Understanding Cookies and Sessions] #Cookie #Session

0 - Understanding Cookies and Sessions.md

Cookies and Sessions are inextricably intertwined, and fundamental to creating rich, interactive internet applications.

What we will be covering in this tutorial:

• What is a "cookie"
• What is a "session"
• Setting and reading cookies
• Using sessions
• Troubleshooting
• Further reading

1 - What is a "Cookie"?.md

A cookie is a small piece of text stored on a user's computer by their browser. Common uses for cookies are authentication, storing of site preferences, shopping cart items, and server session identification.

Each time the users' web browser interacts with a web server it will pass the cookie information to the web server. Only the cookies stored by the browser that relate to the domain in the requested URL will be sent to the server. This means that cookies that relate to www.example.com will not be sent to www.exampledomain.com.

In essence, a cookie is a great way of linking one page to the next for a user's interaction with a web site or web application.

2 - What is a "Session"?.md

A session can be defined as a server-side storage of information that is desired to persist throughout the user's interaction with the web site or web application.

Instead of storing large and constantly changing information via cookies in the user's browser, only a unique identifier is stored on the client side (called a "session id"). This session id is passed to the web server every time the browser makes an HTTP request (ie a page link or AJAX request). The web application pairs this session id with it's internal database and retrieves the stored variables for use by the requested page.

3 - Setting and reading cookies.md

Using the [cookie_set] method we can set cookies to store information for use in later pages. The following code shows how easy it is to store a user's details such as their name and email address which they may have entered on a "Contact Us" form. This would then allow later pages to pre-populate forms with this information.

Cookie_Set( 
    'UserDetails'='John Doe|[email protected]', 
    -Domain='example.com', 
    -Expires='1440', 
    -Path='/'
)

In this example the cookie named "UserDetails" contains the user name and email address delimited by a "pipe" character. This can be read and interpreted, then output in the following code.

local( userDetails = decode_url(cookie('UserDetails'))->split('|'))

if(#userDetails->size)=>{^
    'User Name = '+#userDetails->get(1)
    '<br />'
    'Email Address = '+#userDetails->get(2)
^}

4 - Using Sessions.md

To store information that is not appropriate to store client-side, we use sessions. Lasso has built in session handling, and deals with the setting and retrieval of the cookie itself. It will automatically set and retrieve the session id, which is the only thing stored client-side.

To set up a new session, we first start the session, then add to it the variables we would like to store in it. Those variables are stored within Lasso's session database.

// Start the session.
session_start(
	'mySessionName', 
	-expires = 1440,
	-usecookie=true
)

// Add variables to the session
if(session_result('mySessionName') != 'load') => {
	session_addVar('mySessionName', 'sv_userId')
	session_addVar('mySessionName', 'sv_userName')
	session_addVar('mySessionName', 'sv_userEmail')
	session_addVar('mySessionName', 'sv_favouriteColour')
}

!var_defined('sv_userId') ? 	var('sv_userId' = integer)
!var_defined('sv_userName') ? 	var('sv_userName' = string)
!var_defined('sv_userEmail') ? 	var('sv_userEmail' = string)
!var_defined('sv_favouriteColour') ? 	var('sv_favouriteColour' = 'red')

How this works:

Lines 2-6: Initializing the session. This needs to happen on every page you wish the session information to be readable and writable. Here we start a session named 'mySessionName' with an idle expiry of 1440 minutes (1 day) and set to track via cookie.

Lines 9-14: The "if" conditional here checks to see if the session_result shows a new session and adds new vaiables to the session if it is new.

Lines 16-19: Each line in this section is checking if a variable has been defined, and if not then the variable is defined and declared with a default type and value.

The variables added to the session can now be used just like any other variable in the page. These variables are both readable and writiable. This means that when the value is changed, it will be stored in the session with the new value.

On subsequent pages if the session is initialized, you will be able to continue reading and modifying these variables.

5 - Troubleshooting.md

If you're having problems with sessions, there are a few things to check.

Check the time on the server and the client PC

If the clock on the server and/or the client PC is incorrect, the session may expire prematurely. For example if your session idle expiry time is short (ie 15 minutes) and the clocks differ by greater than that amount, the session will expire before it can be used on the next page.

Ensure the client browser is accepting cookies

Browsers allow users to decide to not allow cookies to be set. If a user has blocked cookies you will have to use links to persist sessions. See the session documentation for more information.