| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445 |
- <sect1 id="zend.http.cookies">
- <title>Zend_Http_Cookie and Zend_Http_CookieJar</title>
- <sect2 id="zend.http.cookies.introduction">
- <title>Inleiding</title>
- <para>
- Zend_Http_Cookie is, zoals verwacht, een klasse die een HTTP cookie voorstelt.
- Ze verstrekt methodes voor het inlezen van HTTP response strings, cookies verzamelen
- en gemakkelijk hun eigenschappen aanspreken. Het laat ook toe na te gaan of een cookie
- een bepaald scenario volgt, bv: een verzoek URL, verlooptijd, secure verbinding, enz.
- </para>
- <para>
- Zend_Http_CookieJar is een object dat gewoonlijk door Zend_Http_Client word gebruikt om een set
- van Zend_Http_Cookie objecten te bewaren. Het idee is dat indien een Zend_Http_CookieJar object
- aan een Zend_Http_Client objekt is verbonden alle cookies die van en naar de klant gaan via HTTP
- verzoeken in het Zend_Http_CookieJar zullen worden opgeslaan. Als de klant dan een nieuw verzoek
- maakt zal het eerst het Zend_Http_CookieJar object aanspreken om alle cookies die aan het verzoek
- voldoen te verkrijgen. Deze zullen dan automatisch aan de verzoek headers worden toegevoegd.
- Dit is zeer handig in gevallen waar je een gebruikers sessie over opeenvolgende HTTP verzoeken moet
- bewaren : het stuurt automatisch de session ID cookies waar nodig. Bovendien kan het Zend_Http_CookieJar
- object worden geserialiseerd en opgeslaan worden in $_SESSION waar nodig.
- </para>
- </sect2>
- <sect2 id="zend.http.cookies.cookie.instantiating">
- <title>Instantiating Zend_Http_Cookie Objects</title>
- <para>
- Instantiating a Cookie object can be done in two ways:
- <itemizedlist>
- <listitem>
- <para>
- Through the constructor, using the following syntax:
- <code>new Zend_Http_Cookie(string $name, string $value, string $domain, [int $expires, [string $path, [boolean $secure]]]);</code>
- </para>
- <itemizedlist>
- <listitem>
- <para>
- <code>$name</code>: The name of the cookie (eg. 'PHPSESSID') (required)
- </para>
- </listitem>
- <listitem>
- <para>
- <code>$value</code>: The value of the cookie (required)
- </para>
- </listitem>
- <listitem>
- <para>
- <code>$domain</code>: The cookie's domain (eg. '.example.com') (required)
- </para>
- </listitem>
- <listitem>
- <para>
- <code>$expires</code>: Cookie expiration time, as UNIX time stamp (optional, defaults to null).
- If not set, cookie will be treated as a 'session cookie' with no expiration time.
- </para>
- </listitem>
- <listitem>
- <para>
- <code>$path</code>: Cookie path, eg. '/foo/bar/' (optional, defaults to '/')
- </para>
- </listitem>
- <listitem>
- <para>
- <code>$secure</code>: Boolean, Whether the cookie is to be sent over secure (HTTPS)
- connections only (optional, defaults to boolean FALSE)
- </para>
- </listitem>
- </itemizedlist>
- </listitem>
- <listitem>
- <para>
- By calling the fromString() static method, with a cookie string as represented in the
- 'Set-Cookie' HTTP response header or 'Cookie' HTTP request header. In this case, the
- cookie value must already be encoded. When the cookie string does not contain a 'domain'
- part, you must provide a reference URI according to which the cookie's domain and path
- will be set.
- </para>
- </listitem>
- </itemizedlist>
- <example>
- <title>Instantiating a Zend_Http_Cookie object</title>
- <programlisting role="php"><![CDATA[<?php
- // First, using the constructor. This cookie will expire in 2 hours
- $cookie = new Zend_Http_Cookie('foo', 'bar', '.example.com', time() + 7200, '/path');
- // You can also take the HTTP response Set-Cookie header and use it.
- // This cookie is similar to the previous one, only it will not expire, and
- // will only be sent over secure connections
- $cookie = Zend_Http_Cookie::fromString('foo=bar; domain=.example.com; path=/path; secure');
- // If the cookie's domain is not set, you have to manually specify it
- $cookie = Zend_Http_Cookie::fromString('foo=bar; secure;', 'http://www.example.com/path');
- ?>]]></programlisting>
- </example>
- <note>
- <para>
- When instantiating a cookie object using the Zend_Http_Cookie::fromString() method, the
- cookie value is expected to be URL encoded, as cookie strings should be. However, when
- using the constructor, the cookie value string is expected to be the real, decoded value.
