PHP Sessions and Cookies

When working with Web Applications, each request to the Web Server is independent of each other. HTTP is a stateless protocol so it does not know one request to another. In PHP, there are two ways to keep state between requests. PHP sessions and cookies are the mechanisms to keep state. In this lab you will learn how to use PHP sessions and cookies.

outcomes

In this lab, you will learn to:

Use PHP sessions.
Use PHP cookies to remember users.
Use PHP sessions and cookies as an access control mechanism.

videos:

Before you start this lab, review these videos.

Sessions for Remembering Users

Sessions for Access Control

PHP Cookies

Overview

The development of this document is funded by the Boston Area Advanced Technological Education Connections (BATEC) Grant No. NSF-0703097 thru Bunker Hill Community College.

HTTP is a stateless protocol that uses TCP as its transport to ESTABLISH sessions between a client and a server. The word stateless implies that the protocol will not remember any user from one session to the next. Each time your browser refreshes or you navigate to a different page, a new session is established. Code adjustments must be made to counteract this behavior, such as with PHP sessions and PHP cookies. In this lab, we will implement both PHP sessions and cookies.

PHP Sessions and Cookies

Courses

Pentesting and Understanding Vulnerabilities - Skill Labs

Key terms and descriptions

HTTP

HTTP is an application layer protocol that allows web browsers to communicate with web servers.

HTML

The Hypertext Markup Language (HTML) is the standard format of a web page.

PHP

PHP is a server-side scripting language used to create web applications. PHP code is processed on a web server into an HTML web page that is then sent to the web browser.

PHP session

A PHP session is an object that stores information about a particular user's interaction with a web application.