| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596 |
- <?xml version="1.0" encoding="UTF-8"?>
- <!-- Reviewed: no -->
- <sect1 id="zend.http.cookies">
- <title>Zend_Http_Cookie and Zend_Http_CookieJar</title>
- <sect2 id="zend.http.cookies.introduction">
- <title>Introduction</title>
- <para>
- <classname>Zend_Http_Cookie</classname>, as expected, is a class that represents an
- <acronym>HTTP</acronym> cookie. It provides methods for parsing <acronym>HTTP</acronym>
- response strings, collecting cookies, and easily accessing their properties. It also
- allows checking if a cookie matches against a specific scenario, IE
- a request <acronym>URL</acronym>, expiration time, secure connection, etc.
- </para>
- <para>
- <classname>Zend_Http_CookieJar</classname> is an object usually used by
- <classname>Zend_Http_Client</classname> to hold a set of
- <classname>Zend_Http_Cookie</classname> objects. The idea is that if a
- <classname>Zend_Http_CookieJar</classname> object is attached to a
- <classname>Zend_Http_Client</classname> object, all cookies going from and into the
- client through <acronym>HTTP</acronym> requests and responses will be stored by the
- CookieJar object. Then, when the client will send another request, it will first ask the
- CookieJar object for all cookies matching the request. These will be added to the
- request headers automatically. This is highly useful in cases where you need to
- maintain a user session over consecutive <acronym>HTTP</acronym> requests, automatically
- sending the session ID cookies when required. Additionally, the
- <classname>Zend_Http_CookieJar</classname> object can be serialized and stored in
- $_SESSION when needed.
- </para>
- </sect2>
- <sect2 id="zend.http.cookies.cookie.instantiating">
- <title>Instantiating Zend_Http_Cookie Objects</title>
- <para>
- Instantiating a Cookie object can be done in two ways:
- <itemizedlist>
- <listitem>
- <para>
- Through the constructor, using the following syntax:
- <code>new <classname>Zend_Http_Cookie</classname>(string $name, string
- $value, string $domain, [int $expires, [string $path, [boolean
- $secure]]]);</code>
- </para>
- <itemizedlist>
- <listitem>
- <para>
- <varname>$name</varname>: The name of the cookie (eg. 'PHPSESSID')
- (required)
- </para>
- </listitem>
- <listitem>
- <para>
- <varname>$value</varname>: The value of the cookie (required)
- </para>
- </listitem>
- <listitem>
- <para>
- <varname>$domain</varname>: The cookie's domain (eg. '.example.com')
- (required)
- </para>
- </listitem>
- <listitem>
- <para>
- <varname>$expires</varname>: Cookie expiration time, as UNIX time
- stamp (optional, defaults to <constant>NULL</constant>). If not set,
- cookie will be treated as a 'session cookie' with no expiration
- time.
- </para>
- </listitem>
- <listitem>
- <para>
- <varname>$path</varname>: Cookie path, eg. '/foo/bar/' (optional,
- defaults to '/')
- </para>
- </listitem>
- <listitem>
- <para>
- <varname>$secure</varname>: Boolean, Whether the cookie is to be
- sent over secure (HTTPS) connections only (optional, defaults to
- boolean <constant>FALSE</constant>)
- </para>
- </listitem>
- </itemizedlist>
- </listitem>
- <listitem>
- <para>
- By calling the fromString($cookieStr, [$refUri, [$encodeValue]]) static
- method, with a cookie string as represented in the 'Set-Cookie
- ' <acronym>HTTP</acronym> response header or 'Cookie' <acronym>HTTP</acronym>
- request header. In this case, the cookie value must already be encoded. When
- the cookie string does not contain a 'domain' part, you must provide a
- reference <acronym>URI</acronym> according to which the cookie's domain and
- path will be set.
- </para>
- <para>
- The <code>fromString</code> method accepts the following parameters:
- </para>
- <itemizedlist>
- <listitem>
- <para>
- <varname>$cookieStr</varname>: a cookie string as represented in the
- 'Set-Cookie' <acronym>HTTP</acronym> response header or 'Cookie'
- <acronym>HTTP</acronym> request header (required)
- </para>
- </listitem>
- <listitem>
- <para>
- <varname>$refUri</varname>: a reference <acronym>URI</acronym>
- according to which the cookie's domain and path will be set.