- </para>
- </note>
- </para>
- <para>
- A cookie object can be transferred back into a string, using the __toString() magic method.
- This method will produce a HTTP request "Cookie" header string, showing the cookie's name
- and value, and terminated by a semicolon (';').
- The value will be URL encoded, as expected in a Cookie header:
- <example>
- <title>Stringifying a Zend_Http_Cookie object</title>
- <programlisting role="php"><![CDATA[<?php
- // Create a new cookie
- $cookie = new Zend_Http_Cookie('foo', 'two words', '.example.com', time() + 7200, '/path');
- // Will print out 'foo=two+words;' :
- echo $cookie->__toString();
- // This is actually the same:
- echo (string) $cookie;
- // In PHP 5.2 and higher, this also works:
- echo $cookie;
- ?>]]></programlisting>
- </example>
- </para>
- </sect2>
- <sect2 id="zend.http.cookies.cookie.accessors">
- <title>Zend_Http_Cookie getter methods</title>
- <para>
- Once a Zend_Http_Cookie object is instantiated, it provides several getter methods to get
- the different properties of the HTTP cookie:
- <itemizedlist>
- <listitem>
- <para>
- <code>string getName()</code>: Get the name of the cookie
- </para>
- </listitem>
- <listitem>
- <para>
- <code>string getValue()</code>: Get the real, decoded value of the cookie
- </para>
- </listitem>
- <listitem>
- <para>
- <code>string getDomain()</code>: Get the cookie's domain
- </para>
- </listitem>
- <listitem>
- <para>
- <code>string getPath()</code>: Get the cookie's path, which defaults to '/'
- </para>
- </listitem>
- <listitem>
- <para>
- <code>int getExpiryTime()</code>: Get the cookie's expiration time, as UNIX time stamp. If
- the cookie has no expiration time set, will return NULL.
- </para>
- </listitem>
- </itemizedlist>
- </para>
- <para>
- Additionally, several boolean tester methods are provided:
- <itemizedlist>
- <listitem>
- <para>
- <code>boolean isSecure()</code>: Check whether the cookie is set to be sent over secure
- connections only. Generally speaking, if true the cookie should only be sent over HTTPS.
- </para>
- </listitem>
- <listitem>
- <para>
- <code>boolean isExpired(int $time = null)</code>: Check whether the cookie is expired or not.
- If the cookie has no expiration time, will always return true. If $time is provided, it will
- override the current time stamp as the time to check the cookie against.
- </para>
- </listitem>
- <listitem>
- <para>
- <code>boolean isSessionCookie()</code>: Check whether the cookie is a "session cookie" - that
- is a cookie with no expiration time, which is meant to expire when the session ends.
- </para>
- </listitem>
- </itemizedlist>
- </para>
- <para>
- <example>
- <title>Using getter methods with Zend_Http_Cookie</title>
- <programlisting role="php"><![CDATA[<?php
- // First, create the cookie
- $cookie = Zend_Http_Client('foo=two+words; domain=.example.com; path=/somedir; secure; expires=Wednesday, 28-Feb-05 20:41:22 UTC');
- echo $cookie->getName(); // Will echo 'foo'
- echo $cookie->getValue(); // will echo 'two words'
- echo $cookie->getDomain(); // Will echo '.example.com'
- echo $cookie->getPath(); // Will echo '/'
- echo date('Y-m-d', $cookie->getExpiryTime());
- // Will echo '2005-02-28'
- echo ($cookie->isExpired() ? 'Yes' : 'No');
- // Will echo 'Yes'
- echo ($cookie->isExpired(strtotime('2005-01-01') ? 'Yes' : 'No');
- // Will echo 'No'
- echo ($cookie->isSessionCookie() ? 'Yes' : 'No');
- // Will echo 'No'
- ?>]]></programlisting>
- </example>
- </para>
- </sect2>
- <sect2 id="zend.http.cookies.cookie.matching">
- <title>Zend_Http_Cookie: Matching against a scenario</title>
- <para>
- The only real logic contained in a Zend_Http_Cookie object, is in the match() method.
