HTTP Transactions 1. 2 Client-Server Model 3 HTTP HyperText Transport Protocol Native protocol for WWW Sits on top of internet’s TCP/IP protocol HTTP.

Slides:



Advertisements
Similar presentations
Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
Advertisements

Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.
PHP and the Web: Session : 4. Predefined variables PHP provides a large number of predefined global variables to any script which it runs also called.
World Wide Web Basics Original version by Carolyn Watters (Dalhousie U. Computer Science)
Chapter 10 Managing State Information PHP Programming with MySQL.
Using Session Control in PHP tMyn1 Using Session Control in PHP HTTP is a stateless protocol, which means that the protocol has no built-in way of maintaining.
Session Management A290/A590, Fall /25/2014.
HTTP Overview Vijayan Sugumaran School of Business Administration Oakland University.
1 The World Wide Web. 2  Web Fundamentals  Pages are defined by the Hypertext Markup Language (HTML) and contain text, graphics, audio, video and software.
Objectives Learn about state information
Hypertext Transport Protocol CS Dick Steflik.
Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.
Sys Prog & Scripting - HW Univ1 Systems Programming & Scripting Lecture 15: PHP Introduction.
Chapter 9 Using Perl for CGI Programming. Computation is required to support sophisticated web applications Computation can be done by the server or the.
Reading Data in Web Pages tMyn1 Reading Data in Web Pages A very common application of PHP is to have an HTML form gather information from a website's.
FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA1 Part 4 Web technologies: HTTP, CGI, PHP,Java applets)
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.
Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.
CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.
CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.
Chapter 16 The World Wide Web Chapter Goals Compare and contrast the Internet and the World Wide Web Describe general Web processing Describe several.
JavaScript, Fourth Edition
CSE 154 LECTURE 12: COOKIES. Including files: include include("filename"); PHP include("header.html"); include("shared-code.php"); PHP inserts the entire.
USING PERL FOR CGI PROGRAMMING
Web Programming Language Week 7 Dr. Ken Cosh Security, Sessions & Cookies.
Chapter 8 Cookies And Security JavaScript, Third Edition.
Session tracking There are a number of problems that arise from the fact that HTTP is a "stateless" protocol. In particular, when you are doing on- line.
PHP1-1 PHP Lecture 2 Xingquan (Hill) Zhu
Lecture 8 – Cookies & Sessions SFDV3011 – Advanced Web Development 1.
Chapter 6 Server-side Programming: Java Servlets
Cookies Web Browser and Server use HTTP protocol to communicate and HTTP is a stateless protocol. But for a commercial website it is required to maintain.
1 Chapter 9 – Cookies, Sessions, FTP, and More spring into PHP 5 by Steven Holzner Slides were developed by Jack Davis College of Information Science.
Christopher M. Pascucci Basic Structural Concepts of.NET Managing State & Scope.
STATE MANAGEMENT.  Web Applications are based on stateless HTTP protocol which does not retain any information about user requests  The concept of state.
PHP Programming with MySQL Slide 10-1 CHAPTER 10 Managing State Information.
Sessions in PHP – Page 1 of 13CSCI 2910 – Client/Server-Side Programming CSCI 2910 Client/Server-Side Programming Topic: Sessions in PHP Reading: Williams.
Web Database Programming Week 7 Session Management & Authentication.
Cookies and Sessions IDIA 618 Fall 2014 Bridget M. Blodgett.
Saving State on the WWW. The Issue  Connections on the WWW are stateless  Every time a link is followed is like the first time to the server — it has.
Sessions and Cookies State Management, Cookies, Sessions, Hidden Fields SoftUni Team Technical Trainers Software University
Operating Systems Lesson 12. HTTP vs HTML HTML: hypertext markup language ◦ Definitions of tags that are added to Web documents to control their appearance.
ECMM6018 Enterprise Networking for Electronic Commerce Tutorial 7
Internet Applications (Cont’d) Basic Internet Applications – World Wide Web (WWW) Browser Architecture Static Documents Dynamic Documents Active Documents.
8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.
1 State and Session Management HTTP is a stateless protocol – it has no memory of prior connections and cannot distinguish one request from another. The.
SESSIONS 27/2/12 Lecture 8. ? Operator Similar to the if statement but returns a value derived from one of two expressions by a colon. Syntax: (expression)
ASP-2-1 SERVER AND CLIENT SIDE SCRITPING Colorado Technical University IT420 Tim Peterson.
PHP and Sessions. Session – a general definition The GENERAL definition of a session in the “COMPUTER WORLD” is: The interactions (requests and responses)
ITM © Port,Kazman 1 ITM 352 Cookies. ITM © Port,Kazman 2 Problem… r How do you identify a particular user when they visit your site (or any.
1 PHP HTTP After this lecture, you should be able to know: How to create and process web forms with HTML and PHP. How to create and process web forms with.
COSC 2328 – Web Programming.  PHP is a server scripting language  It’s widely-used and free  It’s an alternative to Microsoft’s ASP and Ruby  PHP.
8-Mar-16 More About Servlets Session Tracking. Persistent information A server site typically needs to maintain two kinds of persistent (remembered) information:
Unit-6 Handling Sessions and Cookies. Concept of Session Session values are store in server side not in user’s machine. A session is available as long.
Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.
27.1 Chapter 27 WWW and HTTP Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
1 Chapter 22 World Wide Web (HTTP) Chapter 22 World Wide Web (HTTP) Mi-Jung Choi Dept. of Computer Science and Engineering
PHP: Further Skills 02 By Trevor Adams. Topics covered Persistence What is it? Why do we need it? Basic Persistence Hidden form fields Query strings Cookies.
Distributed Web Systems Cookies and Session Tracking Lecturer Department University.
Programming for the Web Cookies & Sessions Dónal Mulligan BSc MA
© Copyright 2012 Hidaya Trust (Pakistan) ● A Non-Profit Organization ● / www,histpk.org Hidaya Institute of Science & Technology
National College of Science & Information Technology.
CSE 154 Lecture 20: Cookies.
19.10 Using Cookies A cookie is a piece of information that’s stored by a server in a text file on a client’s computer to maintain information about.
Hypertext Transport Protocol
Client / Session Identification Cookies
Web Programming Language
IS333D: MULTI-TIER APPLICATION DEVELOPMENT
What is Cookie? Cookie is small information stored in text file on user’s hard drive by web server. This information is later used by web browser to retrieve.
Web Programming Language
PHP-II.
Presentation transcript:

