1 Copyright © 2002 Pearson Education, Inc.. 2 Chapter 8 Managing End-User Sessions.

Slides:



Advertisements
Similar presentations
MFA for Business Banking – Security Code Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing these QT sheets.
Advertisements

Copyright © 2003 Pearson Education, Inc. Slide 7-1 The Web Wizards Guide to PHP by David Lash.
Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 10 Servlets and Java Server Pages.
1 Copyright © 2002 Pearson Education, Inc.. 2 Chapter 8 Managing End-User Sessions.
Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.
Copyright 2004 Monash University IMS5401 Web-based Systems Development Topic 2: Elements of the Web (g) Interactivity.
6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?
DT228/3 Web Development multi page applications/ sharing data.
Introduction to PERL Part 4 (1) Working with Files (2)CGI Security.
XP Tutorial 9 New Perspectives on JavaScript, Comprehensive1 Working with Cookies Managing Data in a Web Site Using JavaScript Cookies.
1 The World Wide Web. 2  Web Fundamentals  Pages are defined by the Hypertext Markup Language (HTML) and contain text, graphics, audio, video and software.
Agenda What is Computer Programming? The Programming Process
1 Web Developer & Design Foundations with XHTML Chapter 6 Key Concepts.
This presentation will guide you though the initial stages of installation, through to producing your first report Click your mouse to advance the presentation.
Reading Data in Web Pages tMyn1 Reading Data in Web Pages A very common application of PHP is to have an HTML form gather information from a website's.
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.
CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.
Comp2513 Forms and CGI Server Applications Daniel L. Silver, Ph.D.
XP New Perspectives on Browser and Basics Tutorial 1 1 Browser and Basics Tutorial 1.
JavaScript, Fourth Edition
5 Chapter Five Web Servers. 5 Chapter Objectives Learn about the Microsoft Personal Web Server Software Learn how to improve Web site performance Learn.
CSE 154 LECTURE 12: COOKIES. Including files: include include("filename"); PHP include("header.html"); include("shared-code.php"); PHP inserts the entire.
CS453: State in Web Applications (Part 1) State in General Sessions (esp. in PHP) Prof. Tom Horton.
9 Chapter Nine Compiled Web Server Programs. 9 Chapter Objectives Learn about Common Gateway Interface (CGI) Create CGI programs that generate dynamic.
Web Programming Language Week 7 Dr. Ken Cosh Security, Sessions & Cookies.
Chapter 8 Cookies And Security JavaScript, Third Edition.
Lecture 8 – Cookies & Sessions SFDV3011 – Advanced Web Development 1.
9 1 DBM Databases CGI/Perl Programming By Diane Zak.
 Whether using paper forms or forms on the web, forms are used for gathering information. User enter information into designated areas, or fields. Forms.
Chapter 6 Server-side Programming: Java Servlets
Cookies Web Browser and Server use HTTP protocol to communicate and HTTP is a stateless protocol. But for a commercial website it is required to maintain.
Slide 7-1 CHAPTER 7 Managing Multiple-Form Applications: Writing scripts with multiple screens.
1 Chapter 9 – Cookies, Sessions, FTP, and More spring into PHP 5 by Steven Holzner Slides were developed by Jack Davis College of Information Science.
11 1 Cookies CGI/Perl Programming By Diane Zak Objectives In this chapter, you will: Learn the difference between temporary and persistent cookies.
ASP.NET The Clock Project. The ASP.NET Clock Project The ASP.NET Clock Project is the topic of Chapter 23. By completing the clock project, you will learn.
CGI Common Gateway Interface. CGI is the scheme to interface other programs to the Web Server.
Diagnostic Pathfinder for Instructors. Diagnostic Pathfinder Local File vs. Database Normal operations Expert operations Admin operations.
STATE MANAGEMENT.  Web Applications are based on stateless HTTP protocol which does not retain any information about user requests  The concept of state.
7 Chapter Seven Client-side Scripts. 7 Chapter Objectives Create HTML forms Learn about client-side scripting languages Create a client-side script using.
Copyright © 2003 Pearson Education, Inc. Slide 7-1 The Web Wizard’s Guide to PHP by David Lash.
10 1 Hidden Fields and CGI/Perl Programming By Diane Zak.
ECMM6018 Enterprise Networking for Electronic Commerce Tutorial 7
 Shopping Basket  Stages to maintain shopping basket in framework  Viewing Shopping Basket.
 2001 Prentice Hall, Inc. All rights reserved. Chapter 7 - Introduction to Common Gateway Interface (CGI) Outline 7.1Introduction 7.2A Simple HTTP Transaction.
Internet Applications (Cont’d) Basic Internet Applications – World Wide Web (WWW) Browser Architecture Static Documents Dynamic Documents Active Documents.
8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.
Form Processing Week Four. Form Processing Concepts The principal tool used to process Web forms stored on UNIX servers is a CGI (Common Gateway Interface)
1 State and Session Management HTTP is a stateless protocol – it has no memory of prior connections and cannot distinguish one request from another. The.
SESSIONS 27/2/12 Lecture 8. ? Operator Similar to the if statement but returns a value derived from one of two expressions by a colon. Syntax: (expression)
ITM © Port,Kazman 1 ITM 352 Cookies. ITM © Port,Kazman 2 Problem… r How do you identify a particular user when they visit your site (or any.
Unit-6 Handling Sessions and Cookies. Concept of Session Session values are store in server side not in user’s machine. A session is available as long.
Sessions and cookies (part 2) MIS 3501, Fall 2015 Brad N Greenwood, PhD Department of MIS Fox School of Business Temple University 11/19/2015.
1 CSC160 Chapter 1: Introduction to JavaScript Chapter 2: Placing JavaScript in an HTML File.
Copyright © 2003 Pearson Education, Inc. Slide 7-1 The Web Wizard’s Guide to PHP by David Lash.
COOKIES Gloria Soria Network Security COSC 356. What is a Cookie? A cookie is a piece of text that a Web Server can store on a user's hard disk. Cookies.
PHP: Further Skills 02 By Trevor Adams. Topics covered Persistence What is it? Why do we need it? Basic Persistence Hidden form fields Query strings Cookies.
111 State Management Beginning ASP.NET in C# and VB Chapter 4 Pages
Tonga Institute of Higher Education IT 141: Information Systems
Sessions and cookies (part 2)
Web Programming Language
Introduction to Programming the WWW I
Cookies and JavaScript
What is Cookie? Cookie is small information stored in text file on user’s hard drive by web server. This information is later used by web browser to retrieve.
Client side & Server side scripting
Tonga Institute of Higher Education IT 141: Information Systems
Tonga Institute of Higher Education IT 141: Information Systems
CSc 337 Lecture 27: Cookies.
Web Programming Language
CSc 337 Lecture 25: Cookies.
Presentation transcript:

