Lecture 15 CGI Sessions Perl CPE 401 / 601 Computer Network Systems slides are modified from Dave Hollinger and Shwen Ho

Sessions  Many web sites allow you to establish a session.  you identify yourself to the system.  now you can visit lots of pages, add stuff to shopping cart, establish preferences, etc. CGI Sessions 2

State Information  Remember that each HTTP request is unrelated to any other  as far as the Web server is concerned  Each new request to a CGI program starts up a brand new copy of the CGI program.  Providing sessions requires keeping state information. CGI Sessions 3

Session Conversation CGI Sessions 4 Client Client Hi! I'm Joe. Server Server Hi Joe (it's him again) Welcome Back... Hi Joe (it's him again) Welcome Back... I wanna buy a cookie. OK Joe, it will be there tomorrow. CGI1 CGI2

Hidden Field Usage  One way to propagate state information is to use hidden fields.  User identifies themselves to a CGI program  fills out a form  CGI sends back a form that contains hidden fields that identify the user or session. CGI Sessions 5

Revised Conversation Initial form has field for user name. GET /cgi1?name=joe HTTP/1.0 CGI1 creates order form with hidden field. GET/cgi2?name=joe&order=cookie HTTP/1.0 CGI Sessions 6

Session Keys  Many Web based systems use hidden fields that identify a session.  When the first request arrives, the system generates a unique session key and stores it in a database.  The session key can be included in all forms/links generated by the system  as a hidden field or embedded in a link CGI Sessions 7

Session Key Properties  Must be unique.  Should expire after a while.  Should be difficult to predict.  typically use a pseudo-random number generator seeded carefully. CGI Sessions 8

Pizza Server Session Keys  We define a server to use session keys:  A request to order a pizza might look like this  all on one line GET /pizza.cgi?sessionkey= HungryStudent &pizza=cheese &size=large HTTP/1.0 CGI Sessions 9

HTTP Cookies  A "cookie' is a name,value pair that a CGI program can ask the client to remember.  The client sends this name,value pair along with every request to the CGI.  We can also use "cookies" to propagate state information. CGI Sessions 10

Cookies are HTTP  Cookies are HTTP headers.  A server (CGI) can give the browser a cookie by sending a Set-Cookie header line with the response.  A client can send back a cookie by sending a Cookie header line with the request. CGI Sessions 11

Set-Cookie Header Options The general form of the Set-Cookie header is: Set-Cookie: name=value; options The options include: expires=... domain=... path=... CGI Sessions 12

Setting a cookie HTTP/ OK Content-Type: text/html Set-Cookie: customerid= Content-Length: CGI Sessions 13

expires Option  This tells the browser how long to hang on to the cookie.  The time/date format is very specific! CGI Sessions 14 expires=Friday 29-Feb :00:00 GMT Weekday, Day-Month-Year Hour:Minute:Second GMT

Default expiration  If there is no expires option on the Set- Cookie header line,  the browser does not save the cookie to disk.  In this case, when the browser is closed it will forget about the cookie. CGI Sessions 15

domain Option domain=.unr.edu  The domain option tells the browser the domain(s) to which it should send the cookie.  Domains as in DNS.  The domain must start with "." and contain at least one additional "." CGI Sessions 16

Domain option rules  The server that sends the Set-Cookie header must be in the domain specified.  If no domain option is in the header, the cookie will only be sent to the same server. : CGI Sessions 17 Default Behavior

path Option path=/ or path=/~mgunes/cpe401  The path option tells the browser what URLs the cookie should be sent to. CGI Sessions 18

path default  If no path is specified in the header,  the cookie is sent to only those URLs that have the same path as the URL that set the cookie.  A path is the leading part of the URL  does not include the filename CGI Sessions 19

Default Path Example If the cookie is sent from: /~mgunes/cpe401/pizza/pizza.cgi it would also be sent to /~mgunes/cpe401/pizza/blah.cgi but not to /~mgunes/cpe401/soda/pizza.cgi CGI Sessions 20

Set-Cookie Fields  Many options can be specified.  Things are separated by ";" Set-Cookie: a=blah; path=/; domain=.cse.unrr.edu; expires=Thursday, 21-Feb :41: CGI Sessions 21 All must be on one line!

CGI cookie creation  A CGI program can send back any number of HTTP headers.  can set multiple cookies  Content-Type is required!  Blank line ends the headers! CGI Sessions 22

C Example printf("Content-Type: text/html\r\n"); printf("Set-Cookie: prefs=nofrms\r\n"); printf("Set-Cookie: Java=yes\r\n"); printf("\r\n"); … now sends document content CGI Sessions 23

Getting HTTP Cookies  The browser sends each cookie as a header: Cookie: prefs=nofrms Cookie: Java=OK  The Web server gives the cookies to the CGI program via an environment variable. CGI Sessions 24

Multiple Cookies  There can be more than one cookie.  The Web Server puts them all together like this: prefs=nofrms; Java=OK and puts this string in the environment variable: HTTP_COOKIE CGI Sessions 25