HTTP Transactions 1

2 Client-Server Model

3 HTTP HyperText Transport Protocol Native protocol for WWW Sits on top of internet’s TCP/IP protocol HTTP is a 4 step process per transaction Uses a predefined set of document formats from MIME

4 MIME Multipurpose Internet Mail Extensions – defines file formats (images, video, text, etc) – e.g. Content-type: text/html – Data type/subtype » text/html » text/plain » image/gif » video/mpeg » application/msword etc

5 HTTP Connection 1. Client – Makes an HTTP request for a web page – Makes a TCP/IP connection 2. Server accepts request – Sends page as HTTP 3. Client downloads page 4. Server breaks the connection

6 HTTP is Stateless Each operation or transaction makes a new connection each operation is unaware of any other connection Each click is a new connection So how do they do those shopping carts?

7 HTTP Transaction Example All web communications use HTTP protocol. HTTP consists of two phases. The Request Phase The Response Phase

8 Examining HTTP Header Values In PHP – $_SERVER is an array containing information such as headers, paths, and script locations

9 Understanding STATUS Codes 1xx – for information only 2xx – action successful 3xx – further action needed (redirect) 4xx – client request error 5xx – server error

10 HTTP Transaction 1.Client and server establish a connection 2.Client makes a request 3.Server makes a response 4.Server terminates connection

HTTP protocol - Stateless HTTP is stateless. In other words, between each request made from a browser to a webserver, the webserver completely forgets anything about any previous requests (i.e. it doesn't preserve state--or memory, after a request has been fulfilled). The stateless model works well for static HTML sites. But often an application may need some form of server-side state in order to remember things like: who's currently logged in, what a visitor has put in their shopping cart, user’s preferences etc. 11

HTTP protocol - Methods of Preserving State on top of HTTP There are three common ways to preserve state across a multi-page website visit (or "session"): – hidden form fields, URL rewriting, and browser cookies. In each of these techniques, the webserver sends the browser some information (the current state) embedded into each HTML document that is returned to the browser. This information is encoded in such a way that every subsequent request from the browser sends this information back to the webserver so that it can identify and recognize the request as belonging to an existing session. 12

Methods of Preserving State on top of HTTP – Hidden Form Fields This technique relies upon the type="hidden" attribute value of an HTML form's tag. The web application will add the browser's current state (name & value pairs) to one or more tags and then when the form is POSTed back to the webserver, this state information is sent back as well. Advantages: Does not require any special support from the server-side scripting platform. No browser cookies. Disadvantages: The hidden form fields don't work so well for links, which have no tags. In these cases, the web application will have to produce href attribute values that incorporate the state name and value pairs into the query string that is appended to the corresponding GET request. The application developer is responsible for generating code to write these state variables into each and every HTML form or link. 13

Methods of Preserving State on top of HTTP – URL Rewriting URL rewriting is similar to the hidden form field technique, instead this time, the server-side platform (e.g. PHP) does the work of inserting the hidden form fields or rewriting each link's query string to accommodate the added state information. The advantages of URL Rewriting are the same as in the case of hidden form fields, and the disadvantage of extra work on the part of the application developer is dispensed with. However, the URLs still end up looking messy (and visible to the person sitting at the browser), and sensitive information sent through HTTP GET is still logged by webservers The default installation of PHP uses this technique (in addition to cookies) for the first page of a site that requires state. If the browser refuses to send back a cookie, PHP will continue to use URL Rewriting unless configured not to. 14

