Cookies:
Cookie
is a small piece of data sent by a server to the browser and stored
on the user’s computer while user is browsing. Cookies are
generated and shared between the browser and the server using the
HTTP header.
It
Allows server to store and retrieve data from the client. It stored
in a file on the client side and the maximum size of cookie that can
stored is limited upto 4K in any web browser. Cookies have short time
period because they have expiry date and time as soon as browser
closed.
There
are three arguments which is must with the cookies are,
setcookie(name,value,expiration)
Setcookie()
is a function used for cookie to be sent along with rest of the HTTP
Headers.
Cookie
Attribute:
Name:
Specifies the name of the cookie
Value:
Specifies the value of the cookie
Secure:
Cookie should only be transmitted over a secure HTTPS connection.
TRUE indicated that the cookie will only be set if a secure
connection exists. Default is FALSE.
Domain:
Specifies the domain name of the cookie.
Path:
Specifies the server path of the cookie.
HTTPOnly:
Cookie will be accessible only through the HTTP protocol(Cookie will
not be accessible by scripting languages).
Expires:
Specifies when to expire.
Purpose
of the Cookies:
Identifying
Unique visitors
HTTP
is a stateless protocol. Cookies permit us to track the state of the
application using small files stored on the user’s computer.
Recording
the time spent of each user on a website.
Types
of cookies:
Session
Cookie: This type of cookie dies when the browser closes because it
is stored in browser’s memory.
Persistent
Cookie: These cookies do not depend on the browser session because it
is stored in a file of browser’s computer. If user closes and
reopens a website, cookies will still available. The life time of the
cookies are specified in the cookies itself as expiration time.
Third
Party Cookie: A cookie set by a domain name which is not a domain
name, it appears in the browser address bar. These cookies are mainly
used for tracking user’s browsing patterns and/or finding the
Advertisement recommendations for the user.
Secure
Cookie: A secure cookie can only be transmitted over an encrypted
connection. A cookie is made secure by adding the secure flag to the
cookie.
HTTP
Only Cookie: It informs the browser that this particular cookie
should only be accessed by the server. Any attempt to access the
cookie from client script is strictly prohibited. This is important
security protection for session cookies.
Zombies
Cookie: It is a HTTP cookie that is recreated after deletion. Cookies
are recreated from backups stored outside the web browser’s
dedicated cookie storage.
Sessions:
When
any user made any changes in a web application like sign in or out,
the server does not know who has the activity. To shoot out this
problem “PHP session introduced” which stores user information to
be used across several web pages.
Session
variables hold information about single user and are exists to all
pages in one application. E.g: login ID username and password.
Session
ID: PHP code generates a unique identification in the form of
hash for a specific session which is a random string of 32
hexadecimal such as 5f7dok65iif989fwrmn88er47gk834
is known as PHPsessionID.
A
session ID or token is a unique number which is used to identify a
user that has logged into a website. Session ID is stored inside
server, it is assigned to a specific user for the duration of user’s
visit(session).
The
session ID can be stored as a cookie, form field, or URL.
Sessions
Vs Cookies
Session Cookies
Data
is stored on server Data is stored in client’s browser
Session
Data are more secure because Travel with each and every request
they
never travel on every http request
You
can store Objects(Store large amount You can store string type(Max
file size 4kb)
of
Data)
Session
cannot be used for Future Reference Cookies are mostly used for
future references
Step1:
Client send request to server via POST or GET
Step2:
Session ID created on web server. Server save session ID into
database and using set-cookie function send session ID to the client
browser as response
Step3:
Cookie with session ID stored on client browser is send back to
server where server matches it from database and sends response as
HTTP 200 Ok