- (optional, defaults to parsing the value from the $cookieStr)
- </para>
- </listitem>
- <listitem>
- <para>
- <varname>$encodeValue</varname>: If the value should be passed
- through urldecode. Also effects the cookie's behavior when being
- converted back to a cookie string. (optional, defaults to true)
- </para>
- </listitem>
- </itemizedlist>
- </listitem>
- </itemizedlist>
- <example id="zend.http.cookies.cookie.instantiating.example-1">
- <title>Instantiating a Zend_Http_Cookie object</title>
- <programlisting language="php"><![CDATA[
- // First, using the constructor. This cookie will expire in 2 hours
- $cookie = new Zend_Http_Cookie('foo',
- 'bar',
- '.example.com',
- time() + 7200,
- '/path');
- // You can also take the HTTP response Set-Cookie header and use it.
- // This cookie is similar to the previous one, only it will not expire, and
- // will only be sent over secure connections
- $cookie = Zend_Http_Cookie::fromString('foo=bar; domain=.example.com; ' .
- 'path=/path; secure');
- // If the cookie's domain is not set, you have to manually specify it
- $cookie = Zend_Http_Cookie::fromString('foo=bar; secure;',
- 'http://www.example.com/path');
- ]]></programlisting>
- </example>
- <note>
- <para>
- When instantiating a cookie object using the
- <classname>Zend_Http_Cookie</classname>::fromString() method, the cookie value
- is expected to be <acronym>URL</acronym> encoded, as cookie strings should be.
- However, when using the constructor, the cookie value string is expected to be
- the real, decoded value.
- </para>
- </note>
- </para>
- <para>
- A cookie object can be transferred back into a string, using the __toString() magic
- method. This method will produce a <acronym>HTTP</acronym> request "Cookie" header
- string, showing the cookie's name and value, and terminated by a semicolon (';').
- The value will be URL encoded, as expected in a Cookie header:
- <example id="zend.http.cookies.cookie.instantiating.example-2">
- <title>Stringifying a Zend_Http_Cookie object</title>
- <programlisting language="php"><![CDATA[
- // Create a new cookie
- $cookie = new Zend_Http_Cookie('foo',
- 'two words',
- '.example.com',
- time() + 7200,
- '/path');
- // Will print out 'foo=two+words;' :
- echo $cookie->__toString();
- // This is actually the same:
- echo (string) $cookie;
- // In PHP 5.2 and higher, this also works:
- echo $cookie;
- ]]></programlisting>
- </example>
- </para>
- </sect2>
- <sect2 id="zend.http.cookies.cookie.accessors">
- <title>Zend_Http_Cookie getter methods</title>
- <para>
- Once a <classname>Zend_Http_Cookie</classname> object is instantiated, it provides
- several getter methods to get the different properties of the <acronym>HTTP</acronym>
- cookie:
- <itemizedlist>
- <listitem>
- <para>
- <code>string getName()</code>: Get the name of the cookie
- </para>
- </listitem>
- <listitem>
- <para>
- <code>string getValue()</code>: Get the real, decoded value of the cookie
- </para>
- </listitem>
- <listitem>
- <para>
- <code>string getDomain()</code>: Get the cookie's domain
- </para>
- </listitem>
- <listitem>
- <para>
- <code>string getPath()</code>: Get the cookie's path, which defaults to '/'
- </para>
- </listitem>
- <listitem>
- <para>
- <code>int getExpiryTime()</code>: Get the cookie's expiration time, as UNIX
- time stamp. If the cookie has no expiration time set, will return
- <constant>NULL</constant>.
- </para>
- </listitem>
- </itemizedlist>
- </para>
- <para>
- Additionally, several boolean tester methods are provided:
- <itemizedlist>
- <listitem>
- <para>
- <code>boolean isSecure()</code>: Check whether the cookie is set to be sent
- over secure connections only. Generally speaking, if
- <constant>TRUE</constant> the cookie should only be sent over
- <acronym>HTTPS</acronym>.