- This method is used to test a cookie against a given HTTP request scenario, in order
- to tell whether the cookie should be sent in this request or not. The method has
- the following syntax and parameters:
- <code>boolean Zend_Http_Cookie->match(mixed $uri, [boolean $matchSessionCookies, [int $now]]);</code>
- <itemizedlist>
- <listitem>
- <para>
- <code>mixed $uri</code>: A Zend_Uri_Http object with a domain name and path to be checked.
- Optionally, a string representing a valid HTTP URL can be passed instead. The cookie will
- match if the URL's scheme (HTTP or HTTPS), domain and path all match.
- </para>
- </listitem>
- <listitem>
- <para>
- <code>boolean $matchSessionCookies</code>: Whether session cookies should be matched or not.
- Defaults to true. If set to false, cookies with no expiration time will never match.
- </para>
- </listitem>
- <listitem>
- <para>
- <code>int $now</code>: Time (represented as UNIX time stamp) to check a cookie against
- for expiration. If not specified, will default to the current time.
- </para>
- </listitem>
- </itemizedlist>
- <example>
- <title>Matching cookies</title>
- <programlisting role="php"><![CDATA[<?php
- // Create the cookie object - first, a secure session cookie
- $cookie = Zend_Http_Client('foo=two+words; domain=.example.com; path=/somedir; secure;');
- $cookie->match('https://www.example.com/somedir/foo.php');
- // Will return true
- $cookie->match('http://www.example.com/somedir/foo.php');
- // Will return false, because the connection is not secure
- $cookie->match('https://otherexample.com/somedir/foo.php');
- // Will return false, because the domain is wrong
- $cookie->match('https://example.com/foo.php');
- // Will return false, because the path is wrong
- $cookie->match('https://www.example.com/somedir/foo.php', false);
- // Will return false, because session cookies are not matched
- $cookie->match('https://sub.domain.example.com/somedir/otherdir/foo.php');
- // Will return true
- // Create another cookie object - now, not secure, with expiration time in two hours
- $cookie = Zend_Http_Client('foo=two+words; domain=www.example.com; expires=' . date(DATE_COOKIE, time() + 7200);
- $cookie->match('http://www.example.com/');
- // Will return true
- $cookie->match('https://www.example.com/');
- // Will return true - non secure cookies can go over secure connections as well!
- $cookie->match('http://subdomain.example.com/');
- // Will return false, because the domain is wrong
- $cookie->match('http://www.example.com/', true, time() + (3 * 3600));
- // Will return false, because we added a time offset of +3 hours to current time
- ?>]]></programlisting>
- </example>
- </para>
- </sect2>
- <sect2 id="zend.http.cookies.cookiejar">
- <title>The Zend_Http_CookieJar Class: Instantiation</title>
- <para>
- In most cases, there is no need to directly instantiate a
- Zend_Http_CookieJar object. If you want to attach a new cookie jar
- to your Zend_Http_Client object, just call the
- Zend_Http_Client->setCookieJar() method, and a new, empty cookie jar
- will be attached to your client. You could later get this cookie jar
- using Zend_Http_Client->getCookieJar().
- </para>
- <para>
- If you still wish to manually instantiate a CookieJar object, you
- can do so by calling "new Zend_Http_CookieJar()" directly - the
- constructor method does not take any parameters. Another way to
- instantiate a CookieJar object is to use the static Zend_Http_CookieJar::fromResponse()
- method. This method takes two parameters: a Zend_Http_Response object,
- and a reference URI, as either a string or a Zend_Uri_Http object.
- This method will return a new Zend_Http_CookieJar object, already
- containing the cookies set by the passed HTTP response. The reference
- URI will be used to set the cookie's domain and path, if they are
- not defined in the Set-Cookie headers.
- </para>
- </sect2>
- <sect2 id="zend.http.cookies.cookiejar.adding_cookies">
- <title>Adding Cookies to a Zend_Http_CookieJar object</title>
- <para>
- Usually, the Zend_Http_Client object you attached your CookieJar object
- to will automatically add cookies set by HTTP responses to your jar. If
- you wish to manually add cookies to your jar, this can be done by using
- two methods:
- <itemizedlist>
- <listitem>
- <para>
- <code>Zend_Http_CookieJar->addCookie($cookie[, $ref_uri])</code>: Add a
- single cookie to the jar. $cookie can be either a Zend_Http_Cookie
- object or a string, which will be converted automatically into a
- Cookie object. If a string is provided, you should also provide
- $ref_uri - which is a reference URI either as a string or
- Zend_Uri_Http object, to use as the cookie's default domain and path.