1 Copyright © 2002 Pearson Education, Inc.

2 Chapter 8 Managing End-User Sessions

3 Copyright © 2002 Pearson Education, Inc. Objectives l Discover how to use hidden fields to build multiple-screen end-user sessions l Understand the complexities involved in creating Web applications with multiple-screen sessions l Recognize the advantages and limitations of browser cookies l Learn how to use browser cookies to track data about the end user

4 Copyright © 2002 Pearson Education, Inc. What is a Multi-form Web Session l Lead the end-user through a series of HTML forms which work together. l For example, consider an application with: »Order Information – Get part number and quantity »Customer Information – Get customer name »Billing Information – Get method of payment

5 Copyright © 2002 Pearson Education, Inc. A Multi-form Application

6 Copyright © 2002 Pearson Education, Inc. Can use HTML Form Hidden Fields l These fields are not displayed on the screen but are available to the receiving CGI/Perl Program l They are hidden but not invisible and still can be seen if end-user “views source”.

7 Copyright © 2002 Pearson Education, Inc. Setting a hidden field l The following provides an initial form for a series of forms that gather product order information. » It looks like any other form to the end-user but sets a hidden field for variable state. »Receiving program can access normal way: $state=param(‘STATE’);

8 Copyright © 2002 Pearson Education, Inc. Here is the output:

9 Copyright © 2002 Pearson Education, Inc. Script that Sets Hidden Field 1. #!/usr/bin/perl 2. use CGI ':standard'; 3. print header, start_html('Order Product'); 4. print ' '; 'Hand Saws', 'Wrenches'); 6. print 'We have the following following products available: '; 7. print print br, 'Please select a product '; 10. print ' '; 11. print ' Please enter quantity '; 12. print ' '; print br, ' '; 15. print br, ' '; 16. print ' '; print ‘ ’, end_html;

10 Copyright © 2002 Pearson Education, Inc. Now lets receive the data l Suppose you wanted to receive the data l Suppose you want this 2 nd CGI/Perl program to generate a form to ask for additional information like customer name and a customer billing code. »If the end-user makes a mistake on one of these fields, you don’t want to send them back to re- enter data on the first form. »Instead you want to show an error message and re-display the 2 nd form.

