CSc 337 Lecture 27: Cookies.

Slides:



Advertisements
Similar presentations
CookiesPHPMay-2007 : [‹#›] Maintaining State in PHP Part I - Cookies.
Advertisements

Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?
Servlets and a little bit of Web Services Russell Beale.
CSE 154 LECTURE 13: SESSIONS. Expiration / persistent cookies setcookie("name", "value", expiration); PHP $expireTime = time() + 60*60*24*7; # 1 week.
Application Layer  We will learn about protocols by examining popular application-level protocols  HTTP  FTP  SMTP / POP3 / IMAP  Focus on client-server.
1 The World Wide Web. 2  Web Fundamentals  Pages are defined by the Hypertext Markup Language (HTML) and contain text, graphics, audio, video and software.
HTTP By Mychal Hess, Dee Chow, and Riley Barnes. History HTTP  Tim Berners-Lee he implemented the HTTP protocol in 1990 at the European Center for High-
 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.
Chapter 25 Utilizing Web Storage.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 48 How Internet Sites Can Invade Your Privacy.
Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.
CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.
Comp2513 Forms and CGI Server Applications Daniel L. Silver, Ph.D.
IT533 Lectures Session Management in ASP.NET. Session Tracking 2 Personalization Personalization makes it possible for e-businesses to communicate effectively.
JavaScript, Fourth Edition
Working with Cookies Managing Data in a Web Site Using JavaScript Cookies* *Check and comply with the current legislation regarding handling cookies.
CSE 154 LECTURE 12: COOKIES. Including files: include include("filename"); PHP include("header.html"); include("shared-code.php"); PHP inserts the entire.
Chapter 8 Cookies And Security JavaScript, Third Edition.
12/3/2012ISC329 Isabelle Bichindaritz1 PHP and MySQL Advanced Features.
Week seven CIT 354 Internet II. 2 Objectives Database_Driven User Authentication Using Cookies Session Basics Summary Homework and Project 2.
COOKIES. INTERNET COOKIES What are they Where are they found What should you do about them.
PHP1-1 PHP Lecture 2 Xingquan (Hill) Zhu
Lecture 8 – Cookies & Sessions SFDV3011 – Advanced Web Development 1.
Cookies Web Browser and Server use HTTP protocol to communicate and HTTP is a stateless protocol. But for a commercial website it is required to maintain.
11 1 Cookies CGI/Perl Programming By Diane Zak Objectives In this chapter, you will: Learn the difference between temporary and persistent cookies.
STATE MANAGEMENT.  Web Applications are based on stateless HTTP protocol which does not retain any information about user requests  The concept of state.
COOKIES and SESSIONS. COOKIES A cookie is often used to identify a user. A cookie is a small file that the server embeds on the user's computer. Each.
Web Database Programming Week 7 Session Management & Authentication.
© 2010 Computer Science Faculty, Kabul University HTTP CONTINUED… 4 TH LECTURE 2, May, 2010 Baseer Ahmad Baheer.
CP476 Internet Computing CGI1 Cookie –Cookie is a mechanism for a web server recall info of accessing of a client browser –A cookie is an object sent by.
ECMM6018 Enterprise Networking for Electronic Commerce Tutorial 7
Web Technologies Lecture 6 State preservation. Motivation How to keep user data while navigating on a website? – Authenticate only once – Store wish list.
IS2802 Introduction to Multimedia Applications for Business Lecture 8: JavaScript and Cookies Rob Gleasure
ITM © Port,Kazman 1 ITM 352 Cookies. ITM © Port,Kazman 2 Problem… r How do you identify a particular user when they visit your site (or any.
Cookies and Sessions in PHP. Arguments for the setcookie() Function There are several arguments you can use i.e. setcookie(‘name’, ‘value’, expiration,
Sessions and cookies (part 2) MIS 3501, Fall 2015 Brad N Greenwood, PhD Department of MIS Fox School of Business Temple University 11/19/2015.
COOKIES Gloria Soria Network Security COSC 356. What is a Cookie? A cookie is a piece of text that a Web Server can store on a user's hard disk. Cookies.
Distributed Web Systems Cookies and Session Tracking Lecturer Department University.
Some from Chapter 11.9 – “Web” 4 th edition and SY306 Web and Databases for Cyber Operations Cookies and.
Web Storage and Cookies Cookies, Local and Session Storage SoftUni Team Technical Trainers Software University
National College of Science & Information Technology.
Cookies Tutorial Cavisson Systems Inc..
Managing State Chapter 13.
CSE 154 Lecture 20: Cookies.
Block 5: An application layer protocol: HTTP
World Wide Web policy.
19.10 Using Cookies A cookie is a piece of information that’s stored by a server in a text file on a client’s computer to maintain information about.
Chapter 19 PHP Part III Credits: Parts of the slides are based on slides created by textbook authors, P.J. Deitel and H. M. Deitel by Prentice Hall ©
Sessions and cookies (part 2)
Client / Session Identification Cookies
Web Programming Language
Cookies and Sessions in PHP
Cookies and JavaScript
What is Cookie? Cookie is small information stored in text file on user’s hard drive by web server. This information is later used by web browser to retrieve.
CSE 154 Lecture 21: Cookies.
Client / Session Identification Cookies
CSE 154 Lecture 21: Cookies.
MIS Professor Sandvig MIS 324 Professor Sandvig
Web Systems Development (CSC-215)
Cookies Cookie :- A cookie is often used to identify a user. A cookie is often used to identify a user. A cookie is a small file that the server embeds.
HTML5 and Local Storage.
CSE 154 Lecture 21: Sessions.
CSE 154 Lecture 22: Sessions.
CS3220 Web and Internet Programming Cookies and Session Tracking
Web Programming Language
CSE 154 Lecture 21: Cookies.
Information Security CS 526 Topic 9
Client Side programming: Javascript, Cookies
CSc 337 Lecture 25: Cookies.
Presentation transcript:

