Académique Documents
Professionnel Documents
Culture Documents
• inserts the entire contents of the given file into the PHP script's output page
• encourages modularity
• useful for defining reused functions needed by multiple pages
Including a common HTML file
<!DOCTYPE html>
<!-- this is top.html -->
<html><head><title>This is some common code</title>
... HTML
• Including a .html file injects that HTML output into your PHP page at that
point
• useful if you have shared regions of pure HTML tags that don't contain any
PHP content
Including a common PHP file
<?php
# this is common.php
function useful($x) { return $x * $x; }
function top() {
?>
<!DOCTYPE html>
<html><head><title>This is some common code</title>
...
<?php
} PHP
include("common.php"); # this PHP file re-uses common.php's PHP code
$y = useful(42); # call a shared function
top(); # produce HTML output
...
• including a .php file injects that PHP code into your PHP file at that point
• if the included PHP file contains functions, you can call them
What is a cookie?
• cookie: a small amount of information sent by a
server to a browser, and then sent back by the
browser on future page requests
• cookies have many uses:
• authentication
• user tracking
• maintaining user preferences, shopping carts, etc.
• a cookie's data consists of a single name/value pair,
sent in the header of the client's HTTP GET or POST
request
How cookies are sent
• when the browser
requests a page, the server
may send back a cookie(s)
with it
• if your server has
previously sent any cookies
to the browser, the browser
will send them back on
subsequent requests
Cookies: keeping “state” (cont.)
client server
ebay 8734
usual http request msg Amazon server
cookie file creates ID
usual http response
1678 for user create backend
ebay 8734
set-cookie: 1678 entry database
amazon 1678
usual http request msg
cookie: 1678 cookie- access
specific
usual http response msg action
• an advertising company can put a cookie on your machine when you visit one
site, and see it when you visit another site that also uses that advertising
company
• therefore they can tell that the same person (you) visited both sites
• can be thwarted by telling your browser not to accept "third-party cookies"
How long does a cookie exist?
• session cookie : the default type; a temporary cookie that is stored only in the
browser's memory
• when the browser is closed, temporary cookies will be erased
• can not be used for tracking long-term information
• safer, because no programs other than the browser can access them
• persistent cookie : one that is stored in a file on the browser's computer
• can track long-term information
• potentially less secure, because users (or programs they run) can open cookie
files, see/change the cookie values, etc.
Setting a cookie in PHP
setcookie("name", "value"); PHP
setcookie("username", “allllison");
setcookie("age", 19); PHP
• you can also set the cookie but with an expiration that is before the present
time:
setcookie("count", 42, time() - 1); PHP
• remember that the cookie will also be deleted automatically when it expires,
or can be deleted manually by the user by clearing their browser cookies
Clearing cookies in your browser
• Chrome: Wrench → History → Clear all browsing data...
• Firefox: Firefox menu → Options → Privacy → Show Cookies... → Remove
(All) Cookies
Common cookie bugs
When you call setcookie, the cookie will be available in $_COOKIE on
the next page load, but not the current one. If you need the value during the
current page request, also store it in a variable:
setcookie("name", "joe");
print $_COOKIE["name"]; # undefined PHP
$name = "joe";
setcookie("name", $name);
print $name; # joe PHP
• setcookie must be called before your code prints any output or HTML content:
<!DOCTYPE html><html>
<?php
setcookie("name", "joe"); # should precede HTML content!
What is a session?
• session: an abstract concept to represent a series of HTTP requests and
responses between a specific Web browser and server
• HTTP doesn't support the notion of a session, but PHP does
session_start();
print $_SESSION["name"]; # joe PHP
• previous sessions will linger unless you destroy them and regenerate the user's
session ID:
session_destroy();
session_start(); PHP
Ending a session
session_destroy(); PHP
• session_destroy ends your current session
• potential problem: if you call session_start again later, it sometimes
reuses the same session ID/data you used before
• if you may want to start a completely new empty session later, it is best to
flush out the old one:
session_destroy();
session_regenerate_id(TRUE); # flushes out session
#ID number
session_start(); PHP
Session timeout
• because HTTP is stateless, it is hard for the server to know when a user has
finished a session
• ideally, user explicitly logs out, but many users don't
• client deletes session cookies when browser closes
• server automatically cleans up old sessions after a period of time
• old session data consumes resources and may present a security risk
• you can explicitly delete a session by calling session_destroy
Web caches (proxy server)
• HTTP supports Proxy servers
• Proxy server
• a computer that keeps copies of responses to recent requests
• Goal: satisfy a client’s request without involving the original server
proxy
user sets browser: Web HT
TP u est
req server req
accesses via cache H
client TTP
ues
t HT
TP
o nse
res p origin
browser sends all HTTP p ons P res
T server
e HT
requests to cache ue
s t
eq
object in cache: cache T Pr o ns
e
T p
H es
returns object TTP
r
H
else cache requests
object from origin client origin
server, then returns server
object to client
Application Layer 2-26
More about Web caching
cache acts as both why Web caching?
client and server reduce response time for
server for original client request
requesting client
client to origin server reduce traffic on an
typically cache is institution’s access link
installed by ISP Internet dense with
(university, company, caches: enables “poor”
residential ISP) content providers to
effectively deliver
content (so too does P2P
file sharing)
06/12/2020
Conditional GET
client server
Goal: don’t send object if
cache has up-to-date
cached version HTTP request msg
object
If-modified-since: <date>
no object transmission not
delay modified
HTTP response
cache: specify date of HTTP/1.0
before
cached copy in HTTP 304 Not Modified <date>
request
If-modified-since:
<date>
server: response contains HTTP request msg
no object if cached copy If-modified-since: <date> object
is up-to-date: modified
HTTP response after
HTTP/1.0 304 Not
HTTP/1.0 200 OK <date>
Modified
<data>
Application Layer 2-30