Cookie Limits  Each cookie can be up to 4k bytes.  One "site" can store up to 20 cookies on a user's machine. CGI Sessions 26

Cookie Usage  Create a session.  Track user browsing behavior.  Keep track of user preferences.  Avoid logins. CGI Sessions 27

Cookies and Privacy  Cookies can't be used to:  send personal information to a web server without the user knowing about it.  be used to send viruses to a browser.  find out what other web sites a user has visited.*  access a user's hard disk * although they can come pretty close to this one! CGI Sessions 28

Some Issues  Persistent cookies take up space on user's hard disk.  Can be used to track your behavior within a web site.  This information can be sold or shared.  Cookies can be shared by cooperating sites  advertising agencies do this. CGI Sessions 29

Perl  Practical Extration and Reporting Language  a high-level programming language whose semantics are largely based on C  Designed for text manipulation  Very fast to implement  particularly strong at process, file and text manipulation  Runs on many different platform  Windows, Mac, Unix, Linux, Dos, etc Perl 31

Running Perl  Perl scripts do not need to be compiled  interpreted at the point of execution  do not necessarily have a particular file extension “.pl” is used commonly  Executing it via the command line command line> perl script.pl arg1 arg2...  Or add the line "#!/usr/bin/perl" to the start of the script if you are using unix/linux./perlscript.pl Remember to set the correct file execution permissions before running it Perl 32

Beginning Perl  Every statement end with a semi colon ";"  Comments are prefixed at the start of the line with a hash "#"  Variables are assigned a value using the "="  Variables are not statically typed,  No need to declare what kind of data you want to hold in them.  Variables are declared the first time you initialize them and they can be anywhere in the program. Perl 33

Scalar Variables  Contains single piece of data  '$' character shows that a variable is scalar  Scalar variables can store  number  string a chunk of text surrounded by quotes $name = "paul"; $year = 1980; print "$name is born in $year"; output: paul is born in 1980 Perl 34

Arrays Variables (List)  Ordered list of data, separated by commas  character shows that a variable is an array Array of = (1980, 1975, 1999); Array of = ("Paul", "Jake", "Tom"); Array of both string and = (14,"Cleveland St","NSW",2030); Perl 35

Retrieving data from Arrays  Printing = ("Paul", "Jake", "Tom"); print  Accessing individual elements in an = ("Paul", "Jake", "Tom"); print "$name[1]";  What has to $name  To access individual elements use the syntax $array[index]  Why did $name[1] print the second element?  index 0 represents the first element. Perl 36

Arrays = ("Paul", "Jake", "Tom"); print Paul Jake Tom = 3 Perl 37

Basic Arithmetic Operators + Addition - Subtraction * multiplication / division ++ adding one to the variable -- subtracting one from the variable $a += 2 incrementing variable by 2 $b *= 3 tripling the value of the variable Perl 38

Relational Operators ComparisonNumericString Equals ==eq Not equal !=ne Less than <lt Greater than >gt Less than or equal <=le Greater than or equal >=gt Comparison cmp Perl 39

Control Operators - If if ( expression 1) {... } elsif (expression 2) {... } else {... } Perl 40

Iteration Structures  while (CONDITION) { BLOCK }  until (CONDITION) {BLOCK}  do {BLOCK} while (CONDITION)  for (INITIALIZATION ; CONDITION ; Re-INITIALIZATION) {BLOCK}  foreach VAR (LIST) {BLOCK}  for VAR (LIST) {BLOCK} Perl 41

Iteration Structures $i = 1; while($i <= 5){ print "$i\n"; $i++; } for($x=1; $x <=5; $x++) { print "$x\n"; = [1,2,3,4,5]; foreach $number print "$number\n"; } Perl 42

String Operations  Strings can be concatenated with the dot operator $lastname = "Harrison"; $firstname = "Paul"; $name = $firstname. $lastname; $name = "$firstname$lastname";  Comparison can be done with the relational operator $string1 = "hello"; $string2 = "hello"; if ($string1 eq $string2) { print "they are equal"; } else { print "they are different"; } Perl 43

String comparison using patterns  The ‘=~ ’ operator return true if the pattern within the ‘/’ quotes are found. $string1 = "HELLO"; $string2 = "Hi there"; # test if the string contains the pattern EL if ($string1 =~ /EL/) { print "This string contains the pattern"; } else { print "No pattern found"; } Perl 44

Functions in Perl  No strict variable type restriction during function call  Perl has provided lots of useful functions  chop - remove the first character of a string  chomp - remove the carriage return character from the end of a string  push - append one or more element into an array  pop - remove the last element of an array and return it  shift - remove the first element of an array and return it  s- replace a pattern with a string Perl 45

Functions in Perl  The "split" function breaks a given string into individual segments given a delimiter  split( /pattern/, string) returns a = split (/\s/, $string); # breaks the sentence into = split (//, $string); # breaks the sentence into single = split (/,/, $string); # breaks the sentence into chunks separated by a comma.  join ( /delimiter/, array) returns a string Perl 46

