News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Simon Holywell:
Improve PHP session cookie security
May 14, 2013 @ 14:55:37

Simon Holywell has a new post talking about cookie security in PHP, focusing on some of the PHP configuration settings that can help.

The security of session handling in PHP can easily be enhanced through the use of a few configuration settings and the addition of an SSL certificate. Whilst this topic has been covered numerous times before it still bears mentioning with a large number of PHP sites and servers having not implemented these features.

He talks about the httponly flag when setting the cookie/in the configuration, the "use only cookies" for sessions and forcing them to be "secure only".

0 comments voice your opinion now!
session cookie security improvement tutorial phpini configuration

Link: http://simonholywell.com/post/2013/05/improve-php-session-cookie-security.html

PHPMaster.com:
Baking Cookies in PHP
July 26, 2012 @ 08:07:09

On PHPMaster.com there's a new tutorial about working with cookies in PHP applications - an introductory look at what they are, how to set them and how to read their values.

Have you ever wondered that in spite of HTTP being a stateless protocol, when you log in to a website and buy stuff and checkout how the server can identify you uniquely? You might wonder if HTTP is stateless but your state is maintained through your interactions, isn't this a contradiction? Welcome to world of cookies (not the ones which we can eat, btw :)), one the of primary ways to maintain user state and interaction between the web browser and the web server.

She shares a lifecycle of a common cookie and describes the parts of the setcookie method (parameters). There's also a few code examples showing how to read and write to them as well as update their values/expirations.

0 comments voice your opinion now!
cookie tutorial introduction setcookie


Philip Norton's Blog:
Netscape HTTP Cooke File Parser In PHP
June 30, 2011 @ 09:09:00

Philip Norton has shared a script he's created in a new post today that lets you read from a Netscape-formatted cookie file (as outputted from a curl request).

This file is generated by PHP when it runs CURL (with the appropriate options enabled) and can be used in subsequent CURL calls. This file can be read to see what cookies where created after CURL has finished running. As an example, this is the sort of file that might be created during a typical CURL call.

The file is structured, plain-text content with information on the domain, path, security, name and expiration details of each cookie. His script parses out these details and pushes them into a basic array, prime for searching and sorting (and reuse) in your application.

0 comments voice your opinion now!
netscape http cookie file curl output


PHPBuilder.com:
Tracking User Activity in PHP with Cookies and Sessions
May 25, 2011 @ 08:53:42

<> On PHPBuilder.com today there's a new tutorial from Leidago Noabeb showing how you can track your website's users with the help of sessions and cookies, the handling for which are already included in PHP.

So, why can't you maintain state with HTTP? The main reason is because HTTP is a stateless protocol, meaning that it has no built-in way of maintaining state between transactions. For example, when a user requests one page followed by another, HTTP does not provide a way for us to tell which user made the second request. In this article we will look at what maintaining state in PHP applications entails.

They introduce cookies and how they can be used to store information about the user's session on their client for a certain amount of time. This makes it much simpler for the cross-page or cross-session details to persist. There's a bit of code showing how to set and get a cookie and how to do the same with a session.

0 comments voice your opinion now!
tutorial track user cookie session introduction


Evert Pot's Blog:
Storing encrypted session information in a cookie
July 14, 2010 @ 09:13:39

Evert Pot has a quick new post to his blog today talking about how to push encrypted information into a cookie for storage.

There have been a couple of approaches I've been considering [to replace sessions being stored in the database], one of which is simply storing all the information in a browser cookie. First I want to make clear I don't necessarily condone this. The reason I'm writing this post, is because I'm hoping for some more community feedback. Is this a really bad idea? I would love to know.

He includes some code to make it happen - a class that uses the hash_hmac function and a SHA1 encryption type (along with a salt) to convert the information into a string that can be (relatively) safely stored in a cookie. Be sure to read the comments for more opinions on the method.

0 comments voice your opinion now!
store encrypt session cookie tutorial


ProDevTips.com:
Parsing with Zend HTTP Client
March 10, 2009 @ 10:25:02

On ProDevTips.com there's a quick new tutorial posted about using the Zend_Http component of the Zend Framework to fetch a remote page that requires cookie authentication - a "cookie jar".

As it happens I'm very satisfied with the performance of Zend Http when it comes to the fetching and cookie parts. [...] Note [in my example] the use of $client->setCookieJar();, that is all that is needed to manage the logged in state, awesome. Without it the second post to adv_stats.php would've failed due to unauthorized access.