CSc 337 Lecture 27: Cookies

Stateful client/server interaction Sites like amazon.com seem to "know who I am." How do they do this? How does a client uniquely identify itself to a server, and how does the server provide specific content to each client? HTTP is a stateless protocol; it simply allows a browser to request a single document from a web server today we'll learn about pieces of data called cookies used to work around this problem, which are used as the basis of higher-level sessions between clients and servers

What is a cookie? cookie: a small amount of information sent by a server to a browser, and then sent back by the browser on future page requests cookies have many uses: authentication user tracking maintaining user preferences, shopping carts, etc. a cookie's data consists of a single name/value pair, sent in the header of the client's HTTP GET or POST request

How cookies are sent when the browser requests a page, the server may send back a cookie(s) with it if your server has previously sent any cookies to the browser, the browser will send them back on subsequent requests alternate model: client- side JavaScript code can set/get cookies

Myths about cookies Myths: Cookies are like worms/viruses and can erase data from the user's hard disk. Cookies are a form of spyware and can steal your personal information. Cookies generate popups and spam. Cookies are only used for advertising. Facts: Cookies are only data, not program code. Cookies cannot erase or read information from the user's computer. Cookies are usually anonymous (do not contain personal information). Cookies CAN be used to track your viewing habits on a particular site.

A "tracking cookie" an advertising company can put a cookie on your machine when you visit one site, and see it when you visit another site that also uses that advertising company therefore they can tell that the same person (you) visited both sites can be thwarted by telling your browser not to accept "third-party cookies"

Where are the cookies on my computer? IE: HomeDirectory\Cookies e.g. C:\Documents and Settings\jsmith\Cookies each is stored as a .txt file similar to the site's domain name Chrome: C:\Users\username\AppData\Local\Google\Chrome\User Data\Default Firefox: HomeDirectory\.mozilla\firefox\???.default\cookies.txt view cookies in Firefox preferences: Privacy, Show Cookies...

How long does a cookie exist? session cookie : the default type; a temporary cookie that is stored only in the browser's memory when the browser is closed, temporary cookies will be erased can not be used for tracking long-term information safer, because no programs other than the browser can access them persistent cookie : one that is stored in a file on the browser's computer can track long-term information potentially less secure, because users (or programs they run) can open cookie files, see/change the cookie values, etc.

Setting Cookies You will need to install cookie-parser in order to use cookies in NodeJS: npm install cookie-parser In order to use cookie-parser in your code you will need to include the following lines: const cookieParser = require('cookie-parser'); app.use(cookieParser());

Setting a cookie in NodeJS res.cookie(cookie_name , cookie_value) res.cookie('username' , 'allison') you can set multiple cookies (20-50) per user, each up to 3-4K bytes by default, the cookie expires when browser is closed (a "session cookie") you can check whether a cookie has been sent by typing document.cookie into the browser console

Retrieving information from a cookie req.cookies // retrieve value of the cookies var name = req.cookies.name; Cookies can be retrieved from the request

Expiration / persistent cookies res.cookie(name , 'value', {maxAge : 10000}); var expireTime = 60*60*24*7; // 1 week from now res.cookie("CouponNumber", "389752", {maxAge : expireTime}); res.cookie("CouponValue", "100.00", {maxAge : expireTime}); to set a persistent cookie, pass a third parameter for when it should expire time is in milliseconds indicated as an integer representing a number of seconds, often relative to current date if no expiration passed, cookie is a session cookie; expires when browser is closed

Deleting a cookie res.clearCookie(cookie_name); res.clearCookie('name'); takes the name of the cookie to delete as a parameter remember that the cookie will also be deleted automatically when it expires, or can be deleted manually by the user by clearing their browser cookies

Clearing cookies in your browser Chrome: Wrench   → History → Clear all browsing data... Firefox: Firefox menu → Options → Privacy → Show Cookies... → Remove (All) Cookies

Cookie and Session error fix Some students have trouble getting cookies and sessions (Thursday) to work on their machines. If you can't get them to work, try the following: Use Firefox not Chrome change your fetch call to: fetch(url, {method: "GET", credentials: "include"}) Include httpOnly : false when you set your cookie example: res.cookie("luckynum", number, {maxAge : 10000, httpOnly : false}); Access your html page from http://localhost:3000/page_name.html to do this you will need to move your .html files to a folder called public located in the folder that your service is stored in.