- </para>
- </listitem>
- <listitem>
- <para>
- <code>boolean isExpired(int $time = null)</code>: Check whether the cookie
- is expired or not. If the cookie has no expiration time, will always return
- <constant>TRUE</constant>. If $time is provided, it will override the
- current time stamp as the time to check the cookie against.
- </para>
- </listitem>
- <listitem>
- <para>
- <code>boolean isSessionCookie()</code>: Check whether the cookie is a
- "session cookie" - that is a cookie with no expiration time, which is meant
- to expire when the session ends.
- </para>
- </listitem>
- </itemizedlist>
- </para>
- <para>
- <example id="zend.http.cookies.cookie.accessors.example-1">
- <title>Using getter methods with Zend_Http_Cookie</title>
- <programlisting language="php"><![CDATA[
- // First, create the cookie
- $cookie =
- Zend_Http_Cookie::fromString('foo=two+words; ' +
- 'domain=.example.com; ' +
- 'path=/somedir; ' +
- 'secure; ' +
- 'expires=Wednesday, 28-Feb-05 20:41:22 UTC');
- echo $cookie->getName(); // Will echo 'foo'
- echo $cookie->getValue(); // will echo 'two words'
- echo $cookie->getDomain(); // Will echo '.example.com'
- echo $cookie->getPath(); // Will echo '/'
- echo date('Y-m-d', $cookie->getExpiryTime());
- // Will echo '2005-02-28'
- echo ($cookie->isExpired() ? 'Yes' : 'No');
- // Will echo 'Yes'
- echo ($cookie->isExpired(strtotime('2005-01-01') ? 'Yes' : 'No');
- // Will echo 'No'
- echo ($cookie->isSessionCookie() ? 'Yes' : 'No');
- // Will echo 'No'
- ]]></programlisting>
- </example>
- </para>
- </sect2>
- <sect2 id="zend.http.cookies.cookie.matching">
- <title>Zend_Http_Cookie: Matching against a scenario</title>
- <para>
- The only real logic contained in a <classname>Zend_Http_Cookie</classname> object, is in
- the match() method. This method is used to test a cookie against a given
- <acronym>HTTP</acronym> request scenario, in order to tell whether the cookie should be
- sent in this request or not. The method has the following syntax and parameters:
- <code>boolean Zend_Http_Cookie->match(mixed $uri, [boolean $matchSessionCookies, [int
- $now]]);</code>
- <itemizedlist>
- <listitem>
- <para>
- <code>mixed $uri</code>: A <classname>Zend_Uri_Http</classname> object with
- a domain name and path to be checked. Optionally, a string representing a
- valid <acronym>HTTP</acronym> <acronym>URL</acronym> can be passed instead.
- The cookie will match if the <acronym>URL</acronym>'s scheme (HTTP or
- <acronym>HTTPS</acronym>), domain and path all match.
- </para>
- </listitem>
- <listitem>
- <para>
- <code>boolean $matchSessionCookies</code>: Whether session cookies should be
- matched or not. Defaults to <constant>TRUE</constant>. If set to
- <constant>FALSE</constant>, cookies with no expiration time will never
- match.
- </para>
- </listitem>
- <listitem>
- <para>
- <code>int $now</code>: Time (represented as UNIX time stamp) to check a
- cookie against for expiration. If not specified, will default to the current
- time.
- </para>
- </listitem>
- </itemizedlist>
- <example id="zend.http.cookies.cookie.matching.example-1">
- <title>Matching cookies</title>
- <programlisting language="php"><![CDATA[
- // Create the cookie object - first, a secure session cookie
- $cookie = Zend_Http_Cookie::fromString('foo=two+words; ' +
- 'domain=.example.com; ' +
- 'path=/somedir; ' +
- 'secure;');
- $cookie->match('https://www.example.com/somedir/foo.php');
- // Will return true
- $cookie->match('http://www.example.com/somedir/foo.php');
- // Will return false, because the connection is not secure
- $cookie->match('https://otherexample.com/somedir/foo.php');
- // Will return false, because the domain is wrong
- $cookie->match('https://example.com/foo.php');
- // Will return false, because the path is wrong
- $cookie->match('https://www.example.com/somedir/foo.php', false);
- // Will return false, because session cookies are not matched
- $cookie->match('https://sub.domain.example.com/somedir/otherdir/foo.php');
- // Will return true
- // Create another cookie object - now, not secure, with expiration time
- // in two hours
- $cookie = Zend_Http_Cookie::fromString('foo=two+words; ' +
- 'domain=www.example.com; ' +
- 'expires='
- . date(DATE_COOKIE, time() + 7200));
- $cookie->match('http://www.example.com/');
- // Will return true
- $cookie->match('https://www.example.com/');
- // Will return true - non secure cookies can go over secure connections
- // as well!
