Home
>
Web Development
>
Developing State-enabled Applications With PHP

Developing State-enabled Applications With PHP

Installment 1

When a user is browsing through a website and is surfing from one web page to another, sometimes the website needs to remember the actions (e.g. choices) performed by the user. For example, in a website that sells DVDs, the user typically browses through a list of DVDs and selects individual DVDs for check out at the end of the shopping session. The website needs to remember which DVDs the user has selected because the selected items needs to be presented again to the user when the user checks out. In other words, the website needs to remember the State - i.e. the selected items - of the user's browsing activities.

However, HTTP is a Stateless protocol and is ill-equipped to handle States. A standard HTML website basically provides information to the user and a series of links that simply directs the user to other related web pages. This Stateless nature of HTTP allows the website to be replicated across many servers for load balancing purposes. A major drawback is that while browsing from one page to another, the website does not remember the State of the browsing session. This make interactivity almost impossible.

In order to increase interactivity, the developer can use the session handling features of PHP to augment the features of HTTP in order to remember the State of the browsing session. The are basically 2 ways PHP does this:

1. Using cookies
2. Using Sessions

The next installment discusses how to manage sessions using cookies...

Installment 2

Cookies are used to store State-information in the browser. Browsers are allowed to keep up to 20 cookies for each domain and the values stored in the cookie cannot exceed 4 KB. If more than 20 cookies are created by the website, only the latest 20 are stored. Cookies are only suitable in instances that do not require complex session communications and are not favoured by some developers because of privacy issues. Furthermore, some users disable support for cookies at their browsers.

The following is a typical server-browser sequence of events that occur when a cookie is used:

1. The server knows that it needs to remember the State of browsing session

2. The server creates a cookie and uses the Set-Cookie header field in the HTTP response to pass the cookie to the browser

3. The browser reads the cookie field in the HTTP response and stores the cookie

4. This cookie information is passed along future browser-server communications and can be used in the PHP scripts as a variable

PHP provides a function called setcookie() to allow easy creation of cookies. The syntax for setcookie is: int setcookie(string name, [string val], [int expiration_date], [string path], string domain, [int secure])

The parameters are:

1. name - this is a mandatory parameter and is used subsequently to identify the cookie

2. value - the value of the cookie - e.g. if the cookie is used to store the name of the user, the value parameter will store the actual name - e.g. John

3. expiration_date - the lifetime of the cookie. After this date, the cookie expires and is unusable

4. path - the path refers to the URL from which the cookie is valid and allowed

5. domain - the domain the created the cookie and is allowed to read the contents of the cookie

6. secure - specifies if the cookie can be sent only through a secure connection - e.g. SSL enable sessions

The following is an example that displays to the user how many times a specific web page has been displayed to the user. Copy the code below (both the php and the html) into a file with the .php extension and test it out.

[?php //check if the $count variable has been associated with the count cookie if (!isset($count)) {

$count = 0; } else {

$count++; } setcookie("count", $count, time()+600, "/", "", 0); ?]

[html]

[head]

[title]Session Handling Using Cookies[/title]

[/head]

[body]

This page has been displayed: [?=$count ?] times.

[/body] [/html]

The next installment discusses how to manage sessions using PHP session handling functions with cookies enabled...

Installment 3

PHP Session Handling - Cookies Enabled

Instead of storing session information at the browser through the use of cookies, the information can instead be stored at the server in session files. One session file is created and maintained for each user session. For example, if there are three concurrent users browsing the website, three session files will be created and maintained - one for each user. The session files are deleted if the session is explicitly closed by the PHP script or by a daemon garbage collection process provided by PHP. Good programming practice would call for sessions to be closed explicitly in the script.

The following is a typical server-browser sequence of events that occur when a PHP session handling is used:

1. The server knows that it needs to remember the State of browsing session

2. PHP generates a sssion ID and creates a session file to store future information as required by subsequent pages

3. A cookie is generated wih the session ID at the browser

4. This cookie that stores the session ID is transparently and automatically sent to the server for all subsequent requests to the server

The following PHP session-handling example accomplishes the same outcome as the previous cookie example. Copy the code below (both the php and the html) into a file with the .php extension and test it out.

[?php //starts a session session_start();

//informs PHP that count information needs to be remembered in the session file if (!session_is_registered("count")) {

session_register("count");

$count = 0; } else {

$count++; }

$session_id = session_id(); ?]

[html]

[head]

[title]PHP Session Handling - Cookie-Enabled[/title]

[/head]

[body]

The current session id is: [?=$session_id ?]

This page has been displayed: [?=$count ?] times.

[/body] [/html]

A summary of the functions that PHP provides for session handling are:

1. boolean start_session() - initializes a session

2. string session_id([string id]) - either returns the current session id or specify the session id to be used when the session is created

3. boolean session_register(mixed name [, mixed ...]) - registers variables to be stored in the session file. Each parameter passed in the function is a separate variable

4. boolean session_is_registered(string variable_name) - checks if a variable has been previously registered to be stored in the session file

5. session_unregister(string varriable_name) - unregisters a variable from the session file. Unregistered variables are no longer valid for reference in the session.

