I want to put in the PHP session an information if the client uses HTML5 or not.
My HTML5 detection is launched only 1 time and need to store the information in the PHP session, sending from HTML to PHP is easy with a simple cookie, but if the client doesn't accept cookies it's harder.
Sending a GET variable to php is a possibility but on the 1st load we don't have the information.
Or maybe there is another way to store an information without PHP that works on none-cookied browsers ?
Thank you very much.
PHP sessions don't DEPEND on cookies, but they sure are a lot easier to work with. You can have PHP auto-embed the session ID into URLs for you, but it's a very nasty security hole - the user's session ID will leak onto any sites you link to via the referer, and makes it impossible to properly bookmark your site.
If you do want to chance that, then look up trans_sid settings in your php configuration.
So finally I did it differently.
Instead of detecting on the page itself that required me to call jQuery or other plugins, I call it from the main page and send the data to the called page.
Like that I got it in PHP on that page.
Related
I am creating a simple site and am a little stuck on what to do for my users if their cookies are disabled. If one is to login and left idle for a couple minutes how would I keep that user logged in and identified if their cookies are disabled?
If cookies are blocked, your options are:
Pass the session ID in the URL as a parameter.
Embed the session ID in the page (in a hidden element, of course), and refer to it using JavaScript.
As a side note, recently I've seen several sites saying that my browsing experience would be severely limited, as long as cookies are disabled in my browser. Depending on how much I need the site's function, I'll either enable cookies, use a different browser with cookies enabled, or decide to skip the site altogether.
Another option that works in modern browsers is to utilize Web Storage. This is also suggested as a preferred replacement to cookies. (browser support)
First check if cookies or Web Storage is available in the browser, use which you prefer to set your values to check there. You could then fall back to the hidden session data that #TravelingTechGuy suggested, then from there you could ask your users to comply or restrict access.
I agree that session data in the URL isn't a good idea for the reasons mentioned in comments to the OP.
The only downside (that I can think of ATM) to the "on page hidden session data" would be potentially back end "session leak" in code. You wouldn't want to accidentally send back a wrong session ID to the client in HTML since you have to persist that data in the page by sending it to the server and back each time (unless you utilize some single page app style to keep that session data local only). Preferably you only want to check a submitted session ID and react from there.
If you suspect you may lose user base that may impact your service because of some restriction, it would be best to try and provide as many checks and fallbacks as possible.
You could have a try on Flash cookies. If you get a copy of Flash 5, it works without permission (it wasn't even documentated, but it works). It would really be a dirty hack though.
Is it possible start Session with out using any server side scripting like PHP.
I want start SESSION with pure HTML/HTML5./Javascript.. ?
Thanks Advance. :)
The usual meaning of the term "session" in web development is "A bucket of information stored on the server that is linked to a specific user via a token". Since the definition requires a server to be involved, no you cannot achieve that without a server.
You can store the data in a session cookie (one without an explicit expiry time that will die when the browser is closed).
In modern browsers, you can store larger amounts of data using sessionStorage.
You could set a COOKIE with Javascript (http://www.w3schools.com/js/js_cookies.asp).
If you really want a PHP Session without PHP, that's impossible. A Cookie is the closest you'll get.
On the topic of Cookies, these are stored locally on the users system and can be edited. I do not reccomend using this method if you need good security. See this blog post explaining more on this matter:
http://www.nczonline.net/blog/2009/05/12/cookies-and-security/
No its not possible. What you use in PHP is the PHP session handler.
In javascript you can use cookies to store some small data.
I am trying to give user an option to register into the system and want to link the page to another php file say detail.php page with all the database variable remain active in that file. Please anyone can help me out..??
Other alternatives are cookies, (encrypted) POST parameters sent to that page or if you are using include statement to include the contents of that file in the current page, you may as well define your variables just before include and those can be used in the included file.
P.S.: Use of sessions is recommended; though its not clear from your question, why you dont intend to use sessions.
Any options you may have rely on the client sending some form of way of identifying the initial user.
You basically have 3 options:
Keep resending all of the data you need to complete the registration to every page via a form (i.e. as either GET or POST data).
Storing the data in a COOKIE and sending that with each request.
Storing the data serverside and using the session (and PHP session COOKIE)
Personally, I'd recommend sticking with using the session as it limits the amount of data being sent between requests. The only reason I can think of not to do this is if you multiple application servers and no shared storage for your sessions (i.e. memcache or database)
If you want to elaborate on your OP and explain why you don't want to use sessions, I'd be happy to give you a more indepth answer.
