1 Web Sessions It's all an illusion (at the HTTP layer)

Slides:



Advertisements
Similar presentations
Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
Advertisements

Servlets and a little bit of Web Services Russell Beale.
HTTP Hypertext Transfer Protocol. HTTP messages HTTP is the language that web clients and web servers use to talk to each other –HTTP is largely “under.
HTTP Cookie CSC 667/867. PERSISTENT CLIENT STATE HTTP COOKIES Cookies are a general mechanism which server side connections (such as CGI scripts) can.
Servlet Session Tracking. 2 Persistent information A server site typically needs to maintain two kinds of persistent (remembered) information: Information.
Session Management A290/A590, Fall /25/2014.
1 The World Wide Web. 2  Web Fundamentals  Pages are defined by the Hypertext Markup Language (HTML) and contain text, graphics, audio, video and software.
2/9/2004 Web and HTTP February 9, /9/2004 Assignments Due – Reading and Warmup Work on Message of the Day.
CGI Programming: Part 1. What is CGI? CGI = Common Gateway Interface Provides a standardized way for web browsers to: –Call programs on a server. –Pass.
Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.
Chapter 9 Using Perl for CGI Programming. Computation is required to support sophisticated web applications Computation can be done by the server or the.
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.
Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.
_______________________________________________________________________________________________________________ PHP Bible, 2 nd Edition1  Wiley and the.
CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.
Comp2513 Forms and CGI Server Applications Daniel L. Silver, Ph.D.
Comp2513 Java Servlets and Sessions Daniel L. Silver, Ph.D.
Simple Web Services. Internet Basics The Internet is based on a communication protocol named TCP (Transmission Control Protocol) TCP allows programs running.
IT533 Lectures Session Management in ASP.NET. Session Tracking 2 Personalization Personalization makes it possible for e-businesses to communicate effectively.
JavaScript, Fourth Edition
CSE 154 LECTURE 12: COOKIES. Including files: include include("filename"); PHP include("header.html"); include("shared-code.php"); PHP inserts the entire.
COMP 321 Week 7. Overview HTML and HTTP Basics Dynamic Web Content ServletsMVC Tomcat in Eclipse Demonstration Lab 7-1 Introduction.
USING PERL FOR CGI PROGRAMMING
Lecture 5 Dynamic Web Servers CPE 401 / 601 Computer Network Systems slides are modified from Dave Hollinger.
Lecture 21 Common Gateway Interface CPE 401 / 601 Computer Network Systems slides are modified from Dave Hollinger.
Chapter 8 Cookies And Security JavaScript, Third Edition.
Week seven CIT 354 Internet II. 2 Objectives Database_Driven User Authentication Using Cookies Session Basics Summary Homework and Project 2.
PHP1-1 PHP Lecture 2 Xingquan (Hill) Zhu
Lecture 8 – Cookies & Sessions SFDV3011 – Advanced Web Development 1.
Chapter 6 Server-side Programming: Java Servlets
Cookies Web Browser and Server use HTTP protocol to communicate and HTTP is a stateless protocol. But for a commercial website it is required to maintain.
1 Chapter 9 – Cookies, Sessions, FTP, and More spring into PHP 5 by Steven Holzner Slides were developed by Jack Davis College of Information Science.
11 1 Cookies CGI/Perl Programming By Diane Zak Objectives In this chapter, you will: Learn the difference between temporary and persistent cookies.
STATE MANAGEMENT.  Web Applications are based on stateless HTTP protocol which does not retain any information about user requests  The concept of state.