6. session_unset() - unsets all session variables. It is important to note that all the variables remain registered.

7. boolean session_destroy() - destroys the session. This is opposite of the start_session function.

The next installment discusses how to manage sessions using PHP session handling functions when cookies are disabled...

Installment 4

PHP Session Handling - Without Cookies

If cookies are disabled at the browser, the above example cannot work. This is because although the session file that stores all the variables is kept at the server, a cookie is still needed at the browser to store the session ID that is used to identify the session and its associated session file. The most common way around this would be to explicitly pass the session ID back to the server from the browser as a query parameter in the URL.

For example, the PHP script generates requests subsequent to the start_session call in the following format: http://www.yourhost.com/yourphpfile.php?PHPSESSID=[actual session ID]

The following are excerpts that illustrate the discussion:

Manually building the URL:
$url = "http://www.yoursite.com/yourphppage.php?PHPSESSID=" . session_id(); [a href="[?=$url ?]"]Anchor Text[/a]

Building the URL using SID:
[a href="http://www.yoursite.com/yourphppage.php?[?=SID ?]"]Anchor Text[/a]

Used with the author's permission.

This article is written by John L.
John L is the Webmaster of designer banners (designer banners).

best cleaning company Lincolnshire ..

In The News:

Ghost-tapping scammers exploit wireless technology to drain accounts through small transactions, but RFID-blocking wallets and transaction alerts can protect you.

French pilot project demonstrates wireless charging roads that can deliver over 300 kilowatts of power to EVs while driving, potentially eliminating range anxiety.

YouTube's Ghost Network spreads information-stealing malware through thousands of fake videos offering cracked software, using compromised accounts and fake engagement.

Protect your privacy by disabling your smart TV microphone. Most TVs have hidden mics that listen even when voice commands are off. Learn quick steps to stop unwanted audio capture.

SessionReaper vulnerability hits Magento and Adobe Commerce stores, compromising 250+ sites in one day. Hackers steal data and hijack shopping sessions.

Master essential parental controls and digital safety tools to protect your kids online. Learn screen time limits, location settings and privacy controls every parent needs.

Cybersecurity expert shares six essential steps to protect against dark web threats, including data removal services, password managers and antivirus software.

NVIDIA GPU space mission could revolutionize cloud services by enabling orbital data centers that make apps, games and AI tools faster and more efficient.

Stay up to date on the latest AI technology advancements and learn about the challenges and opportunities AI presents now and for the future.

Microsoft warns Windows 10 users face serious security risks as 90% of ransomware attacks target unsupported systems. Learn why upgrading to Windows 11 is crucial.

Nike unveils Project Amplify, revolutionary motorized shoes developed with Dephy that add powered assistance to every step for runners and walkers.

Cybersecurity experts warn about one of the largest credential compilations ever found, urging users to check "Have I Been Pwned" and change passwords immediately.

Quick iPhone and Android battery optimization techniques help your device stay powered all day by turning off hidden features that secretly drain power in the background.

Kodiak Driver autonomous truck achieves perfect 98 safety score, matching top human fleets in groundbreaking AI evaluation by Nauto's VERA system.

New 401k catch-up contribution rules in 2026 will change taxes for high earners over 50. Learn how scammers exploit these changes and protect your retirement savings.

Kurt Knutsson's guide covers social media privacy protection through location settings, account privacy controls and two-factor authentication to prevent scams and data breaches.

Revolutionary retinal implant restores central vision in 80% of patients with advanced macular degeneration, offering hope where treatments once only slowed blindness.

Learn how to use passkeys on Windows and Mac computers without cameras or fingerprint readers. Discover secure authentication methods that replace passwords.

Tesla's FSD v14.1.2 update reintroduces Mad Max mode, enabling higher speeds and more frequent lane changes than the standard Hurry profile setting.

A phishing email scam targeting American Express customers shows how cybercriminals use fake urgent messages to steal personal and financial information.

Facebook's new Meta AI feature analyzes your camera roll photos to create polished collages automatically, but requires cloud processing and raises privacy concerns.

A New Jersey teenager filed a major lawsuit against AI/Robotics Venture Strategy 3 Ltd. over ClothOff, an AI tool that created fake nude images from her social media photos.

Microsoft reports Storm-2657 cybercriminals sent phishing emails to 6,000 addresses at 25 universities to steal payroll credentials and redirect funds.

Astronomers have discovered asteroid 2025 SC79, a skyscraper-sized space rock orbiting the sun in just 128 days. the second-fastest known.

The Fox News AI Newsletter delivers the latest developments form the world of artificial intelligence, including the technology's challenges and opportunities.

Developing State-enabled Applications With PHP

Web Development