Brainstorming for a feature right now, looking for advice and tips.
If this is possible to do, I would like to have a search bar save what the user has written and save the search (if there are results found) as a cookie. There will be up to three searches saved where the newest one that is accepted replaces the oldest one. My concern is that am I able to save these search cookies uniquely on every user account?
My plan is the following:
User searches
check if the search yields results.
save as cookie if a search is successful
Display on website
the purpose of the cookie is to show a product in our site homepage based on the searches
Save on individual accounts
the cookies used here should not transfer outside the account used at that time, if a new user logs
in, there will be no cookies.
if a user that searches logs back, the previous cookies will still be present and display products
accordingly.
My thoughts are this will be similar to my remember me login cookies that saves them with:
setcookie ("login_email",$_POST["email"],time()+ 3600);
setcookie ("login_password",$_POST["password"],time()+ 3600);
The website where is is going to be made is using PHP.
I would like some advice on what logic should I use on the code, thank you for reading and looking forward to any responses.
I need to know if a user visited the webpage by clicking on a link from the same website. I can use $_SERVER['HTTP_REFERER'] and check if the domain is the same. But HTTP_REFERER is not always set.
I must detect the difference between visiting a page via own website and coming from an external website (or direct visit). This must be able over and over again, meaning that if a user leaves the site and come back through a search result, I again must be able to detect this.
I thought about setting a session, but than I can't detect a second visit within the session lifetime. Also don't see an option for setting a cookie.
What other options do I have?
I think you should use Database(MySQL) to save the HTTP_REFERER each time for every visit from a specific IP and for a particular date.
You can check the time difference between the two records (like in some minutes) that an IP has accessed and can get the records if a user leaves and come back again to the website. This way you can track the logs for each visitor like how many times a visitor access the website.
Hope this way you can manage the desired output for your application.
Building a web application that is 90% API-based, meaning it will be hosted on the client's website (eg clientdomain.com). When API calls are made, we are creating and storing a session ID on the client's domain, and we store all the stats on their activity while a visitor browses their site.
But there's one part of our application that is hosted on our servers, because it has to be secure (eg client.ourdomain.com). Visitors will click a link from the client's website to ours.
What's the best way to somehow tell the application on our domain that this is an active session with session id XXXXXXX? I've thought of a few options:
Check sessions table for IP and timestamp within a certain range. Obviously this would not be a good option because some large groups and organizations use the same IP.
Pass the session ID as a GET variable, downside is these links may be shared or saved for later use.
Pass as POST var using a form button
Use some kind of redirect variable dynamically created that is only good for a small time frame (i.e. 10 or 30 minutes) and then deleted
Am I missing a possible solution?
Our ultimate goal is to track a visitor through goal completion so we can show conversion rate, bounce rate, etc. To do that we absolutely have to match up a visitor from clientdomain.com to client.ourdomain.com.
Thanks in advance!
Your first option is the answer, SessionID + IP = Unique.
User A and User B may have the same IP but their session id is different.
Fifth:
go
redirect-to-secure.php:
header('Location: http://client.ourdomain.com/?clientSession=' . session_id());
On client.ourdomain.com, if you detect clientSession GET param, save it to session and redirect to page without clientSession. This way browser won't remember this url.
I have a url shortener that I created to track incoming links. Currently the php sets a cookie and inserts visitor information into the database. It attaches an id to the redirect url and redirects the user to the website.
The website has javascript on the page that takes the id and tries to set a cookie on the front end. If cookies are disabled, the javascript attempts other things to store that id. The reason I am setting the id is due to the javascript sending random pieces of information to the backend.
Is there a way for php to have a fallback if the person doesn't have cookies enabled? I don't want to create a new database entry for someone who visits the same link multiple times who doesn't have cookies enabled. Don't want to be tracking the same person as 2 or more people.
Edit
If I can't prompt the user that their cookies are disabled, are there any alternatives?
2nd Edit
One of the comments brought this up, so I thought I'd post the link here: User recognition without cookies or local storage
I am just starting to learn about web development and something has been niggling me for a while now, How a website controls what you can access and cannot access.
For example, a website like Facebook. When i first go to the site, it presents a login form, once i am logged the same page that i tried to access before now shows information relevant to me that i could only access once logged in, i can navigate to a different site and then comeback to google and it still allows me to use if without logging on again.