- $cookie->match('http://subdomain.example.com/');
- // Will return false, because the domain is wrong
- $cookie->match('http://www.example.com/', true, time() + (3 * 3600));
- // Will return false, because we added a time offset of +3 hours to
- // current time
- ]]></programlisting>
- </example>
- </para>
- </sect2>
- <sect2 id="zend.http.cookies.cookiejar">
- <title>The Zend_Http_CookieJar Class: Instantiation</title>
- <para>
- In most cases, there is no need to directly instantiate a
- <classname>Zend_Http_CookieJar</classname> object. If you want to attach a new cookie
- jar to your <classname>Zend_Http_Client</classname> object, just call the
- Zend_Http_Client->setCookieJar() method, and a new, empty cookie jar
- will be attached to your client. You could later get this cookie jar
- using Zend_Http_Client->getCookieJar().
- </para>
- <para>
- If you still wish to manually instantiate a CookieJar object, you
- can do so by calling "new Zend_Http_CookieJar()" directly - the
- constructor method does not take any parameters. Another way to
- instantiate a CookieJar object is to use the static Zend_Http_CookieJar::fromResponse()
- method. This method takes two parameters: a <classname>Zend_Http_Response</classname>
- object, and a reference <acronym>URI</acronym>, as either a string or a
- <classname>Zend_Uri_Http</classname> object. This method will return a new
- <classname>Zend_Http_CookieJar</classname> object, already containing the cookies set by
- the passed <acronym>HTTP</acronym> response. The reference <acronym>URI</acronym> will
- be used to set the cookie's domain and path, if they are not defined in the Set-Cookie
- headers.
- </para>
- </sect2>
- <sect2 id="zend.http.cookies.cookiejar.adding_cookies">
- <title>Adding Cookies to a Zend_Http_CookieJar object</title>
- <para>
- Usually, the <classname>Zend_Http_Client</classname> object you attached your CookieJar
- object to will automatically add cookies set by <acronym>HTTP</acronym> responses to
- your jar. if you wish to manually add cookies to your jar, this can be done by using
- two methods:
- <itemizedlist>
- <listitem>
- <para>
- <classname>Zend_Http_CookieJar->addCookie($cookie[, $ref_uri])</classname>:
- Add a single cookie to the jar. $cookie can be either a
- <classname>Zend_Http_Cookie</classname> object or a string, which will be
- converted automatically into a Cookie object. If a string is provided, you
- should also provide $ref_uri - which is a reference <acronym>URI</acronym>
- either as a string or <classname>Zend_Uri_Http</classname> object, to use as
- the cookie's default domain and path.
- </para>
- </listitem>
- <listitem>
- <para>
- <classname>Zend_Http_CookieJar->addCookiesFromResponse($response,
- $ref_uri)</classname>: Add all cookies set in a single
- <acronym>HTTP</acronym> response to the jar. $response is expected to be a
- <classname>Zend_Http_Response</classname> object with Set-Cookie headers.
- $ref_uri is the request <acronym>URI</acronym>, either as a string or a
- <classname>Zend_Uri_Http</classname> object, according to which the cookies'
- default domain and path will be set.
- </para>
- </listitem>
- </itemizedlist>
- </para>
- </sect2>
- <sect2 id="zend.http.cookies.cookiejar.getting_cookies">
- <title>Retrieving Cookies From a Zend_Http_CookieJar object</title>
- <para>
- Just like with adding cookies, there is usually no need to manually
- fetch cookies from a CookieJar object. Your <classname>Zend_Http_Client</classname>
- object will automatically fetch the cookies required for an <acronym>HTTP</acronym>
- request for you. However, you can still use 3 provided methods to fetch
- cookies from the jar object: <methodname>getCookie()</methodname>,
- <methodname>getAllCookies()</methodname>, and
- <methodname>getMatchingCookies()</methodname>. Additionnaly, iterating over the
- CookieJar will let you retrieve all the <classname>Zend_Http_Cookie</classname> objects
- from it.