Saving Client State Session Tracking: Maintain state about series of requests from same client over time Using Cookies: Clients hold small amount of their.
Cookies and Sessions IDIA 618 Fall 2014 Bridget M. Blodgett.
A Little Bit About Cookies Fort Collins, CO Copyright © XTR Systems, LLC A Little Bit About Cookies Instructor: Joseph DiVerdi, Ph.D., M.B.A.
Netprog 2002 CGI Programming1 CGI Programming CLIENT HTTP SERVER CGI Program http request http response setenv(), dup(), fork(), exec(),...
ASP.Net, Web Forms and Web Controls 1 Outline Session Tracking Cookies Session Tracking with HttpSessionState.
Saving State on the WWW. The Issue  Connections on the WWW are stateless  Every time a link is followed is like the first time to the server — it has.
CP476 Internet Computing CGI1 Cookie –Cookie is a mechanism for a web server recall info of accessing of a client browser –A cookie is an object sent by.
Session Tracking Lec 31. Revisiting Session Tracking HTTP is a stateless protocol  Every request is considered independent of every other request Many.
Operating Systems Lesson 12. HTTP vs HTML HTML: hypertext markup language ◦ Definitions of tags that are added to Web documents to control their appearance.
ECMM6018 Enterprise Networking for Electronic Commerce Tutorial 7
8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.
Netprog CGI and Forms1 CGI and Forms A detailed look at HTML forms.
1 State and Session Management HTTP is a stateless protocol – it has no memory of prior connections and cannot distinguish one request from another. The.
©SoftMooreSlide 1 Session Tracking with Servlets.
PHP and Sessions. Session – a general definition The GENERAL definition of a session in the “COMPUTER WORLD” is: The interactions (requests and responses)
ITM © Port,Kazman 1 ITM 352 Cookies. ITM © Port,Kazman 2 Problem… r How do you identify a particular user when they visit your site (or any.
©SoftMooreSlide 1 Cookies. ©SoftMooreSlide 2 Cookies Basic idea –web application sends a simple name/value pair to the client –when the client connects.
1 COMP 431 Internet Services & Protocols HTTP Persistence & Web Caching Jasleen Kaur February 11, 2016.
8-Mar-16 More About Servlets Session Tracking. Persistent information A server site typically needs to maintain two kinds of persistent (remembered) information:
Unit-6 Handling Sessions and Cookies. Concept of Session Session values are store in server side not in user’s machine. A session is available as long.
Week 11: Application Layer 1 Web and HTTP r Web page consists of objects r Object can be HTML file, JPEG image, Java applet, audio file,… r Web page consists.
Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.
Simple Web Services. Internet Basics The Internet is based on a communication protocol named TCP (Transmission Control Protocol) TCP allows programs running.
PHP: Further Skills 02 By Trevor Adams. Topics covered Persistence What is it? Why do we need it? Basic Persistence Hidden form fields Query strings Cookies.
Distributed Web Systems Cookies and Session Tracking Lecturer Department University.
Fundamentals of Web DevelopmentRandy Connolly and Ricardo HoarFundamentals of Web DevelopmentRandy Connolly and Ricardo Hoar Fundamentals of Web DevelopmentRandy.
Programming for the Web Cookies & Sessions Dónal Mulligan BSc MA
Managing State Chapter 13.
CSE 154 Lecture 20: Cookies.
Cookies and JavaScript
Cookies BIS1523 – Lecture 23.
Client / Session Identification Cookies
Session Tracking Techniques
HTML5 and Local Storage.
CSc 337 Lecture 27: Cookies.
CSc 337 Lecture 25: Cookies.
Presentation transcript:

