored in a small segment of information on the client, which is completely stored on the user's computer and loaded into the browser cache; session data is stored on the server.
2. session usage has certain limitations, but data is stored on the server, which provides good security. cookie usage is convenient, but not secure. hackers use Cookies stored locally to perform cookie spoofing or XSS attacks. (HTTP plaintext transmission, HTTPS encryption)
3. Because the cookie is stored locally and the cookie size is limited to 4 kb, the demand for complex storage is insufficient. Because the session is stored on the server, when access increases, the server performance will be greatly occupied.
(This part of reference materials: the school "LAMPWAMP architecture and development" PPT courseware \ Article http://www.bkjia.com/kf/201206/135471.html)

3. Use cookies in PHP

<一> . Set cookie
You can use the setcookie () or setrawcookie () function to set the cookie, or you can directly send an http header to the client to set the cookie. setcookie:

// The function sends an http cookiebool setcookie (string name, // required cookie variable name string value, // required cookie variable value int expire, // optional cookie validity period End Time string path, // optional cookie is sent to the server directory path string domain, // optional cookie domain name int secure // optional whether to transmit cookie through https encrypted link)

Set multiple cookie variables setcookie ('var [a] ', 'value'); Use arrays to represent variables, use $ _ COOKIE ['var'] ['a'] to read the COOKIE variable. you can also use header () to set cookies. Readers can find information by themselves.

// Set the cookie name to abc value to 123 setcookie ("abc", "123"); // set the validity period of TestCookie to 3600 s time () returns the current time $ value = 'something'; setcookie ("TestCookie", $ value, time () + 3600); // sets the complete Cookiesetcookie ("TestCookie", $ value, time () + 3600, "/forum", "www.baidu.com", 1 );

After you use XAMPP to configure the PHP environment (the configuration process can be referred to: http://blog.csdn.net/eastmount/article/details/11823549), The firefoxfirefox browser and Firebug plug-in run the results as shown in:

<二> . Read cookie
Directly use php's built-in Super global variable $ _ COOKIE to read the cookie on the browser side.

 '; Print_r ($ _ COOKIE); // echo outputs one or more strings echo $ _ COOKIE ["TestCookie"];?>

NOTE: If echo $ HTTP_COOKIE_VARS ["TestCookie"] is used to output a variable, an error may be prompted: "Undefined variable: HTTP_COOKIE_VARS" because $ HTTP_COOKIE_VARS is not used in the new version, replace the output with $ _ COOKIE. as shown in:

The setcookie function can be used to set two cookies. The Cookie name is abc, the value is 123, the Cookie name is TestCookie, the value is something, and the expiration time is one hour later, and use print_r and echo to output.

<三> . Delete cookie
Set the effective time to a value smaller than the current time (expiration time), and set the value to null. setcookie ("TestCookie", "", time ()-1 );

 '; Print_r ($ _ COOKIE);?>

As shown in, we can see that the data of TestCookie has been deleted. Only abc data is left.

When using PHP to log on, you can use the following code, a more practical piece of code:

 

(This part of reference materials: the school "LAMPWAMP architecture and development" PPT courseware \ blog http://www.jb51.net/article/24871.htm)

4. Use Session in PHP

<一> . Session startup
Use session_start () to enable the session. The server segment generates the session ID hash value and the default PHPSESSID session name when generating the session file, and sends the PHPSESSID (session name) variable to the client ), A 128-bit hash value. the server will use this cookie to interact with the client.

 

The session sends the session ID through the cookie, that is, the server automatically sends the http header. after you jump to the new page and call session_start (), php checks the session data stored in the server segment related to the given ID. If no session data is found, a new dataset is created.

<二> . Session Access and read
Transmit the session ID through URL or pass the session value through POST. you can use PHP's built-in $ _ SESSION variable to conveniently access and assign values to the set session variable, for example, $ _ SESSION ['xxx'] = 'yyy '. use echo and print_r to output the session value.

 '; Print_r ($ _ SESSION);?>

Enter a long string corresponding to the session ID, as shown in:

<三> . Session Deletion
The deletion of a session requires three steps: first, delete the session on the server, second, delete the actual session, and third, delete the $ _ SESSION global variable array. The Code is as follows:

// Step 1 Delete the session file session_destroy (); // Step 2 Delete the actual sessionsetcookie (session_name (), '', time ()-3600 ); // Step 3: Delete the $ _ SESSION global variable array $ _ SESSION = array ();

<四> . Session Security Issues
Attackers put a lot of energy into obtaining the user's session ID, and they can have the same capabilities as this user in the system. Therefore, verifying the validity of the session ID is to protect session Security. the following code is used to determine the session username and password in the MySQL database during my PHP Project (as my future notes ):

 
 
 
 Library Management System<Script language = "javascript"> function show () {window. alert ("this function has not been added to the background system! \ N the foreground has added the delete | update | details function. ") ;}</Script>
 ....

(This part of reference materials: LAMPWAMP architecture and development courseware \ blog http://blog.sina.com.cn/s/blog_6f49a3c30100p84k.html)

V. Summary

Because the "System Application" series of articles are completed in C # language, the article describes PHP only to consolidate previous learning courses, C # is the prerequisite for reading historical records such as cookies and clearing cookies. Therefore, the title is C #. at the same time, it is true that the article was written too late, and the idea was a bit messy. This should have been one of the articles I have written, so please forgive me! This article mainly comes from the LAMPWAMP architecture and development PPT courseware, and thanks to my CR teacher and the author of the above article.
At the same time, we can clear all history records in VC-the blogger gisfarmer. This section describes how to clear temporary IE files \ Cookies \ Address history records in the browser address bar \ clear form history records using VC, it is of great help to my project. http://blog.csdn.net/gisfarmer/article/details/4327110
Finally, I hope this article will help you and respect the fruits of your work. If you have any mistakes or shortcomings, please try again! I regret that I did not write many articles in the series when I was learning PHP and digital image processing.
(By: Eastmount http://blog.csdn.net/eastmount)

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.