Embedded Files
- What's Cookie?
1.1 Cookies
1.1 Cookies
Cookies are small text files that is stored on client browser when user load any which page
2. What is Session?
2. What is Session?
2.1 Session
2.1 Session
Session is life personal data that is store on Server
3. Your Project and Virtual host
3. Your Project and Virtual host
3.1 Assumption, You're being have project: Cookie
3.1 Assumption, You're being have project: Cookie
Path
D:\Projects\test\cookie
3.2 Set virtual host for Cookie project
3.2 Set virtual host for Cookie project
<VirtualHost cookie.local:80>
DocumentRoot "D:/Projects/test/cookie"
ServerName cookie.local
<Directory D:/Projects/test/cookie>
#AllowOverride none
AllowOverride All
Require all granted
DirectoryIndex index.php
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
4. Cookie Struct
4. Cookie Struct
4.1 Struct
4.1 Struct
Cookie
|
|__index.php
| |__//This is homepage, you need to
| | have permission to go to this page
| | after login
| |__//Will redirect to login page
| if you're not logged in
|
|__login.php
|
|__layout.php
| |__//This main layout that another page
| need to extend
|
|__transfer.php
| |__//This is transfer page, you need to
| have permission to go to this page
| after login. You can transfer amount at here
| |__//Will redirect to login page
| if you're not logged in
|
|__logout.php
|
|__src
| |__config
| |__config.php
| |__//contain ussername && pass login
|
5. Demo
5. Demo
5.1 Layout.php
5.1 Layout.php
<?php
session_start(); /* Starts the session */
if($_SESSION['Active'] == false){ /* Redirects user to Login.php if not logged in */
header("location:login.php");
exit;
}
require __DIR__ . '/src/support/helper/helpers.php';
?>
<head>
...
</head>
<div class="header clearfix">
...
</div>
5.2 Login.php
5.2 Login.php
<?php
// For storing username and password.
require_once (__DIR__.'/src/config/config.php');
session_start();
var_dump('Session', $_SESSION);
var_dump('Cookie', $_COOKIE);
?>
<form action="" method="post"
name="Login_Form" class="form-signin">
……
<?php
/* Check if login form has been submitted */
if(isset($_POST['Submit'])){
// Rudimentary hash check
$result = password_verify($_POST['Password'], $Password);
/* Check if form's username and password matches */
if(($_POST['Username'] == $Username)
&& ($result === true))
{
/* Success: Set session variables
and redirect to protected page */
$_SESSION['Username'] = $Username;
$_SESSION['Balance'] = $Balance;
$_SESSION['Active'] = true;
header("location:index.php");
exit;
} else {?>
<!-- Show an error alert -->
<strong>Warning!</strong> Incorrect information.
<?php
}
}?>
</form>
5.3.1 Result
D:\Projects\test\cookie\login.php:6:string 'Session' (length=7)
D:\Projects\test\cookie\login.php:6:
array (size=0)
empty
D:\Projects\test\cookie\login.php:7:string 'Cookie' (length=6)
D:\Projects\test\cookie\login.php:7:
array (size=1)
'PHPSESSID' => string 'c6ndu7f9cov3j27bnalfnlqls0' (length=26)
5.3.2 Explain
The first time, you run url above, you don't have login yet, therefore you don't have empty session
But because this is the first time you go to that url, PHP server will generate $_COOKIE with PHPSESSIONID to identify you are who. PHPSESSIONID will sent to user client browser. After that, every time you have a request to PHP server, so your browser will send that cookie to PHP server
Where is PHP Session stored?
D:\Xampp\tmp\sess_c6ndu7f9cov3j27bnalfnlqls0
|__empty file
5.4.1 Submit login form
Please sign in
Username:….
Password:…..
Sign in button
5.5.1 Code
<?php
require __DIR__ . '/layout.php';
var_dump('Session', $_SESSION);
var_dump('Cookie', $_COOKIE);
?>
<!-- Show password protected content down here -->
<!DOCTYPE html>
<html>
<head>
<title>Logged in</title>
</head>
<body>
<div class="container">
<div class="jumbotron">
<h1>Status: logged in</h1>
<p class="lead">This is Banking</p>
<p class="lead">Your Balance:
<span style="color: red;">
<?php echo '$'
.number_format($_SESSION['Balance']);
?>
</span>
</p>
<p>
<a class="btn btn-lg btn-success"
href="logout.php" role="button">
Log out
</a>
</p>
</div>
</div>
</body>
</html>
5.5.2 Result
D:\Projects\test\cookie\index.php:3:string 'Session' (length=7)
D:\Projects\test\cookie\index.php:3:
array (size=3)
'Username' => string 'quoc' (length=4)
'Balance' => string '1000000' (length=7)
'Active' => boolean true
D:\Projects\test\cookie\index.php:4:string 'Cookie' (length=6)
D:\Projects\test\cookie\index.php:4:
array (size=1)
'PHPSESSID' => string 'c6ndu7f9cov3j27bnalfnlqls0' (length=26)
Status: logged in
This is Banking
Your Balance: $1,000,000
Logout Button
5.5.3 Explain
After you're logged, your info will stored in SESSION on server. User will tell to php server via COOKIE
Where is PHP Session stored?
D:\Xampp\tmp\sess_c6ndu7f9cov3j27bnalfnlqls0
|
|__Username|s:4:"quoc";Balance|s:7:"1000000";
Active|b:1;
5.6.1 will redirect to login page
5.6.2 Result
D:\Projects\test\cookie\login.php:6:string 'Session' (length=7)
D:\Projects\test\cookie\login.php:6:
array (size=0)
empty
D:\Projects\test\cookie\login.php:7:string 'Cookie' (length=6)
D:\Projects\test\cookie\login.php:7:
array (size=1)
'PHPSESSID' => string 'c6ndu7f9cov3j27bnalfnlqls0' (length=26)
5.6.3 Recheck session on PHP server
Where is PHP Session stored?
D:\Xampp\tmp\sess_c6ndu7f9cov3j27bnalfnlqls0
|__empty file
5.7.1 Result
D:\Projects\test\cookie\login.php:6:string 'Session' (length=7)
D:\Projects\test\cookie\login.php:6:
array (size=0)
empty
D:\Projects\test\cookie\login.php:7:string 'Cookie' (length=6)
D:\Projects\test\cookie\login.php:7:
array (size=1)
'PHPSESSID' => string '1ks2vab50a8lkb4ug0cimmedqj' (length=26)
5.7.2 Explain
After user remove current COOKIE of browser, when user reload login page so PHP Server will generate new PHPSESSID and send it to client browser via COOKIE
Where is PHP Session stored?
D:\Xampp\tmp\sess_1ks2vab50a8lkb4ug0cimmedqj
|
|__Empty
Reference: https://github.com/truemenews/cookie
Page updated
Google Sites
Report abuse