328lect12-1-projected


=====
CS 328 - Week 12 Lecture 1 - 2024-04-08
=====

=====
TODAY WE WILL
=====
*   announcements
*   intro to PHP sessions
*   prep for next class

=====
UPCOMING SCHEDULE
=====
*   today - start discussing PHP sessions (not on Exam 2)

    11:59 pm tonight, Monday, April 8 - any final improved versions
        of problems from Homeworks 6-9 are DUE

    12:01 am tomorrow, Tuesday, April 9 - selected EXAMPLE SOLUTIONS
        for Homeworks 6-9 should be reachable on Canvas

*   Wednesday, April 10 - Exam 2

*   Friday, April 12 - lab exercise practicing with PHP and sessions

*   (and Homework 10 comes out the weekend of April 13-14)

=====
REMINDER:
=====
*   HTTP/HTTPS is **STATELESS**

    *   in "plain" HTTP/HTTPS, there is no way to associate
        a request with a previous request

    *   BUT -- numerous application-tier languages have devised
        ADD-ON means of saving application-state information
        (for example, based on cookies)

        YES, PHP provides such support!

*   how does PHP provide this support?
    PHP provides a superglobal associative named $_SESSION

    *   fun fact: the application-tier PHP programmer
        is NOT supposed to change the contents in $_POST or $_GET

        BUT, they are encouraged and allowed to change the contents
        of $_SESSION!

        *   YES, they can add keys to this array!
        *   YES, they can change the values for those keys in this array!

*   if your PHP is going to use cookie-based sessions,
    you call a function session_start() before anything is output
    to the browser
    *   (because session_start() adds info to the header in the
        response)

*   and when your PHP has determined the logical session is done,
    should call session_destroy() to destroy the current session

    session_destroy();

*   BECAUSE of the nature of session attributes and values,
    $_SESSION is not intended for long-term value storage!

    *   you should call session_destroy() when the logical session
        is done, BUT it WILL eventually time out if time passes;

    *   also note: do not try to save an OCI connection object
        in $_SESSION! (doesn't work, and is a bad idea anyway...)

        each call to a PHP postback should close any connections
        before it completes its response

*   also (from Stepp et al "Web Programming Step by Step" 2nd ed.)
    if for some reason you want to get rid of the current and
    immediately begin a new session,
    you can do so by regenerating a new session ID and retarting:

    session_destroy();
    session_regenerate_id(TRUE);
    session_start();

*   WHAT can go in a $_SESSION array?
    *   info from earlier in a session that you want later
    *   info to keep track of the current or next state
        (helpful!)

*   PHP SANITY HELPERS:
    *   have a helper function for each state in your application
        logic

    *   have the first version of each be a STUB, a little
        working version of the function that just
        proclaims what you called

    *   START the postback PHP with an if-elseif that just lays
        out the order these will be called
        and perhaps setting up the $_SESSION key to keep track of
        the current state

*   try-quad.php - by the end of class, this just has such stubs,
    BUT note that you can try it out and "walk" through the expected
    logical session;