- </para>
- </listitem>
- <listitem>
- <para>
- <code>Zend_Http_CookieJar->addCookiesFromResponse($response, $ref_uri)</code>:
- Add all cookies set in a single HTTP response to the jar. $response is
- expected to be a Zend_Http_Response object with Set-Cookie headers. $ref_uri
- is the request URI, either as a string or a Zend_Uri_Http object, according
- to which the cookies' default domain and path will be set.
- </para>
- </listitem>
- </itemizedlist>
- </para>
- </sect2>
- <sect2 id="zend.http.cookies.cookiejar.getting_cookies">
- <title>Retrieving Cookies From a Zend_Http_CookieJar object</title>
- <para>
- Just like with adding cookies, there is usually no need to manually
- fetch cookies from a CookieJar object. Your Zend_Http_Client object
- will automatically fetch the cookies required for an HTTP request
- for you. However, you can still use 3 provided methods to fetch
- cookies from the jar object: <code>getCookie()</code>,
- <code>getAllCookies()</code>, and <code>getMatchingCookies()</code>.
- </para>
- <para>
- It is important to note that each one of these methods takes a
- special parameter, which sets the return type of the method. This
- parameter can have 3 values:
- <itemizedlist>
- <listitem>
- <para>
- <code>Zend_Http_CookieJar::COOKIE_OBJECT</code>: Return
- a Zend_Http_Cookie object. If the method returns more than
- one cookie, an array of objects will be returned.
- </para>
- </listitem>
- <listitem>
- <para>
- <code>Zend_Http_CookieJar::COOKIE_STRING_ARRAY</code>: Return
- cookies as strings, in a "foo=bar" format, suitable for sending
- in a HTTP request "Cookie" header. If more than one cookie is
- returned, an array of strings is returned.
- </para>
- </listitem>
- <listitem>
- <para>
- <code>Zend_Http_CookieJar::COOKIE_STRING_CONCAT</code>: Similar to
- COOKIE_STRING_ARRAY, but if more than one cookie is returned, this
- method will concatenate all cookies into a single, long string
- separated by semicolons (;), and return it. This is especially useful
- if you want to directly send all matching cookies in a single HTTP
- request "Cookie" header.
- </para>
- </listitem>
- </itemizedlist>
- </para>
- <para>
- The structure of the different cookie-fetching methods is described below:
- <itemizedlist>
- <listitem>
- <para>
- <code>Zend_Http_CookieJar->getCookie($uri, $cookie_name[, $ret_as])</code>:
- Get a single cookie from the jar, according to it's URI (domain and path)
- and name. $uri is either a string or a Zend_Uri_Http object representing the
- URI. $cookie_name is a string identifying the cookie name. $ret_as
- specifies the return type as described above. $ret_type is optional, and
- defaults to COOKIE_OBJECT.
- </para>
- </listitem>
- <listitem>
- <para>
- <code>Zend_Http_CookieJar->getAllCookies($ret_as)</code>: Get all
- cookies from the jar. $ret_as specifies the return type as described
- above. If not specified, $ret_type defaults to COOKIE_OBJECT.
- </para>
- </listitem>
- <listitem>
- <para>
- <code>Zend_Http_CookieJar->getMatchingCookies($uri[, $matchSessionCookies[, $ret_as[, $now]]])</code>:
- Get all cookies from the jar that match a specified scenario, that is a URI and expiration time.
- <itemizedlist>
- <listitem>
- <para>
- <code>$uri</code> is either a Zend_Uri_Http object or a string specifying the
- connection type (secure or non-secure), domain and path to match against.
- </para>
- </listitem>
- <listitem>
- <para>
- <code>$matchSessionCookies</code> is a boolean telling whether to match session
- cookies or not. Session cookies are cookies that have no specified expiration
- time. Defaults to true.
- </para>
- </listitem>
- <listitem>
- <para>
- <code>$ret_as</code> specifies the return type as described above. If not
- specified, defaults to COOKIE_OBJECT.
- </para>
- </listitem>
- <listitem>
- <para>
- <code>$now</code> is an integer representing the UNIX time stamp to consider
- as "now" - that is any cookies who are set to expire before this time will
- not be matched. If not specified, defaults to the current time.
- </para>
- </listitem>
- </itemizedlist>
- You can read more about cookie matching here:
- <xref linkend="zend.http.cookies.cookie.matching" />.
- </para>
- </listitem>
- </itemizedlist>
- </para>
- </sect2>
- </sect1>
- <!--
- vim:se ts=4 sw=4 et:
- -->
|