1 Web Sessions It's all an illusion (at the HTTP layer)

2 Netprog HTTP Sessions Many web sites allow you to establish a session.Many web sites allow you to establish a session. –you identify yourself to the system. –now you can visit lots of pages, add stuff to shopping cart, establish preferences, etc.

3 Netprog HTTP State Information Remember that each HTTP request is unrelated to any other (as far as the Web server is concerned).Remember that each HTTP request is unrelated to any other (as far as the Web server is concerned). Each new request to a server starts up a brand new copy of the server program (a new thread, or a new process).Each new request to a server starts up a brand new copy of the server program (a new thread, or a new process). Providing sessions requires keeping state information.Providing sessions requires keeping state information.

4 Netprog HTTP Client Client Session Conversation Hi! I'm Davey. Server Server Hi Davey (it's him again) Welcome Back... Hi Davey (it's him again) Welcome Back... I wanna buy a cookie. OK Davey, it will be there tomorrow. Prog1 Prog2

5 Netprog HTTP Hidden Field Usage One way to propagate state information is to use hidden fields.One way to propagate state information is to use hidden fields. User identifies themselves to a server program (fills out a form).User identifies themselves to a server program (fills out a form). Server sends back a form that contains hidden fields that identify the user or session.Server sends back a form that contains hidden fields that identify the user or session.

6 Netprog HTTP Revised Conversation Initial form has field for user name. GET /prog1?name=davey HTTP/1.0 Prog1 creates order form with hidden field. GET /prog2?name=davey&order=cookie HTTP/1.0 GET /prog2?name=davey&order=cookie HTTP/1.0

7 Netprog HTTP Session Keys Many Web based systems use hidden fields that identify a session.Many Web based systems use hidden fields that identify a session. When the first request arrives, the system generates a unique session key and stores it in a database.When the first request arrives, the system generates a unique session key and stores it in a database. The session key can be included in all forms/links generated by the system (as a hidden field or embedded in a link).The session key can be included in all forms/links generated by the system (as a hidden field or embedded in a link).

8 Netprog HTTP Session Key Properties Must be unique.Must be unique. Should expire after a while.Should expire after a while. Should be difficult to predict.Should be difficult to predict. –typically use a pseudo-random number generator seeded carefully.

9 Netprog HTTP Server Session Keys A server using session keys:A server using session keys:

10 Netprog HTTP Pizza Order A request to order a pizza might now look like this (all on one line): GET /pizza?sessionkey= HungryStudent &pizza= cheese&size=large HTTP/1.0

11 Netprog HTTP HTTP Cookies A “cookie” is a name,value pair that a server program can ask the client to remember.A “cookie” is a name,value pair that a server program can ask the client to remember. The client sends this name,value pair along with every request to the server.The client sends this name,value pair along with every request to the server. We can also use "cookies" to propagate state information.We can also use "cookies" to propagate state information.

12 Netprog HTTP Cookies are HTTP Cookies are HTTP headers.Cookies are HTTP headers. A server can give the browser a cookie by sending a Set-Cookie header line with the response.A server can give the browser a cookie by sending a Set-Cookie header line with the response. A client can send back a cookie by sending a Cookie header line with the request.A client can send back a cookie by sending a Cookie header line with the request.

13 Netprog HTTP Setting a cookie HTTP/ OK Content-Type: text/html Set-Cookie: customerid= Content-Length: Favorite-Company: IBM Nap-Time:

14 Netprog HTTP Set-Cookie Header Options The general form of the Set-Cookie header is: Set-Cookie: name=value; options The options include: expires=...domain=...path=...

15 Netprog HTTP expires Option This tells the browser how long to hang on to the cookie.This tells the browser how long to hang on to the cookie. The time/date format is very specific!The time/date format is very specific! expires=Friday 29-Feb :00:00 GMT

16 Netprog HTTP expires Time Format Weekday, Day-Month-Year Hour:Minute:Second GMT This all must be on one line!This all must be on one line! Weekday is spelled out.Weekday is spelled out. Month is 3 letter abbreviationMonth is 3 letter abbreviation Year is 4 digitsYear is 4 digits

17 Netprog HTTP Default expiration If there is no expires option on the Set- Cookie header line, the browser does not save the cookie to disk.If there is no expires option on the Set- Cookie header line, the browser does not save the cookie to disk. In this case, when the browser is closed it will forget about the cookie.In this case, when the browser is closed it will forget about the cookie.

18 Netprog HTTP domain Option domain=.rpi.edu The domain option tells the browser the domain(s) to which it should send the cookie.The domain option tells the browser the domain(s) to which it should send the cookie. Domains as in DNS.Domains as in DNS. The domain must start with "." and contain at least one additional "."The domain must start with "." and contain at least one additional "."

