[...]... the session It then passes the value to the browser; simultaneously, it creates a file on the server and includes the session ID in the filename There are two methods by which PHP can inform a browser of its session ID: by adding the ID to the query string of all relative links on the page, or by sending it as a cookie Within the file that’s stored on the server, PHP saves the names and values of the. .. it has been told to store for the session When the browser makes a request for another page, it tells PHP which session it was assigned via the URL query string, or by returning the cookie PHP then looks up the file it created when the session was started, and so has access to the data stored within the session [4] http://pear .php. net/AUTH_HTTP 8 Session Security Once the session has been established,... have been hijacked) To keep the session ID completely hidden, you’ll need to use SSL to encrypt the conversation What’s more, you should only use the cookie method of passing the session ID If you pass it in the URL, you may give away the session ID upon referring the visitor to another site, thanks to the referrer header in the HTTP request K The files PHP creates for the purpose of storing session... stored in the temporary directory of the operating system under which PHP is running On Unix based systems such as Linux, this will be /tmp And, if you’re on a shared server, this will mean that other users on the server can read the files’ contents They may not be able to identify which virtual host and PHP script are the owners of the session but, depending on the information you place there, they may... description from PHP hacker” to PHP developer.” Who should read this book? This book, The PHP Anthology, Volume II: Applications, builds on the first book, The PHP Anthology, Volume I: Foundations, to provide practical solutions that are commonly required in many of today’s online applications So, if you build Websites and Web applications with PHP, then this book is for you For less experienced PHP developers,... I authenticate users with sessions?” When to Send Headers In PHP, the moment your script outputs anything that’s meant for display, the Web server finishes sending the headers and begins to send the content itself You cannot send further HTTP headers once the body of the HTTP message the Web page itself—has begun to be sent This means that if you use the header function or session_start after the body... This script registers the session variable the first time the page is displayed The next time (and all times thereafter, until the session times out through inactivity), the script will display the value of the session variable That’s a simple example of how sessions can be used We’ll use them to store the value of a user name and password shortly, but first, we need to put together some classes that... only the MD5 digest of your users’ passwords in the database, you can verify their login credentials without actually storing the passwords on your server! The built-in PHP function md5 lets you calculate the MD5 digest of any string in PHP The constructor goes on to create a new instance of the Session class, which it stores in an instance variable, and finally calls the login method to validate the. .. user; set the session variables } else { $this->storeAuth($login, $password); } } The login method first checks to see whether values for the user name and password are currently stored in the session; if they are, it calls the confirmAuth method (see below) If user name and password values are not stored in the session, the method checks to see if they’re available in the $_POST array and, if they’re... Chapter 7: Design Patterns The notion of software Design Patterns has been widely accepted as a useful approach to application design This chapter introduces them as a concept, then illustrates their implementation with five common patterns applied to “real” problems in PHP: The Factory Method, The Iterator Pattern, The Strategy Pattern, The Adapter Pattern, and the Observer Pattern The Book’s Website Located