Okay, let’s get though this before the new year!  Finally this chapter will conclude with Header control, accessing cookies, and modifying sessions.

Headers

• It’s important to note at first that when writing your own headers, they need to be done BEFORE any output to the screen!
• Headers can be modified by using the header($string) function.  Headers are usually in the format "Key: Value"
• The most basic example is the redirect:
  
  header(“Location: http://www.google.com/”);

  1. exit();
• Note the exit() call after the headers are displayed.  This is required to prevent your script from outputting anymore data.  Because with a header redirect, the browser is actually making the redirect.  Therefore, you don’t want to send anything else to the page (like admin panel information) in the event a hacker decides to ignore the redirect.
• You can also write caching directly into the browser by using the Cache-Control and Expires header.  For more information, check out this.

Cookies (nom nom)

• Cookies cannot hold a lot of information.  And it’s important NOT to store security information in them.  After a cookie is stored on the client, they can read/modify/or remove it, so never trust important information to them.
• Cookies can set by using the setcookie($name, $value, [$expires]).  The name can be done the same as GET and POST data with the arrays[].  And the expires is a basic UNIX timestamp time().  There are additional optional information (path – location on your site they are accessible, domain – what sub/domain they are accessible from, and secure – transmitted only over https?), but those aren’t really important right now.
• They can be read (after the next page load) via the $_COOKIE superglobal.
• To delete a cookie, the only way is to reset that cookie to expire before now:
  
  setcookie(“skip_trailer”, false, time() – 1000);

  1.   </li>
  2. </ul>
  3.  
  4. <h3>Sessions</h3>
  5.  
  6. <ul>
  7.   <li>Sessions are a basic form of state awareness between HTTP requests.&#160; The webserver doesn't know or care who the client is and which connections belong to him.&#160; Therefore, PHP uses session IDs, passed usually via cookie (can be changed), to identify users.&#160; This session ID is then related to a server-side storage of information writable and accessible via the <strong>$_SESSION</strong> superglobal. </li>
  8.  
  9.   <li>Sessions can be started with <strong>session_start()</strong> function, which <strong><em>MUST </em>be run before any output to the browser</strong> (as it uses header data).
  10.  
  11.     <br />
  12.  
  13.     <div style="padding-bottom: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; display: inline; float: none; padding-top: 0px" id="scid:887EC618-8FBE-49a5-A908-2339AF2EC720:cb57cdf4-32da-4352-be79-b9117d7b4038" class="wlWriterEditableSmartContent"><pre lang="php">session_start();
  14.  
  15. if (isset($_SESSION['user_id']))  {
  16.   $_SESSION['last_access'] = date('Y.m.d H:i:s');
  17.   echo "You are logged in!";
  18. } else
  19.   echo "Please login!";