cookies in php lecture 1

© Copyright 2012 Hidaya Trust (Pakistan) ● A Non-Profit Organization ● www.hidayatrust.org / www,histpk.org

Hidaya Institute of Science &

Technologywww.histpk.org

A Division of Hidaya Trust, Pakistan


COOKIES


Did you know?

“ Cookies were invented by Netscape, which wanted to use them for creating a shopping cart for an online shop. Thanks to cookies people were able to keep items in their cart, even after

disconnecting from the shop. ”


• What are Cookies?

• What information Cookies Store?

• Why Cookies are Needed?

• How to Enable Cookies?

• How Cookies Work?

• Where Cookies Reside?

• Types of Cookies

• Malicious Cookie Usage

Topics To be Covered


Lecture# 1


• A little piece of data that is stored in a file (format depends on browser) on the user / client machine.

• On the request of a webserver, your browser creates such a file (cookie).

• Each time the user goes to a webpage this (cookie) information can be requested by the webpage.

• The webserver can read and write content from and to this file.

What are Cookies?


Cookie can hold any information, but usually applications use cookies to store user's specific information (login, encrypted password, last visited date, etc).

What information Cookies Store?


When dealing with cookies, you should be aware of some ground rules:

• Cookies are used to record information about your activities on a particular domain, therefore they can only be read / write by the domain that created them and their subdomains.

• According to the HTTP protocol, cookies can’t be larger than 4096 Bytes (4KB) each.

• Usually, A maximum of 20 cookies can be stored on a user’s PC / Client per domain, but may differ on different browser.

• Usually total number of cookies on the client’s harddrive is limited to around 300 cookies. This may also differ per browser.


• Cookies are typically needed to bypass the stateless nature of the HTTP protocol, by using the client’s disk as a storage area for permanent data.

• However, they’re dependent on the client browser being configured to accept cookies.

Why Cookies are Needed?


To enable cookies in Chrome:

•Click the wrench icon.

•Select Settings.

•Click Show advanced settings.

•Click Content settings in the "Privacy" section.

•Select Allow local data to be set to allow both first-party and third-party cookies. If you only want to accept first-party cookies, check the box next to "Block all third-party cookies without exception."

How to Enable Cookies?


To enable cookies in Mozilla Firefox 3.x for Windows:

• Click Tools > Options.

• Click Privacy in the top panel.

• Set "Firefox will:" to Use custom settings for history.

• Check the box next to "Accept cookies from sites" to enable cookies.

• Click OK.

How to Enable Cookies? (contd…)


To enable cookies in Mozilla Firefox 2.x for Windows:

• Click Tools > Options.

• Click Privacy in the top panel.

• Select the checkbox labeled "Accept cookies from sites."

• Click OK.



To enable cookies in Internet Explorer 7 or 8:

• Click Start > Control Panel. (With Windows XP Classic View, click the Windows Start button >Settings > Control Panel).

• Double-click the Internet Options icon.

• Select the Privacy tab and Click Advanced.

• Select "Override automatic cookie handling" under the "Cookies" section in the Advanced Privacy Settings window.

• Select the "Accept" or "Prompt" option under "First-party Cookies."

• Select the "Accept" or "Prompt" option under "Third-party Cookies." (If you select the "Prompt" option, you'll be asked for approval every time a website attempts to send you a cookie.)

• In the Internet Options window, click OK to exit.



To enable cookies in Internet Explorer 6:

• Click Start > Control Panel. (With Windows XP Classic View, click the Windows Start button >Settings > Control Panel).

• Click Advanced.

• Select "Override Automatic Cookie Handling."

• Select the "Accept" or "Prompt" option under "First-party Cookies."

• Select the "Accept" or "Prompt" option under "Third-party Cookies." (If you select the "Prompt" option, you'll be asked for approval every time a website attempts to send you a cookie.)

• In the Internet Options window, click OK to exit.



To enable cookies in Safari:

• Go to the Safari drop-down menu.

• Select Preferences.

• Click Security in the top panel.

• Under "Accept Cookies" select Only from sites you navigate to.



• Setcookie() is to let the browser know that the server would like to create a new cookie.