How exactly would a site block someone trying to access a particular page when they are not logged in, lets say the page viewProfile.php. How does the website know who to allow access to this page?
I realise this question may seem confusing and elementary but its just a something that came to me whilst viewing facebook.
Thanks.
This is a very simple concept called sessions.
When you visit facebook, it reads unique information sent to it via the connection such as IP address, browser, and some other minor information, when this information is combined it creates a unique identifier.
this unique identifier is then stored in a file like so:
d131dd02c5e6eec4693d9a0698aff95c.session
So when you login with your credentials there application add's information into this file such as last activity etc.
When you go away and come back, facebook will then read the information that's sent with every requests, it then add's it all together and creates a unique hash, if this hash exists within it's storage system it will open it up and read the contents, and know exactly who you are.
all this is combined with cookies, the unique hash is sent back to the browser and stored in your cookies folder, this cookie file is sent back to facebook with every request.
PHP Handles this for you internally so it's pretty basic to get it up and running: http://php.net/manual/en/features.sessions.php
Here's an example that may help you understand the concept a little more.
<?php
/*
* The session_start generates that hash and send a cookie to the browser
* This has to be first as you can only send cookie information before any content
*/
session_start();
/*
* Anything storeg within $_SESSION is what's been read from the session file and
* We check to see if the information has already been set on the first time the user
* visited the site
*/
if(!isset($_SESSION['hits']))
{
$_SESSION['hits'] = 0;
}
/*
* Now we increment the value every time the page is laoded
*/
$_SESSION['hits']++;
/*
* now we display the amount's of hits the user has loaded the page.
*/
echo 'You have vistited this site <strong>' . $_SESSION['hits'] . '</strong> times.';
?>
if you load this page and then hit F5, the session value get's incremented every request so you should see something like:
You have vistited this site 1 times.
You have vistited this site 2 times.
You have vistited this site 3 times.
You have vistited this site 4 times.
...
The session file is unique to each person visiting, thus meaning that when using the session variable in PHP it would be to that user only, so everyone get's there own individual session.
as your researching it's goods to search StackOverflow for certain tags, such as PHP and sessions.
https://stackoverflow.com/questions/tagged/php+session
Here's a good question in regards to cookies and sessions advantages etc.
Purpose Of PHP Sessions and Cookies and Their Differences
A website uses something called a "cookie" to store information on your computer.
This information can hold any text string, but in this case it is probably a unique ID that Facebook knows (probably stored in a database somewhere) is tied to a certain user. Cookies can only be read by the website that sent them and by the browser itself.
The login page sends a POST/GET request to a script that generally checks the username/password combo against data in a database a database. If the data is found to be valid, then the user is granted access to the websites landing page (the page after login) and a cookie is stored. If it is not, they are sent back with a error message.
Cookies can also have a "lifespan". This lifespan can be anything: for a certain amount of seconds; until you leave the site; until you close your browser; or forever (there are probably more.)
The website that sent a cookie can also delete a cookie before it expires. This is how most "logout" buttons work.
To allow only logged in users to view content you can first check for a sign that they are logged in, such as look for an active session and that it has a flag which tells you they're logged in ( which you control ). In PHP at the top of a page you can simply:
<?php session_start();
if(!isset($_SESSION['loggedin'])){
header('Location: http://example.com/login.php');
}
?>
which will redirect non logged in users to a login page. Upon success login, you should set $_SESSION['loggedin'] to a value.
To check whether a person who is logged in is allowed view a particular profile is down to looking up where the page is restricted to friends only, and if so, checking that the loggedin user's id is in the profile owner's friend field in the DB.
It is done with cookies. When you log in, the site puts a cookie into your browser for a set amount of time (generally a very long time so that you can stayed logged in). When you access the site again, your browser sends the cookie back to the site (and the site sets a fresh cookie). In any browser, you can find the list of cookies somewhere in the options.
If you want to know more about cookies, you can read the wikipedia: http://en.wikipedia.org/wiki/HTTP_cookie
Do a Google search for "Session Management."
Summary
when you login to a site you get a unique id. That id pulls your data from the database and then populates a dynamic page, like viewProfile.php with your data. So each user pulls the same file, viewProfile.php, but gets different results based on their unique id.