I was following this SO Question and this SO Question for setting up Remember Me. However when I pull up Cookies in Google I get PHP and Javascript ways to do it. Which way is better, or do I need to use both? I have a code base in PHP and Javascript and I need a starting point. I see the multitude of SO articles on javascript vs. php for cookies but that is not what I'm asking..I know the difference between server side and client side programming and what a cookie is...but could not see an explicit answer on how to set / retrieve a cookie. My assumptions would be:
For setting a cookie:
Use PHP when the user logs in and sets "Remember Me". Although the client has control at this point, the credentials must pass back to PHP for validation. Once validation is complete set a cookie and store the Token.
For checking a cookie:
Use PHP, because PHP is called first when a user requests a page from you web app the first time, so check for the cookie there and determine what data to send to the user.
So my guess is PHP both ways.
If I am correct ...if so what are javascript cookies used for?
Related
W3 Schools - PHP Cookies
PHP.net
PHP.net - Cookie Feautures
PHP.net - setcookie()
Javascript cookies are generally used for setting position/color of elements on a page, per the users preferences. For example, a site with several different themes (e.g. "dark", "light") and buttons to change the current theme on the side of the page might store the theme the user selected using a cookie, so that the next time the user visits the site the page theme will be the same. This information could also be stored server-side, but for privacy reasons it may be preferable to store client side, especially if the user doesn't have an account on the site.
The bottom line is that you should use php for any cookies that are essential to the function of your website, and use javascript cookies for superficial aspects of your site such as the theme.
The Javascript way won't work if javascript is not available, whereas setting the cookie server-side is guaranteed to work unless the user has explicitly blocked cookies. Manipulating cookies in javascript (via document.cookie) is not a fun experience, whereas PHP provides $_COOKIE (and $_SESSION which is indirectly dependant on cookies in its most common usage patterns) which are far simpler to deal with. A cookie set in PHP can be accessed in Javascript unless specified otherwise (which I'll get to) and I don't know what dealing with secure cookies (sent via https) would be like in javascript, but I don't imagine it would be pleasant.
Cookies can be set HTTP only if you use a server side technology to set them. When set, browsers that are HTTP-only cookie aware will deny access to the cookie for javascript. This is important because javascript can be used to snoop on cookies and steal their content, sending them to an eavesdropper. HTTP only cookies prevent this kind of abuse.
So in short, I'd go with PHP for setting your cookie.
I'm working on a demo tool (PHP, jQuery, XHTML), so far so well, except that I have an issue, I need to save certain information temporarily and I'm doing it through cookies, however the cookies' limit in Apache is 4Kb and I have no longer space within the cookie, so I'm wondering how can I keep saving inside the cookie without a problem if I still don't want to send any information to databases nor text files.
I don't know if maybe by using path or other domain I might be able to work things out.
I would really appreciate any help you can provide me :).
Sessions are like Cookies but they just give the client a unique ID ("session ID") and keep the rest of the data on the server.
Of course this is stored within a database or file but that's totally transparent to you, there's no messing about with SQL queries or file reads or anything.
You just need to replace all $_COOKIE with $_SESSION and put session_start(); at the top of your code: http://www.tizag.com/phpT/phpsessions.php
One downside though: PHP sets all session cookies with no timeout, which the browser usually treats as "delete this cookie whenever the browser is closed". See this question for workarounds: How do I expire a PHP session after 30 minutes?
First you should consider if saving that much data in a cookie is really needed. Maybe you can compress your information or just dont need all of it?
The reason is: the cookie is send at every request to the server (this might more then 1). If you serve images from the same domain, you may get over 20 requests each is sending this large cookie. Assuming your cookie holds 5kb of data, you have 100kb just to loop your information through.
see: http://developer.yahoo.com/performance/rules.html#cookie_size
if you need your information just for the current session, why not saving it into a session var (or memcache etc.pp.)?
Maybe its okay if you just save an id in the cookie and if nothing to this id is in your session, you load it from database and save it in the session. so you have a one-time access per session.
Maybe its better if you provide some more background information.
You could create multiple cookies, but it's a bad idea. The cookies will go across the wire with every request. Consider putting your session information in a database or cache tier.
I guess you could store non-sensitive information with a DOM element. If you are using jQuery you can use .data() - http://api.jquery.com/data/
However, after the page does a full reload its gone.