This fetching method pulls in the remote file, parses out the table (as defined by a pattern match) and grabs the rows/columns using getRows and getColumns and manipulates the content inside.

0 comments voice your opinion now!
zendhttp client zendframework cookiejar cookie state manage


NETTUTS.com:
Are You Making These 10 PHP Mistakes?
February 04, 2009 @ 09:33:51

All of you developers out there, NETTUTS.com has a question for you - are you making any of these ten PHP mistakes in your day to day development? Which ones, you ask? Read on...

Here are 10 PHP mistakes that any programmer, regardless of skill level, might make at any given time. Some of the mistakes are very basic, but trip up even the best PHP programmer. Other mistakes are hard to spot (even with strict error reporting). But all of these mistakes have one thing in common: They're easy to avoid.

Here's the list (as Glen Stanberry sees it):

  • Single quotes, double quotes
  • Semicolon after a While
  • NOT Using database caching
  • Missing Semicolon After a Break or a Continue
  • Not Using E_ALL Reporting
  • Not Setting Time Limits On PHP Scripts
  • Not Protecting Session ID's
  • Not Validating Cookie Data
  • Not Escaping Entities
  • Using Wrong Comparison Operators
0 comments voice your opinion now!
mistakes list common quotes semicolon error session cookie escape


Scott MacVicar' Blog:
Stupid Bug Reports
February 02, 2009 @ 09:34:18

Most of the bugs that get reported to the PHP project are pretty useful. They help developers track down those small, random issues that might slip through the cracks otherwise. There are, however, some of them that make you wonder a bit about the person that submitted them Scott MacVicar takes a look at a few of them in a new blog post.

Recently the PHP project has been receiving an increasing number of rather silly reports, these vary from simply not reading the manual, searching the internet or a fundamental lack of understanding how the internet works.

He points out three in particular (from the same person, no less) about things that shown an almost complete lack of understand of what PHP does. One was a request to make PHP use less CPU and another asking to make PHP censorship free and, finally, a request to make PHP more secure...by doing away with support for cookies.

Scott also suggests a few constructive things you can do before submitting a good (useful) bug report:

  • Gather together as much relevant information as you can (generalizations are bad)
  • Run performance checks against older PHP versions to try to pin down when the bug was added
  • And, finally: "don't get aggressive or be an asshole when your bug reports get closed".
0 comments voice your opinion now!
stupid bug report bugphpnet censorship secure cookie cpu resources


Lukas Smith's Blog:
One thumb up and two down (Zend_Http_Client)
June 16, 2008 @ 09:32:24

Coming back from some previous comments about the Zend_Http_Client in the Zend Framework, Lukas Smith admits that a certain feature has come in handy with their development, but another bug has come up that has gotten under his skin - a problem with the component's cookie handling.

We ran into a really hard to find bug in the cookie handling of Zend_Http_Client, which has been filed as a bug back in August 2007 against version 1.0.1 (today we are at 1.5.2). More over this is a bug that other similar packages have gotten over in 2004.

He had to use wireshark to finally track down the culprit - a call to urlencode on the contents of the cookie before sending it. He also includes some code to overcome a problem he had with UTF-16 in one of his feeds (a custom function that takes in and returns a string translated correctly).

0 comments voice your opinion now!
zendframework zendhttpclient cookie handling urlencode utf16 encode


PHPFreaks.com:
Sessions and cookies Adding state to a stateless protocol
June 05, 2008 @ 12:05:11

On the PHPFreaks website, there's a new tutorial talking about sessions and cookies in PHP:

HTTP is a stateless protocol. This means that each request is handled independently of all the other requests and it means that a server or a script cannot remember if a user has been there before. However, knowing if a user has been there before is often required and therefore something known as cookies and sessions have been implemented in order to cope with that problem.

The tutorial is pretty introductory, so if you're not new to the PHP world, you won't learn much. New developers, though, will learn how to set cookies, use sessions and learn a bit about the security of both.

0 comments voice your opinion now!
session tutorial introduction cookie state stateless protocol http



Community Events





Don't see your event here?
Let us know!


code release community laravel library podcast interview application wordpress threedevsandamaybe install series introduction configure bugfix language api symfony developer list

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework