JavaScript, Sixth Edition

Slides:



Advertisements
Similar presentations
Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
Advertisements

ECA 225 Applied Interactive Programming1 ECA 225 Applied Online Programming cookies.
JavaScript Forms Form Validation Cookies. What JavaScript can do  Control document appearance and content  Control the browser  Interact with user.
1 Chapter 12 Working With Access 2000 on the Internet.
JavaScript Forms Form Validation Cookies CGI Programs.
Managing State Information. PHP State Information 2 Objectives Learn about state information Use hidden form fields to save state information Use query.
XP Tutorial 9 New Perspectives on JavaScript, Comprehensive1 Working with Cookies Managing Data in a Web Site Using JavaScript Cookies.
Chapter 10 Managing State Information PHP Programming with MySQL.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
ASP.NET Programming with C# and SQL Server First Edition
Chapter 11 ASP.NET JavaScript, Third Edition. 2 Objectives Learn about client/server architecture Study server-side scripting Create ASP.NET applications.
Chapter 10 Maintaining State Information Using Cookies.
Objectives Learn about state information
Creating Web Page Forms
Form Handling, Validation and Functions. Form Handling Forms are a graphical user interfaces (GUIs) that enables the interaction between users and servers.
Client-Side programming with JavaScript 3
Chapter 9 Using Perl for CGI Programming. Computation is required to support sophisticated web applications Computation can be done by the server or the.
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.
CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.
Comp2513 Forms and CGI Server Applications Daniel L. Silver, Ph.D.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
JavaScript, Fifth Edition Chapter 1 Introduction to JavaScript.
Chapter 6: Forms JavaScript - Introductory. Previewing the Product Registration Form.
XHTML Introductory1 Forms Chapter 7. XHTML Introductory2 Objectives In this chapter, you will: Study elements Learn about input fields Use the element.
IT533 Lectures Session Management in ASP.NET. Session Tracking 2 Personalization Personalization makes it possible for e-businesses to communicate effectively.
Cookies and Security Saving the “state”
XHTML Introductory1 Linking and Publishing Basic Web Pages Chapter 3.
JavaScript, Fourth Edition
Working with Cookies Managing Data in a Web Site Using JavaScript Cookies* *Check and comply with the current legislation regarding handling cookies.
WEEK 3 AND 4 USING CLIENT-SIDE SCRIPTS TO ENHANCE WEB APPLICATIONS.
CSE 154 LECTURE 12: COOKIES. Including files: include include("filename"); PHP include("header.html"); include("shared-code.php"); PHP inserts the entire.
9 Chapter Nine Compiled Web Server Programs. 9 Chapter Objectives Learn about Common Gateway Interface (CGI) Create CGI programs that generate dynamic.
USING PERL FOR CGI PROGRAMMING
Chapter 8 Cookies And Security JavaScript, Third Edition.
Week seven CIT 354 Internet II. 2 Objectives Database_Driven User Authentication Using Cookies Session Basics Summary Homework and Project 2.
Regular Expression (continue) and Cookies. Quick Review What letter values would be included for the following variable, which will be used for validation.
Cookies Web Browser and Server use HTTP protocol to communicate and HTTP is a stateless protocol. But for a commercial website it is required to maintain.
11 1 Cookies CGI/Perl Programming By Diane Zak Objectives In this chapter, you will: Learn the difference between temporary and persistent cookies.
STATE MANAGEMENT.  Web Applications are based on stateless HTTP protocol which does not retain any information about user requests  The concept of state.
PHP Programming with MySQL Slide 10-1 CHAPTER 10 Managing State Information.
7 Chapter Seven Client-side Scripts. 7 Chapter Objectives Create HTML forms Learn about client-side scripting languages Create a client-side script using.
XP Tutorial 8 Adding Interactivity with ActionScript.
Internet & World Wide Web How to Program, 5/e © by Pearson Education, Inc. All Rights Reserved.
Persistence Maintaining state using cookies and queries.
Cookies (continue). Extracting Data From Cookies Data retrieved from a cookie is a simple text string. While there is no specific JavaScript function.
Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.
8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.
1 State and Session Management HTTP is a stateless protocol – it has no memory of prior connections and cannot distinguish one request from another. The.
IS2802 Introduction to Multimedia Applications for Business Lecture 8: JavaScript and Cookies Rob Gleasure
Project 5: Customizing User Content Essentials for Design JavaScript Level Two Michael Brooks.
Sessions and cookies (part 2) MIS 3501, Fall 2015 Brad N Greenwood, PhD Department of MIS Fox School of Business Temple University 11/19/2015.
Persistence Maintaining state: Queries. State is the Problem What is state? facebook status logins (which user are you?) conversations talking about what?
Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.
1 Chapter 22 World Wide Web (HTTP) Chapter 22 World Wide Web (HTTP) Mi-Jung Choi Dept. of Computer Science and Engineering
JavaScript, Sixth Edition
Chapter 5 Validating Form Data with JavaScript
19.10 Using Cookies A cookie is a piece of information that’s stored by a server in a text file on a client’s computer to maintain information about.
Chapter 19 PHP Part III Credits: Parts of the slides are based on slides created by textbook authors, P.J. Deitel and H. M. Deitel by Prentice Hall ©
Client / Session Identification Cookies
Web Programming Language
Lesson #8 MCTS Cert Guide Microsoft Windows 7, Configuring Chapter 8 Configuring Applications and Internet Explorer.
Cookies and JavaScript
What is Cookie? Cookie is small information stored in text file on user’s hard drive by web server. This information is later used by web browser to retrieve.
Client / Session Identification Cookies
WEB PROGRAMMING JavaScript.
Session Tracking Techniques
HTML5 and Local Storage.
CSc 337 Lecture 27: Cookies.
Web Programming Language
CSc 337 Lecture 25: Cookies.
Presentation transcript:

JavaScript, Sixth Edition Chapter 9 Managing State and Information Security

Objectives When you complete this chapter, you will be able to: Save state information with query strings, hidden form fields, and cookies Describe JavaScript security issues and employ coding practices designed to address them JavaScript, Sixth Edition

Understanding State Information Information about individual visits to a Web site HTTP original design: stateless No persistent data about site visits stored Reasons for maintaining state information Customize individual web pages Store information within a multipart form Provide shopping carts JavaScript, Sixth Edition

Saving State Information with Query Strings Set of name-value pairs Appended to a target URL Consists of a single text string Contains one or more pieces of information Passes information from one web page to another JavaScript, Sixth Edition

Saving State Information with Query Strings (cont’d.) Passing data with a query string Add a question mark (?) immediately after a URL Followed by the query string (in name-value pairs) for the information to preserve Ampersands (&) Separates individual name-value pairs within the query string Example: <a href="http://www.example.com/↵ addItem.html?isbn=9780394800165&quantity=2">Order Book</a> JavaScript, Sixth Edition

Saving State Information with Query Strings (cont’d.) Passed query string assigned to target web page Location object search property search property of the Location object contains a URL’s query or search parameters From preceding example: Query string "?isbn=9780394800165&quantity=2" Available as the value of the search property of the Location object After addItem.html document opens JavaScript, Sixth Edition

Saving State Information with Query Strings (cont’d.) Remove the question mark Using the substring() method combined with the length property Example: // Assign the query string to the queryData variable var queryData = location.search; // Remove the opening question mark from the string queryData = queryData.substring(1, queryData.length); JavaScript, Sixth Edition

Saving State Information with Query Strings (cont’d.) Convert individual pieces of information into array elements Using the split() method Example: Convert the information in the queryData variable into an array named queryArray[] // split queryData into an array var queryArray = queryData.split("&"); JavaScript, Sixth Edition

Saving State Information with Hidden Form Fields Special type of form element Not displayed by web browser Allows information to be hidden from users Created with the input element Temporarily stores data sent to a server along with the rest of a form No need for user to see hidden data Syntax <input type="hidden"> JavaScript, Sixth Edition

Saving State Information with Hidden Form Fields (cont’d.) Figure 9-7 Submitting data from multiple forms using hidden fields JavaScript, Sixth Edition

Saving State Information with Cookies Query strings and hidden form fields temporarily maintain state information Cookies Small pieces of information about a user Stored by a web server in text files Stored on the user’s computer When Web client visits a web server Saved cookies sent from client to the server Temporary cookies Available only for current browser session JavaScript, Sixth Edition

Storing State Information Query strings and hidden form fields temporarily maintain state information Two methods of storing state information on user's computer cookies Web Storage JavaScript, Sixth Edition

Storing State Information with Cookies Small pieces of information Stored in text files Temporary cookies Remain available only for current browser session Persistent cookies Remain available beyond current browser session Stored in a text file on a client computer JavaScript, Sixth Edition

Storing State Information with Cookies (cont'd.) Limitations on the use of cookies Server or domain can store a maximum of 20 cookies Total cookies per browser cannot exceed 300 Largest cookie size is 4 kilobytes Not enforced by all browsers JavaScript, Sixth Edition

Creating and Modifying Cookies Use the cookie property of the Document object Creates cookies in name-value pairs Syntax document.cookie = name + "=" + value; Cookie property created with a required name attribute and four optional attributes: expires, path, domain, secure JavaScript, Sixth Edition

Creating and Modifying Cookies (cont’d.) Table 9-1 Cookie attributes JavaScript, Sixth Edition

Creating and Modifying Cookies (cont’d.) name attribute Only required parameter Specifies cookie’s name-value pair Cookies created with only the name attribute: Temporary cookies cookie property adds another entry to a list of cookies JavaScript, Sixth Edition

Creating and Modifying Cookies (cont’d.) Example: build a list of cookies document.cookie = "username=mw101"; document.cookie = "member=true"; document.cookie = "audio=false"; Resulting value of cookie property: username=mw101; member=true; audio=false JavaScript, Sixth Edition

Creating and Modifying Cookies (cont’d.) Cookies cannot include semicolons or special characters Can use special characters in cookies if using encoding Encoding involves converting special characters in a text string To corresponding hexadecimal ASCII value preceded by a percent sign JavaScript, Sixth Edition

Creating and Modifying Cookies (cont’d.) encodeURIComponent() function Used for encoding the individual parts of a URI Converts special characters in the individual parts of a URI to corresponding hexadecimal ASCII value Syntax: encodeURIComponent(text) decodeURIComponent() function Counterpart of encodeURIComponent() function Syntax: decodeURIComponent(text) JavaScript, Sixth Edition

Creating and Modifying Cookies (cont’d.) Testing Applications That Use Cookies Browsers open local documents without HTTP Some browsers don't support setting cookies when HTTP protocol not used Can focus testing on browsers that support cookies on files opened without HTTP More robust option run local web server open files using HTTP protocol some code editors include built-in testing server JavaScript, Sixth Edition

Creating and Modifying Cookies (cont’d.) expires attribute Determines how long a cookie can remain on a client system before being deleted Cookies created without this attribute Available current browser session only Syntax: expires=date name-value pair and the expires=date pair separated by a semicolon Do not encode expires attribute JavaScript, Sixth Edition

Creating and Modifying Cookies (cont’d.) Can manually type a string in UTC format or: Can create string with the Date object Use the toUTCString() method to convert the Date object to a string Example: var expiresDate = new Date(); var username = document.getElementById("username").value; expiresDate.setFullYear(expiresDate.getFullYear() + 1); document.cookie = "username=" +↵ encodeURIComponent(username) + "; expires=" +↵ expiresDate.toUTCString(); JavaScript, Sixth Edition

Creating and Modifying Cookies (cont’d.) Configuring availability of cookies to other web pages on the server use path attribute Default: cookie available to all web pages in the same directory To make cookie available to all directories on a server Use a slash JavaScript, Sixth Edition

Creating and Modifying Cookies (cont’d.) Example: var username = document.getElementById("username").value; document.cookie = "username=" +↵ encodeURIComponent(username + "; path=/advertising"); encodeURIComponent(username + "; path=/"); Cookies from other programs stored in the same directory Can cause JavaScript program to run erratically JavaScript, Sixth Edition

Creating and Modifying Cookies (cont’d.) Sharing cookies across a domain use domain attribute Example: var username = document.getElementById("username").value; document.cookie = "username=" +↵ encodeURIComponent(username +↵ "; domain=.example.com"); Cannot share cookies outside of a domain JavaScript, Sixth Edition

Creating and Modifying Cookies (cont’d.) Securing cookie transmissions secure attribute Indicates cookie can only be transmitted across a secure Internet connection Using HTTPS or another security protocol Example: var username = document.getElementById("username").value; document.cookie = "username=" +↵ encodeURIComponent(username + "; secure=true"); JavaScript, Sixth Edition

Reading Cookies with JavaScript Parsing a cookie Decode it using decodeURIComponent() function Use the String object methods to extract individual name-value pairs Similar to parsing query strings Do not need to remove the question mark at the beginning of the string Individual cookies separated by a semicolon and a space instead of ampersands JavaScript, Sixth Edition

Reading Cookies with JavaScript (cont’d.) Example: Create three encoded cookies Read them from the cookie property, decode them Use the split() method to copy each name-value pair into cookieArray[] array elements Determine which cookie holds needed value for loop to cycle through array elements if statement to check name portion of each name-value pair JavaScript, Sixth Edition

Reading Cookies with JavaScript (cont’d.) document.cookie = "username=" +↵ encodeURIComponent(username); document.cookie = "member=" +↵ encodeURIComponent(member); document.cookie = "audio=" +↵ encodeURIComponent(audio); var cookieString = decodeURIComponent(document.cookie); var cookieArray = cookieString.split("; "); JavaScript, Sixth Edition

Reading Cookies with JavaScript (cont’d.) var currentUsername; var unBox = document.getElementById("username"); for (var i = 0; i < 3; i++) { currentUsername = cookieArray[i]; if↵ (currentUsername.substring(0,currentUsername.indexOf("="))↵ === "username") { unBox.value =↵ currentUsername.substring(currentUsername.↵ indexOf("=") + 1,currentUsername.length); break; } JavaScript, Sixth Edition

Deleting Cookies with JavaScript Not intuitive Must set cookie expiration to a date in the past Example: Delete username cookie by setting its expires attribute to one week ago var expiresDate = new Date(); var username = document.getElementById("username").value; expiresDate.setDate(expiresDate.getDate() - 7); document.cookie = "username=" +↵ encodeURIComponent(username) + "; expires=" +↵ expiresDate.toUTCString(); JavaScript, Sixth Edition

Deleting Cookies from Your Browser Persistent cookies can interfere with testing Good idea to delete cookies periodically Table 9-2 Steps to delete cookies in IE, Firefox, and Chrome JavaScript, Sixth Edition

Storing State Information with the Web Storage API Common uses of cookies never originally planned Web Storage Draft specification of W3C Not supported by some older browsers Cookies are still the standard Web Storage offers additional features Applications targeted at specific browsers can use Web Storage JavaScript, Sixth Edition

Storing State Information with the Web Storage API (cont'd.) Two Web Storage properties of Window object localStorage Remains until you run code to delete it Similar to persistent cookies sessionStorage Removed automatically when user closes browser tab or window Like temporary cookies JavaScript, Sixth Edition

Storing State Information with the Web Storage API (cont'd.) Storing/reading Web Storage easier than cookies Example: var firstName = document.getElementById("fname").value; localStorage.fName = firstName; To use a method Preface it with localStorage or sessionStorage JavaScript, Sixth Edition

Storing State Information with the Web Storage API (cont'd.) Table 9-3 Methods of the Web Storage API JavaScript, Sixth Edition

Understanding Security Issues Security threats Viruses, worms, data theft by hackers Consider web server security and secure coding issues Web server security technologies Firewalls Secure Socket Layer (SSL) JavaScript programs downloaded and execute locally JavaScript, Sixth Edition

Secure Coding with JavaScript Secure coding or defensive coding Writing code to minimize any intentional or accidental security issues All code: insecure unless proven otherwise No magic formula for writing secure code JavaScript, Sixth Edition

JavaScript Security Concerns Security areas of most concern: Protection of a web page and JavaScript program against malicious tampering Privacy of individual client information Protection of the local file system of the client or web site from theft or tampering Code injection attack Program or user enters JavaScript code that changes function of web page Validating forms helps prevent this Escaping characters also important JavaScript, Sixth Edition

JavaScript Security Concerns Another security concern Privacy of individual client information in the web browser window Important JavaScript security feature Lack of certain types of functionality File manipulation Create a network connection Cannot run system commands or execute programs on a client JavaScript, Sixth Edition

The Same Origin Policy Restricts how JavaScript code access between windows/tabs/frames To view and modify elements in other windows and frames They must have the same protocol and exist on the same web server Same origin policy applies to: The domain name The server on which a document located JavaScript, Sixth Edition

The Same Origin Policy (cont’d.) Policy prevents: Malicious scripts from modifying content of other windows and frames Theft of private browser information and information displayed on secure web pages Policy protects integrity of web page design JavaScript, Sixth Edition

The Same Origin Policy (cont’d.) domain property of the Document object Changes origin of a document to its root domain name Allows documents from different origins in the same domain to access each other’s elements and properties JavaScript, Sixth Edition

Using Third-Party Scripts Sometimes you want to run scripts from other domains Known as third-party scripts Examples: Widgets that run from provider's server Using Content Delivery Network (CDN) To enable third-party script Include script element with src value pointing to third-party content Exception to same origin policy JavaScript, Sixth Edition

Summary State information HTTP originally designed to be stateless Information about individual visits to a web site HTTP originally designed to be stateless Most common tools for maintaining state information: Query strings, hidden form fields, cookies, Web Storage Query string Set of name-value pairs appended to a target URL Can hide information from users in a hidden form field JavaScript, Sixth Edition

Summary (cont’d.) Cookies Small pieces of information about a user Stored by a web server Can be temporary or persistent Cookie property created with a required name attribute Can use special characters in cookies if using encoding encodeURIComponent() function encodes the individual parts of a URI JavaScript, Sixth Edition

Summary (cont’d.) When reading a cookie or other text string encoded Must first decode it with the decodeURIComponent() function Cookies: one continuous string that must be parsed Web Storage similar to cookies Offers more features, but not as widely supported “Secure coding” or “defensive coding” Writing code to minimize any intentional or accidental security issues JavaScript, Sixth Edition

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.