Chapter 11. Sessions and Data Persistence
As web applications have matured, the need for statefulness has become a common requirement. Stateful web applications, meaning applications that keep track of a particular visitor’s information as he travels throughout a site, are now so common that they are taken for granted.
Given the prevalence of web applications that keep track of things for their visitors—such as shopping carts, online banking, personalized home page portals, and social networking community sites—it is hard to imagine the Internet we use every day without stateful applications.
HTTP, the protocol that web servers and clients use to talk to each other, is a stateless protocol by design. However, PHP gives you a convenient set of session management functions that makes the challenge of implementing statefulness much easier. This chapter focuses on several good practices to keep in mind while developing stateful applications.
Sessions are focused on maintaining visitor-specific state between requests. Some applications also require an equivalent type of lightweight storage of nonvisitor-specific state for a period of time at the server-side level. This is known as data persistence.
Using Session Tracking explains PHP’s session module, which lets you easily associate persistent data with a user as he moves through your site. Preventing Session Hijacking and Preventing Session Fixation explore session hijacking and session fixation vulnerabilities and how to avoid ...