Sunday 8 June 2014

PHP Sessions and Cookie and Security

PHP Session
Session is Super global variable, that preserve certain data across multiple requests. A visitor accessing your web-site is assigned a unique id, the so-called session id. Its either stored in a cookie on the user side OR is propagated in the URL.

Why its is used
1. Get the Number of unique visitor
2. For Login functionality we need this.
3. It tell us whether user is registered OR not.

Requirements 
No external libraries are needed to build this extension.

Installation 
Session is enabled in PHP by default. If you would not like to build your PHP with session support, you should specify the
--disable-session

Session configuration options
NameDefaultChangeableChangelog
session.save_path""PHP_INI_ALL
session.name"PHPSESSID"PHP_INI_ALL
session.save_handler"files"PHP_INI_ALL
session.auto_start"0"PHP_INI_PERDIR
session.gc_probability"1"PHP_INI_ALL
session.gc_divisor"100"PHP_INI_ALLAvailable since PHP 4.3.2.
session.gc_maxlifetime"1440"PHP_INI_ALL
session.serialize_handler"php"PHP_INI_ALL
session.cookie_lifetime"0"PHP_INI_ALL
session.cookie_path"/"PHP_INI_ALL
session.cookie_domain""PHP_INI_ALL
session.cookie_secure""PHP_INI_ALLAvailable since PHP 4.0.4.
session.cookie_httponly""PHP_INI_ALLAvailable since PHP 5.2.0.
session.use_strict_mode"0"PHP_INI_ALLAvailable since PHP 5.5.2.
session.use_cookies"1"PHP_INI_ALL
session.use_only_cookies"1"PHP_INI_ALLAvailable since PHP 4.3.0.
session.referer_check""PHP_INI_ALL
session.entropy_file""PHP_INI_ALL
session.entropy_length"0"PHP_INI_ALL
session.cache_limiter"nocache"PHP_INI_ALL
session.cache_expire"180"PHP_INI_ALL
session.use_trans_sid"0"PHP_INI_ALLPHP_INI_ALL in PHP <= 4.2.3. PHP_INI_PERDIR in PHP < 5. Available since PHP 4.0.3.
session.bug_compat_42"1"PHP_INI_ALLAvailable since PHP 4.3.0. Removed in PHP 5.4.0.
session.bug_compat_warn"1"PHP_INI_ALLAvailable since PHP 4.3.0. Removed in PHP 5.4.0.
session.hash_function"0"PHP_INI_ALLAvailable since PHP 5.0.0.
session.hash_bits_per_character"4"PHP_INI_ALLAvailable since PHP 5.0.0.
url_rewriter.tags"a=href,area=href,frame=src,form=,fieldset="PHP_INI_ALLAvailable since PHP 4.0.4.
session.upload_progress.enabled"1"PHP_INI_PERDIRAvailable since PHP 5.4.0.
session.upload_progress.cleanup"1"PHP_INI_PERDIRAvailable since PHP 5.4.0.
session.upload_progress.prefix"upload_progress_"PHP_INI_PERDIRAvailable since PHP 5.4.0.
session.upload_progress.name"PHP_SESSION_UPLOAD_PROGRESS"PHP_INI_PERDIRAvailable since PHP 5.4.0.
session.upload_progress.freq"1%"PHP_INI_PERDIRAvailable since PHP 5.4.0.
session.upload_progress.min_freq"1"PHP_INI_PERDIRAvailable since PHP 5.4.0.


How to set the Cookie?
bool setcookie ($name, $value);//set the cookie
bool setcookie ($name, $value,time()+3600); //set the cookie with expire 1 hour
bool setcookie ($name, $value, $expire = 0, $path, $domain, $secure = false, $httponly = false );//all parameter of set cookie
bool setrawcookie ($name, $value, $expire = 0, $path, $domain, $secure = false, $httponly = false );//Send a cookie without urlencoding the cookie value
Parameter of set_cookie function
name: The name of the cookie.
value: The value of the cookie. This value is stored on the clients computer; do not store sensitive information.
expire: The time the cookie expires. This is a Unix timestamp so is in number of seconds since the epoc. If set to 0, or omitted, the cookie will expire when the browser closes.
path: The path on the server in which the cookie will be available on. If set to '/', the cookie will be available within the entire domain.
domain: The domain that the cookie is available to.
secure: Indicates that the cookie should only be transmitted over a secure HTTPS connection from the client. 
httponly: When TRUE the cookie will be made accessible only through the HTTP protocol. 

How to get cookie?
echo $_COOKIE["cookieName"];

How to print all cookie?
print_r($_COOKIE);

How to delete a cookie?
setcookie ("cookieName", "", time() - 60);

How to set Array Cookie?
setcookie("cookieName[one]", "c_1");
setcookie("cookieName[three]", "c_2");
setcookie("cookieName[two]", "c_3");

How to get Array cookie?
print_r($_COOKIE["cookieName"]);