actually identifying them. The process should be invisible and should not intrude on the
experience.
One solution is to generate a random session identifier. This identifier must not be easy to
guess and must be unique to each user. The session could be stored in a database or a file
and passed in every link or form. The site simply checks that the session is valid each
time a page is requested. If the session is invalid, you may display an error message, send
the user back to the login page, or just generate a new session identifier, depending on
context.
In a site that requires users to log in, the session identifier will be associated with a user
identifier, which would be the key to a table of user information. You may also keep
track of the last time the session requested a page and have all those with no activity in a
given period, perhaps 15 minutes, expire. This protects users who walk away from their
computers without explicitly logging out.
You may also choose to associate arbitrary variables with each session. This is relatively
easy to implement with a relational database. Create a table where each row is uniquely
identified by session identifier and variable name. Creating a variable is as easy as
inserting a row into the table. You can fetch each variable with each request, or fetch
them only as needed. Another approach would be serializing an array of values and
storing it in a single table column.
Chapter 7, "I/O and Disk Access," describes the session-handling system built
into PHP 4, and Chapter 8, "I/O Functions," offers a list of the functions available.
These functions present a system that handles the chores of moving data between
variables and permanent storage. Although the default handler stores variables on the
local file system, it is possible to write your own handler that stores them in a database.
Cloaking
When creating a plain HTML site, you confront two paths: create a site that works great
in only one browser, or create a mediocre site that works in all browsers. PHP allows you
to create a site that works great in any browser. The HTTP_USER_AGENT variable
contains the string most browsers send to the Web server to identify themselves. This
variable may be used to choose between versions of content. This cloaks the inner
workings of the site from the browser. A seamless experience is provided to visitors,
despite differences in browser capabilities.
Chapter 16, "Parsing and String Evaluation," contains an example of using
regular expressions to parse HTTP_USER_AGENT into understandable elements. In most
cases browser name and version are sufficient, though operating system is also helpful.
My experience is that there are subtle differences between identical versions of browsers
running on Windows or the Macintosh. One design element I have cloaked in the past is a
JavaScript rollover, a graphic button that changes when the mouse is passed over it. For
example, the label on the button may glow. This is accomplished in JavaScript by