- </para>
- <para>
- It is important to note that each one of these methods takes a
- special parameter, which sets the return type of the method. This
- parameter can have 3 values:
- <itemizedlist>
- <listitem>
- <para>
- <constant>Zend_Http_CookieJar::COOKIE_OBJECT</constant>: Return
- a <classname>Zend_Http_Cookie</classname> object. If the method returns more
- than one cookie, an array of objects will be returned.
- </para>
- </listitem>
- <listitem>
- <para>
- <constant>Zend_Http_CookieJar::COOKIE_STRING_ARRAY</constant>: Return
- cookies as strings, in a "foo=bar" format, suitable for sending
- in a <acronym>HTTP</acronym> request "Cookie" header. If more than one
- cookie is returned, an array of strings is returned.
- </para>
- </listitem>
- <listitem>
- <para>
- <constant>Zend_Http_CookieJar::COOKIE_STRING_CONCAT</constant>: Similar to
- COOKIE_STRING_ARRAY, but if more than one cookie is returned, this
- method will concatenate all cookies into a single, long string
- separated by semicolons (;), and return it. This is especially useful
- if you want to directly send all matching cookies in a single
- <acronym>HTTP</acronym> request "Cookie" header.
- </para>
- </listitem>
- </itemizedlist>
- </para>
- <para>
- The structure of the different cookie-fetching methods is described below:
- <itemizedlist>
- <listitem>
- <para>
- <classname>Zend_Http_CookieJar->getCookie($uri, $cookie_name[,
- $ret_as])</classname>: Get a single cookie from the jar, according to
- its <acronym>URI</acronym> (domain and path) and name. $uri is either a
- string or a <classname>Zend_Uri_Http</classname> object representing the
- <acronym>URI</acronym>. $cookie_name is a string identifying the cookie
- name. $ret_as specifies the return type as described above. $ret_type is
- optional, and defaults to COOKIE_OBJECT.
- </para>
- </listitem>
- <listitem>
- <para>
- <classname>Zend_Http_CookieJar->getAllCookies($ret_as)</classname>: Get all
- cookies from the jar. $ret_as specifies the return type as described
- above. If not specified, $ret_type defaults to COOKIE_OBJECT.
- </para>
- </listitem>
- <listitem>
- <para>
- <classname>Zend_Http_CookieJar->getMatchingCookies($uri[,
- $matchSessionCookies[, $ret_as[, $now]]])</classname>: Get all cookies
- from the jar that match a specified scenario, that is a
- <acronym>URI</acronym> and expiration time.
- <itemizedlist>
- <listitem>
- <para>
- <varname>$uri</varname> is either a
- <classname>Zend_Uri_Http</classname> object or a string
- specifying the connection type (secure or non-secure), domain
- and path to match against.
- </para>
- </listitem>
- <listitem>
- <para>
- <varname>$matchSessionCookies</varname> is a boolean telling
- whether to match session cookies or not. Session cookies are
- cookies that have no specified expiration time. Defaults to
- <constant>TRUE</constant>.
- </para>
- </listitem>
- <listitem>
- <para>
- <varname>$ret_as</varname> specifies the return type as
- described above. If not specified, defaults to COOKIE_OBJECT.
- </para>
- </listitem>
- <listitem>
- <para>
- <varname>$now</varname> is an integer representing the UNIX time
- stamp to consider as "now" - that is any cookies who are set to
- expire before this time will not be matched. If not specified,
- defaults to the current time.
- </para>
- </listitem>
- </itemizedlist>
- You can read more about cookie matching here:
- <xref linkend="zend.http.cookies.cookie.matching" />.
- </para>
- </listitem>
- </itemizedlist>
- </para>
- </sect2>
- </sect1>
- <!--
- vim:se ts=4 sw=4 et:
- -->
|