11 Copyright © 2002 Pearson Education, Inc. Sample Screen Flow

12 Copyright © 2002 Pearson Education, Inc. Application Output

13 Copyright © 2002 Pearson Education, Inc. The Details of orderproduct2.cgi Will examine the programming code for orderproduct2.cgi in three pieces: »The main portion of the program decides which subroutine to call based CGI variable STATE’s value. »The askname() subroutine generates a form that asks for a name and billing code. »The checkname() subroutine generates a form to verify the customer name and customer billing code.

14 Copyright © 2002 Pearson Education, Inc. Main Program Body 1. #!/usr/bin/perl 2. use CGI ':standard'; 3. print header, start_html('GetName'); 4. print ' '; 'Hand Saws', 'Wrenches'); 6. $prod=param('product'); 7. $number=param('quantity'); 8. $state=param('STATE'); 9. if ( $state eq 'GET_INPUT' ) { 10. &askname(); 11. } elsif ( $state eq 'VERIFY_INPUT' ) { 12. &checkname(); 13. } else { print "ooops Get help! state=$state"; } Call itself again Get STATE and other CGI vrbles

15 Copyright © 2002 Pearson Education, Inc. The askname Subroutine Called when STATE == GET_INPUT. It creates a form that gathers customer name and code. l This subroutine performs two major tasks:  Saving state: Sets hidden fields to save for the product, quantity, and STATE. This enables access to these values the next time it is called.  Generating the visible form fields.Generate the “visible” form fields that ask the end user for a name and billing code.

16 Copyright © 2002 Pearson Education, Inc. The askname Subroutine 15. sub askname { print "You selected product=$prod and quantity=$number"; 18. print br, " "; 19. print " "; 20. print ' '; print 'Please enter your name'; 23. print '<INPUT TEXT TYPE="text" SIZE="15" MAXLENGTH="20" NAME="name">'; print ' and Billing Code: (5 digits)'; 26. print ' '; print br, ' '; 29. print ' '; print end_form, end_html; 32. }

17 Copyright © 2002 Pearson Education, Inc. The checkname Subroutine Verifies the name and code fields. It assumes it has already been run and made name and code available to it. l It takes two different actions: »Invalid input: After getting name and code, uses a regular expression to tell if 5 digits entered. If not, output error message and called askname(). »Valid input: If valid input, then output a message indicating valid input and exit.

18 Copyright © 2002 Pearson Education, Inc. checkname() program Code 33. sub checkname { $code=param('code'); 36. $name=param('name'); 37. if ( $code !~ /^\d\d\d\d\d$/ ) { 38. print ' Sorry billing number must be all digits ', br; 39. &askname(); 40. } 41. else { 42. print ' Thanks for ordering ', br; 43. print "Got Product =$prod Number= $number"; 44. print " Also, got name=$name, code=$code"; 45. } 46. }

19 Copyright © 2002 Pearson Education, Inc. Building More Sophisticated Apps l Consider an application with four forms that gathers survey information. l Each form displays its initial fields and then calls itself to verify its own fields. l Each form could use a different CGI/Perl program that uses a hidden variable to set a “state.”

20 Copyright © 2002 Pearson Education, Inc. Beyond Hidden Fields l Will describe 3 additional techniques: »Using files for storing state information. Can be used with hidden fields to store and retain session data. »Using files and databases for storing initial data and form results. Could include initial input to applications and stored survey results or product orders. »Sending from forms. Can cause to be sent to a transaction-handling account or back to the customer to confirm the order.

21 Copyright © 2002 Pearson Education, Inc. Using Files for Saving State l Using files to store session states increases session complexity. E.g, need to generate session IDs and keep them secure. l Some advantages of for session management: »Revisiting states. Can provide a consistent way to o “remember” session data, even when two screens do not normally call each other. »Remembering data between sessions. Can remember end user data even after the end user leaves your site. E.g., on-line shopping cart.

