Chapter 13. Cookies, Sessions, and Access Control
As your applications grow more complex, you’ll need to keep better track of which user your program is working with. Cookies, sessions, and access control all provide an opportunity to interact more appropriately with specific users.
Cookies
You can track certain user details like the number of visits, names, or the date of the last visit using cookies, which are small bits of text stored on the client that have been available since Netscape 1.0. The client machine stores this information and sends it to the web server whenever there is a request. Cookies data is sent along with the HTTP headers.
After the first visit to a web site, the browser returns a copy of the cookie to the server each time it connects. For security reasons, cookies can be read only from the domain that created them. Additionally, cookies have an expiration date after which they’re deleted. The maximum size of data that a cookie can hold is 4 KB.
Cookies are different from sessions, because cookies are stored on the client’s disk, whereas a session stores the bulk of its data on the server. Sessions are basically like tokens, which are generated at authentication. This means that a session is available as long as the browser is opened. Sessions actually use a single cookie by default to track their token or session identifier.
Figure 13-1 illustrates where cookies are stored when a web browser requests pages; in this example, http://example.com/set.php followed ...
Get Learning PHP and MySQL now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.