Methods of Preserving State on top of HTTP – Browser Cookies A browser cookie (the term was first coined by Netscape) is nothing more than a text string that is no more than 4KB in size. A browser cookie is sent from webserver to browser by adding the field "Set-Cookie" to the HTTP response header, and is sent from the browser to the webserver by adding the field "Cookie" to the HTTP GET or POST header. Aside from name/value pairs used to record the state information, browser cookies have a number of attributes: domain (a browser will only send a cookie to a webserver if its domain matches the website's URL), directory path (a browser will only send a cookie to a webserver if its directory path is under that of the requested page's path), expiry date (the date and time past which the browser should not send the cookie), and a secure attribute to indicate that the cookie's payload (state information) is encrypted through SSL. 15

Browser Cookies – Scenario details Client (Browser) Requests a file, say first.php from the webserver by sending a GET command. The browser displays the returned HTML document, and stores the cookie (on disk, sometimes in memory). On the displayed HTML document, a link to second.php is clicked by the user. The browser sends the request for the document using the GET command and also sends the cookie back to the server (assuming both the cookie's domain and path attributes are compatible) by adding a Cookie directive to the HTTP request header. Server (Web Server) Responds to the request by sending the HTML rendered from the first.php file. It also adds a Set-Cookie directive to the HTTP response header. The Set-Cookie directive contains all of the cookie parameters, as well as the state information. Receives the request, notes the presence of the cookie, and loads the state information from it. This information is available to the second.php as it is interpreted, and finally the resulting HTML is sent back to the browser. 16

Session Management The idea is simply to identify and distinguish every visitor to a website, and maintain that information as the visitor moves from page to page throughout the site. You need some method of preserving state to maintain information. Therefore, one of the three methods will have to be used, but instead of transmitting all of the state variables back and forth between browser and webserver, only a unique string or number that identifies that particular session will be transmitted. Upon receipt of this identifier, the webserver will look up and load that session's corresponding state information. Most server-side scripting platforms include features to: simplify the management of these sessions, generate the session identifier (called a "session ID" or a "session key"), load and store the state information as needed, and automatically purge the session from memory after a certain period has elapsed without activity from the associated browser (in order to free webserver resources). 17

Session Management -Advantages Support for multi-page User Interfaces. Most web applications use many separate pages that together are required to perform a task. As a visitor transits through these multiple pages, the actions taken on the previous pages must be recorded somewhere so that the information is not lost as the visitor arrives at the final page. 18

Session Management -Disadvantages Performance. Many pages on the site may not need the session information, but the server-side scripting platform must load this regardless with every page visit. Centralized Session Store. All session state must be stored in a single centralized space (most likely a database) for a website. The DB can become both a single point of failure, and a single point of contention as well. Indeterminate Session Length and time-outs. Webservers must arbitrarily end sessions after a certain elapsed time (time-out), since there is no way of knowing if a user has terminated a session or not. On a time-out,, state is lost, and if the visitor later returns, he or she will have to manually restore their session state. Bookmark Problems. If a visitor bookmarks a page on a web application, upon their return they may not have the required session state (presuming the session expired previously) to reach that page. 19

Session Management in PHP PHP (4.0 onwards) includes a great deal of support for session management. Built-in functions help maintain session state for your web applications. By default, PHP uses browser cookies to preserve state. However, PHP can't detect whether cookies are enabled on the browser until the browser sends the cookie back to the webserver in an HTTP request header. Therefore, PHP uses URL rewriting on the first page of a website that requires session management, and if a cookie is returned on the next page request, abandons the URL rewriting in favour of cookies. If the cookie is not returned, PHP continues using URL rewriting. It's possible to configure PHP to use just cookies, or just URL rewriting. 20

Session Management in PHP Starting a Session: To use sessions, you must include the following line in every page of your web application: session_start(); 21

Session Management in PHP Stopping a Session To explicitly stop or end a session, the following two lines are necessary: $_SESSION = array(); session_destroy(); The first statement empties out the built-in session state associative array. The second statement ends the session, and destroys any state stored on the webserver. 22

Session Management in PHP Reading and Writing Session State Variables All session state is stored in the built-in $_SESSION associative array. For example, if you decide to store the current user ID from the database (say, 12345) in session state, you might do the following: $_SESSION[‘some'] = 12345; To print out that value later on in the session, perhaps on a different page, you'd use: print $_SESSION[‘some']; You can use the isset() function to find out (actually, isset() works for any variable or associative array element): if (isset($_SESSION[‘some'])) {...} A shortcut for retrieving the value of a session variable that might not yet be defined uses the ternary operator: Finally, to retrieve the value of the current session key, use the session_id() function. 23

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.