22 Copyright © 2002 Pearson Education, Inc. Sample Screen Flow

23 Copyright © 2002 Pearson Education, Inc. Storing Orders in Files Use a field delimiter such as a comma, tab, or vertical bar (“ | ”), to ensure that the fields can be identified and retrieved easily. (E.g, split) l Files work well when traffic is moderate in volume and the amount of data to be saved is relatively small. »They are simple to use, can be edited with text editors (to add fields or records or fix a damaged line), and can be implemented quickly.

24 Copyright © 2002 Pearson Education, Inc. Using Databases l Databases can provide faster access, higher security, and greater data integrity than do files. »Perl supports a special DBI module for working with a variety of databases, including most major databases (such as Oracle, Informix, and Access) and some free ones (Mysql).

25 Copyright © 2002 Pearson Education, Inc. Sending l Sometimes useful to send providing survey results or confirming order information. The sendmail program is a popular way to send from a UNIX Web server. (Available on UNIX systems since the 1980s) »It comes as a preinstalled utility on most UNIX servers. You can use it to send via programs or interactively when logged into the Web server.

26 Copyright © 2002 Pearson Education, Inc. Where is sendmail? l Need to know the directory path to the file where this program is stored. » On a UNIX system, it is usually stored in /usr/lib/sendmail. –Either ask your ISP or check out this location for yourself. –If you can Telnet to your Web server, on many UNIX systems you can execute the whereis command to identify the location of sendmail. For example, l whereis sendmail

27 Copyright © 2002 Pearson Education, Inc. Using sendmail Need to connect to sendmail using open(). » MAIL - connection name for sendmail. » sendmail path - the full directory path. The vertical bar (“ | ”) is used when establishing an open connection to an external program. -t instructs sendmail to get the destination address and subject lines from the “To:” and “Subject:” data that we will send to it.

28 Copyright © 2002 Pearson Education, Inc. Basic Code For Using sendmail(). open ( MAIL, "|/usr/lib/sendmail -t" ) || die "Cannot start sendmail: $!";. print MAIL "To: $ \n";. print MAIL "Subject: New Order\n";. print MAIL "Product =$prod Number= $number\n"; close (MAIL);

29 Copyright © 2002 Pearson Education, Inc. Would Output The Following...

30 Copyright © 2002 Pearson Education, Inc. Received...

31 Copyright © 2002 Pearson Education, Inc. Modification to checkname() 1. sub checkname { $code=param('code'); 4. $name=param('name'); 5. if ( $code !~ /^\d\d\d\d\d/ ) { 6. print ' Sorry billing number must be all digits '; 7. &askname(); 8. } 9. else { 10. print ' Thanks for ordering ', "$name", br; 11. open ( MAIL, "|/usr/lib/sendmail -t" ) || die "Cannot start sendmail: $!"; print MAIL "To: $ \n"; 15. print MAIL "Subject: New Order\n"; 16. print MAIL "Got Product =$prod Number= $number\n"; 17. print MAIL " Also, got name=$name, =$ , code=$code \n"; 18. close (MAIL); 19. print ' Just sent to ', "$ "; } 22. }

32 Copyright © 2002 Pearson Education, Inc. Using Cookies to Save Information l Browser cookies a method for Web sites to “remember” visitor information. »They are small pieces of data that can be saved by a Web site application when an end user visits the Web site. » They are stored on the visitor’s hard drive in a special “cookie” file. » When the visitor returns, program reads browser cookie data (it previously stored) and use it to “remember” something about the visitor. –E.g., book site remember you prefer mysteries

33 Copyright © 2002 Pearson Education, Inc. Cookie Limitations l Cookies can be easily disabled. Both IE and Netscape enable users to disable cookies and refuse to allow sites to set them. (In Netscape click Edit, Preferences, Advanced.)

34 Copyright © 2002 Pearson Education, Inc. Cookie Limitations l People move around. Make less sense on computers with multiple users (such as a library or computer lab). l Not all browsers support cookies. Not all browsers support cookies. Your site might exclude people with older browsers or people who disable cookies. l Cookies can be easily deleted. Cookie data can be accidentally or intentionally deleted.

35 Copyright © 2002 Pearson Education, Inc. Why Some People Don’t Like Cookies l Anonymity. Some prefer to browse anonymously without allowing Web sites to track their preferences and movements at any given site. –For example, might set a cookie with a unique ID on it, then on a server record when that ID logs in, which pages it visits, and even which page that ID was viewing just before coming to the site. l Potential use in market research. Some marketing research companies use cookie data to develop profiles of Web usage patterns. (Then sell the data).