19 Netprog HTTP domain option rules The server that sends the Set-Cookie header must be in the domain specified.The server that sends the Set-Cookie header must be in the domain specified. If no domain option is in the header, the cookie will only be sent to the same server.If no domain option is in the header, the cookie will only be sent to the same server. Default Behavior

20 Netprog HTTP path Option path=/orpath=/~hollingd/netprog The path option tells the browser what URLs the cookie should be sent to.The path option tells the browser what URLs the cookie should be sent to.

21 Netprog HTTP path default If no path is specified in the header, the cookie is sent to only those URLs that have the same path as the URL that set the cookie.If no path is specified in the header, the cookie is sent to only those URLs that have the same path as the URL that set the cookie. A path is the leading part of the URL (does not include the filename).A path is the leading part of the URL (does not include the filename).

22 Netprog HTTP Default Path Example If the cookie is sent from: /~hollingd/netprog/pizza/pizza it would also be sent to /~hollingd/netprog/pizza/blah but not to /~hollingd/netprog/soda/coke

23 Netprog HTTP Set-Cookie Fields Many options can be specified.Many options can be specified. Things are separated by ";":Things are separated by ";": Set-Cookie: a=blah; path=/; domain=.cs.rpi.edu; expires=Thursday, 21-Feb :41: All must be on one line!

24 Netprog HTTP Cookie creation A server program can send back any number of HTTP headers.A server program can send back any number of HTTP headers. –can set multiple cookies Content-Type is required!Content-Type is required! Blank line ends the headers!Blank line ends the headers!

25 Netprog HTTP Example Content-Type: text/html Set-Cookie: prefs=nofrms Set-Cookie: Java=yes … now sends document content

26 Netprog HTTP Getting Cookies Drop by Dave's office anytime! If you want cookies, you might consider bringing some with you...

27 Netprog HTTP Getting HTTP Cookies The browser sends each cookie as a header:The browser sends each cookie as a header: Cookie: prefs=nofrms Cookie: Java=OK The Web server reads the cookies from the headers. CGI and servlets pass the cookies via environment variables or via the HttpServletRequest getCookies() method (which returns an array of Cookie s).The Web server reads the cookies from the headers. CGI and servlets pass the cookies via environment variables or via the HttpServletRequest getCookies() method (which returns an array of Cookie s).

28 Netprog HTTP Multiple Cookies There can be more than one cookie.There can be more than one cookie. Using CGI, the Web Server puts them all together like this:Using CGI, the Web Server puts them all together like this: prefs=nofrms; Java=OK and puts this string in the environment variable: HTTP_COOKIE and puts this string in the environment variable: HTTP_COOKIE Using Servlets, you can use: …cookies[i].getName();… …cookies[i].getValue();… …cookies[i].getVersion();… maybe a space, maybe not!

29 Netprog HTTP Cookie Limits Each cookie can be up to 4k bytes.Each cookie can be up to 4k bytes. One "site" can store up to 20 cookies on a user's machine.One "site" can store up to 20 cookies on a user's machine.

30 Netprog HTTP Cookie Usage Create a session.Create a session. Track user browsing behavior.Track user browsing behavior. Keep track of user preferences.Keep track of user preferences. Avoid logins.Avoid logins.

31 Netprog HTTP Cookies and Privacy Cookies can't be used to:Cookies can't be used to: –send personal information to a web server without the user knowing about it. –be used to send viruses to a browser. –find out what other web sites a user has visited. –access a user's hard disk

32 Netprog HTTP Some Issues Persistent cookies take up space on user's hard disk.Persistent cookies take up space on user's hard disk. Can be used to track your behavior within a web site.Can be used to track your behavior within a web site. –This information can be sold or shared. Cookies can be shared by cooperating sites (advertising agencies do this).Cookies can be shared by cooperating sites (advertising agencies do this).

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.