Sessions and cookies allow data to be persisted across multiple user requests. In plain PHP you may access them through the global variables Show SessionsLike requests and responses, you can get access to sessions via the Opening and Closing SessionsTo open and close a session, you can do the following: You can call and multiple times without causing errors; internally the methods will first check if the session is already open. Accessing Session DataTo access the data stored in session, you can do the following:
When working with session data that are arrays, the You can use one of the following workarounds to solve this problem: For better performance and code readability, we recommend the last workaround. That is, instead of storing an array as a single session variable, you store each array element as a session variable which shares the same key prefix with other array elements. Custom Session StorageThe default yii\web\Session class stores session data as files on the server. Yii also provides the following session classes implementing different session storage: All these session classes support the same set of API methods. As a result, you can switch to a different session storage class without the need to modify your application code that uses sessions.
To learn how to configure and use these component classes, please refer to their API documentation. Below is an example showing how to configure yii\web\DbSession in the application configuration to use a database table for session storage: You also need to create the following database table to store session data:
where 'BLOB' refers to the BLOB-type of your preferred DBMS. Below are the BLOB types that can be used for some popular DBMS:
Alternatively, this can be accomplished with the following migration:
Flash DataFlash data is a special kind of session data which, once set in one request, will only be available during the next request and will be automatically deleted afterwards. Flash data is most commonly used to implement messages that should only be displayed to end users once, such as a confirmation message displayed after a user successfully submits a form. You can set and access flash data through the Like regular session data, you can store arbitrary data as flash data. When you call , it will overwrite any existing flash data that has the same name. To append new flash data to an existing message of the same name, you may call instead. For example:
CookiesYii represents each cookie as an object of yii\web\Cookie. Both yii\web\Request and yii\web\Response maintain a collection of cookies via the property named 7. The cookie collection in the former represents the cookies submitted in a request, while the cookie collection in the latter represents the cookies that are to be sent to the user.The part of the application dealing with request and response directly is controller. Therefore, cookies should be read and sent in controller. Reading CookiesYou can get the cookies in the current request using the following code: Sending CookiesYou can send cookies to end users using the following code: Besides the , properties shown in the above examples, the yii\web\Cookie class also defines other properties to fully represent all available cookie information, such as , . You may configure these properties as needed to prepare a cookie and then add it to the response's cookie collection. Cookie ValidationWhen you are reading and sending cookies through the 8 and 9 components as shown in the last two subsections, you enjoy the added security of cookie validation which protects cookies from being modified on the client-side. This is achieved by signing each cookie with a hash string, which allows the application to tell if a cookie has been modified on the client-side. If so, the cookie will NOT be accessible through the of the 8 component.
Cookie validation is enabled by default. You can disable it by setting the property to be 2, although we strongly recommend you do not do so.
When using cookie validation, you must specify a that will be used to generate the aforementioned hash strings. You can do so by configuring the 8 component in the application configuration:
Security settingsBoth yii\web\Cookie and yii\web\Session support the following security flags: httpOnlyFor better security, the default value of and the 'httponly' parameter of is set to 6. This helps mitigate the risk of a client-side script accessing the protected cookie (if the browser supports it). You may read the HttpOnly wiki article for more details.secureThe purpose of the secure flag is to prevent cookies from being sent in clear text. If the browser supports the secure flag it will only include the cookie when the request is sent over a secure (TLS) connection. You may read the SecureFlag wiki article for more details. sameSiteStarting with Yii 2.0.21 the setting is supported. It requires PHP version 7.3.0 or higher. The purpose of the 7 setting is to prevent CSRF (Cross-Site Request Forgery) attacks. If the browser supports the 7 setting it will only include the cookie according to the specified policy ('Lax' or 'Strict'). You may read the SameSite wiki article for more details. For better security, an exception will be thrown if 7 is used with an unsupported version of PHP. To use this feature across different PHP versions check the version first. E.g.
Session php.ini settingsAs noted in PHP manual, 1 has important session security settings. Please ensure recommended settings are applied. Especially 2 that is not enabled by default in PHP installations. This setting can also be set with .
Apa fungsi dari session dan cookie?Perbedaan antara session dan cookie yaitu, session menyimpan data pada sisi server sedangkan cookie menyimpan data pada sisi client dan karena itulah session lebih aman dalam menyimpanan data maupun file dibanding cookie karena penyimpanan dilakukan di sisi server.
Apa manfaat dari penggunaan session dan cookies pada aplikasi web?Adapun session cookie hanya digunakan saat menavigasi situs web. Cookie ini berguna untuk mengenali pengguna saat aktivitas online berlangsung.
|