36 Copyright © 2002 Pearson Education, Inc. Setting a Cookie l Can request that a browser cookie be saved in memory (deleted when user exits browser)or onto disk (retained until an expiration date). l Syntax of an in memory cookie: l Must output before the MIME Content-type line.

37 Copyright © 2002 Pearson Education, Inc. Setting Cookie Expiration Date l When need to retain a cookie between browser sessions, need to set expiration date l Again this line must be output before the MIME Content-type line

38 Copyright © 2002 Pearson Education, Inc. A Sample Program That Sets A Cookie 1. #!/usr/bin/perl 2. use CGI ':standard'; 3. $name=param('name'); 4. $prefers=param('prefers'); 5. print "Set-Cookie: cust_name=$name; expires=04-Jul :00:0 GMT\n"; 6. print "Set-Cookie: cust_prefer=$prefers; expires=04-Jul :00:0 GMT\n"; print header, start_html('set cookie'); 9. print br, "Thanks $name Lets now look at $prefers... "; print end_html;

39 Copyright © 2002 Pearson Education, Inc. Would Output The Following...

40 Copyright © 2002 Pearson Education, Inc. Its Worth Noting Unless the end user explicitly sets browser settings to be notified when a site sets a cookie, the end user probably won’t realize that a cookie was set. 2. If the end user disables cookies, the program will not know it. It is possible for CGI/Perl applications to detect whether cookies are enabled, but they must set a cookie and then try to read that cookie again to make this determination. 3. While you are testing the use of cookies, it is helpful to set your browser setting to “Warn me before accepting a cookie.”

41 Copyright © 2002 Pearson Education, Inc. Example Cookie Warning Pop-up

42 Copyright © 2002 Pearson Education, Inc. Reading Cookies Use the CGI.pm function called cookie() to read cookie data. Can also use %ENV hash variable called HTTP_COOKIE. (Returns a list of semicolon- separated name/value pairs of cookies. » For example, $cookies=$ENV(‘HTTP_COOKIE’);

43 Copyright © 2002 Pearson Education, Inc. Example Cookie Reading Program 1. #!/usr/bin/perl 2. use CGI ':standard'; 3. print header, start_html("Welcome "); 4. $cust_name=cookie( 'cust_name'); 5. $prefers=cookie('cust_prefer'); 6. print ' '; 7. if ($cust_name) { 8. print "Welcome back $cust_name to our humble hardware site."; 9. } else { 10. print ' '; 11. print 'Welcome to our humble hardware site. '; 12. } 13. if ( $prefers eq "hand tools" ) { 14. print br,'We have hammers on sale for 5 dollars!'; 15. } elsif ( $prefers eq "power tools" ){ 16. print br, 'We have power drills on sale for 25 dollars!'; 17. } else { 18. print br, ' '; 19. print ' We have drills and hammers on special today! '; 20. } 21. print " ", end_html;

44 Copyright © 2002 Pearson Education, Inc. Would Output The Following...

45 Copyright © 2002 Pearson Education, Inc. Some Advanced Cookie Options l Sometimes may want to read the cookie from a different file system directory than where it was set. »You must specify the path option. »For example, you might set the cookie in pgm.com/cgi-bin/C7 and then read it from a program in »print "Set-Cookie: cust_name=$name; expires=04-Jul :00:0 GMT; path=/\n”;

46 Copyright © 2002 Pearson Education, Inc. Some More Advanced Options l May want to enable any server within your domain to be able to read the cookie. »Perhaps one server sets the cookie while taking the order and another server reads it while processing the order. » You use the domain option of the Set-Cookie »print "Set-Cookie: cust_name=$name; expires=04-Jul :00:0 GMT; domain=.mysite.com\n”;

47 Copyright © 2002 Pearson Education, Inc. Summary l Hidden fields are HTML form fields that you can use to set name/value CGI variables without displaying them on a form. l Hidden fields provide a method to manage user sessions by maintaining the state of each session. »Hidden fields are not a secure method to keep data. l You can create sophisticated multiple-screen applications, such as shopping carts and surveys, by using hidden fields.

48 Copyright © 2002 Pearson Education, Inc. Summary l Cookies provide a way for Web server applications to store small pieces of data on the end user’s machine. l Cookies can be easily refused by the end user and therefore cannot be relied upon to always be available to the CGI/Perl program. l Data set by cookies can be available for long periods of time, even when the end user leaves the site and comes back months later.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.