• Use $_COOKIE variable (array) to retrieve a cookie.

How it works:1) initial state, just before user opens some-page.php in the browser.

$_COOKIE array is empty at this point. No cookie in the browser at this point.

How Cookies Work?


2) some-page.php sets cookie named "my-cookie" via setcookie php function, and cookie goes to the browser along with page content

$_COOKIE array is still empty at this point. Browser has cookie "my-cookie" at this point.

3) next time user opens some-page.php (or after refresh)

$_COOKIE array now contains "my-cookie". Browser still has cookie "my-cookie".

How Cookies Work? (contd…)


• In Google Chrome:

– Windows XP:C:\Users\<USERNAME>\ Local Settings\Application Data\Google \Chrome\User Data

– Windows Vista & 7:C:\Users\<USERNAME>\ AppData\Local\Google\Chrome\User Data\default

Shortcut: Go to Start -> run -> type “%USERPROFILE%”

this will view you the current user folder

Where Cookies Reside?


“ The most important thing to remember, when creating a cookie in PHP, is that you must set all cookies before you send any data to the browser. This means that you should always initialise new cookies before any output. This includes echo() or print() commands, and the <html> or <body> tags. Of course, there are some exceptions, but this is a general rule of thumb. ”

Before Setting Cookie


• Session Cookies

• Persistent Cookies

Types of Cookies


Session Cookies

• Session cookie is also called Temporary cookie

• Session cookie is stored only for your current browsing session, and is deleted from your computer when you close your browser.


setcookie() function is use to create the cookie

bool setcookie ( string name [, string value])

• name: This argument sets the name of the cookie.for example setcookie(‘mycookie’, …) will set mycookie and is called $_COOKIE['mycookie'] at server side.

• value: This will set the value of the cookie. Since this values is stored on the client browser extra care must be taken that it does not store some secure information e.g non-encrypted passwords. The value is accessed by $_COOKIE['mycookie'] at the web server.

• All the attributes are optional, only the first (name) is not optional.

Session Cookies (contd…)


<?php

setcookie(‘username‘,’admin’);

?>

<?phpecho $_COOKIE[‘username’];

?>

Setting and Retrieving Cookies


• Once a cookie has been set for a domain, it becomes available in the special $_COOKIE associative array, and its value may be accessed using standard array notation.

<?php

// if cookie present, use it

// else display generic message

if ($_COOKIE['username'])

{

echo "Welcome back, " . $_COOKIE['username'];

}

else

{

echo “You are not signed in";

}

?>

• To check whether your cookies are working correctly, use the statement <?php print_r($_COOKIE); ?> to look inside PHP’s special $_COOKIE array.

Retrieving Cookie Data


• Only strings can be stored in Cookie files.

• To store an array in a cookie, convert it to a string by using the serialize() PHP function.

• The array can be reconstructed using the unserialize() function once it had been read back in.

• Remember cookie size is limited!

NOTE: You really shouldn't use (un)serialize with cookies without encoding them. An evil user could inject ANY code in your script.

Use of encoding:

e.g: base64_encode(serialize(cookie_data))

Storing an array..


1. Change Background & foreground (text) color of webpage. Store their information in Cookies to retain changes.

2. Make Email Box, user login (use cookies in login). On Welcome page, should have compose email, inbox, drafts, sent, trash. Make complete Email Box System. Note: Emails should be stored in database.

Assignments


Username:

Password:

[email protected]

……….

Login

Enter Username &

Password

Click

ComposeInboxSentTrashDraft

Welcome “Ali”

Email System

To

Sub

Cc

Message

Send


Welcome “Ali”

Email System

Check Name Subject Check Name Subject

Ali GreetingsAli Greetings

Ahmed WorkAhmed Work

Aslam AssignmentAslam Assignment

Delete


Welcome “Ali”

Email System


Ali Greetings ReplyAli Greetings Reply



Delete


Welcome “Ali”

Email System


Ali GreetingsAli Greetings



Delete

cookies in php lecture 1

Education

cookies copyright

cookies people

cookies work

hidaya trust pakistan

information cookies

pakistan copyright

nonprofit organization

thirdparty cookies wit