Functions in Perl A simple perl function sub sayHello { print "Hello!!\n"; } sayHello(); Perl 47

Executing functions in Perl  Function arguments are stored automatically in a temporary array sub sayHelloto $count foreach $person print "Hello $person\n"; } return $count; = ("Paul", "Jake", "Tom"); sayHelloto("Mary", "Jane", "Tylor", 1, 2, 3); Perl 48

Input / Output  Perl allows you to read in any input that is automatically sent to your program via standard input by using the handle.  Other I/O topics include reading and writing to files, Standard Error (STDERR) and Standard Output (STDOUT).  One way of handling inputs via is to use a loop to process every line of input Perl 49

Input / Output  Count the number of lines from standard input and  print the line number together with the 1st word of each line. $count = 1; foreach $line ( = split(/\s/, $line); print "$count $array[0]\n"; $count++; } Perl 50

Regular Expression  Regular expression is a set of characters that specify a pattern.  Used for locating piece of text in a file.  Regular expression syntax allows the user to do a "wildcard" type search without necessarily specifying the character literally  Available across OS platform and programming language. Perl 51

 A simple regular expression contains the exact string to match $string = "aaaabbbbccc"; if($string =~ /bc/){ print "found pattern\n"; } output: found pattern Simple Regular Expression Perl 52

Simple Regular Expression  The variable ‘$& ’ is automatically set to the matched pattern $string = "aaaabbbbccc"; if($string =~ /bc/){ print "found pattern : $&\n"; } output: found pattern bc Perl 53

Simple Regular Expression  What happen when you want to match a generalised pattern  like an "a" followed by some "b"s and a single "c" $string = "aaaabbbbccc"; if($string =~ /abbc/){ print "found pattern : $&\n"; } else {print "nothing found\n"; } output: nothing found Perl 54

Regular Expression - Quantifiers  We can specify the number of times we want to see a specific character in a regular expression by adding operators behind the character.  ‘ * ’ (asterisk)  matches zero or more copies of a specific character  ‘ + ’ (plus)  matches one or more copies of a specific character Perl 55

Regular Expression - = ["ac", "abc", "abbc", "abbbc", "abb", "bbc", "bcf", "abbb", "c"]; foreach $string if($string =~ /ab*c/){ print "$string "; } output: ac abc abbc abbbc Perl 56

Regular Expression - Quantifiers Regular ExpMatched pattern abc ab*cac abc abbc abbbc ab+cabc abbc = ["ac", "abc", "abbc", "abbbc", "abb", "bbc", "bcf", "abbb", "c"]; Perl 57

Regular Expression - Anchors  Anchor restrictions preceding and behind the pattern specify where along the string to match to.  ‘^’ indicates a beginning of a line restriction  ‘$’ indicates an end of line restriction Perl 58

Regular Expression - Anchors Regular ExpMatched pattern ^bcbc ^b*cbbc bcf c ^b*c$bbc c b*c$ac abc abbc abbbc bbc = ["ac", "abc", "abbc", "abbbc", "abb", "bbc", "bcf", "abbb", "c"]; Perl 59

Regular Expression - Range  […] is used to identify the exact characters you are searching for  [ ] will match a single numeric character  [0-9] will also match a single numeric character  [A-Za-z] will match a single alphabet of any case Perl 60

Regular Expression - Range  Search for a word that  starts with the uppercase T  second letter is a lowercase alphabet  third letter is a lower case vowel  is 3 letters long followed by a space  Regular expression : "^T[a-z][aeiou] "  Note : [z-a] is backwards and does not work  Note : [A-z] does match upper and lowercase but also 6 additional characters between the upper and lower case letters in the ASCII chart: [ \ ] ^ _ ` Perl 61

Regular Expression - Others  Match a single character (non specific) with "." (dot) a.c matches any string with "a" follow by one character and followed by "c"  Specifying number of repetition sets with "\{" and "\}“ [a-z]\{4,6\} match four, five or six lower case alphabet  Remembering Patterns with "\(,\)" and "\1"  Regular Exp allows you to remember and recall patterns Perl 62

RegExp problem and strategies  You tend to match more lines than desired. A.*B matches AAB as well as AAAAAAACCCAABBBBAABBB  Knowing what you want to match  Knowing what you don’t want to match  Writing a pattern out to describe that you want to match  Testing the pattern Perl 63

Web Servers & CGI  Most web server are capable of running CGI programs.  The server must be able to determine whether a URI refers to:  Document just send it back  CGI program run it and send back the result. CGI … 65

CGI recognition  Some servers insist that CGI programs be in a special place  typically the URL path is one of: /CGI-BIN /cgi-bin /CGI /cgibin  Some servers look at the filename:  filename ends with.cgi  Some servers are given a list of URLS that are CGIs 66 CGI …

User files and Web Servers On Unix based web servers, the URL /~username is typically mapped to the directory ~username/public.html -or- ~username/public_html 67 CGI …

 On the CSE web server you should put your files in ~/public.html The URI is your home page where you is your CSE username. 68 CGI …

Directories  Most web servers do the following when a URL maps to a directory:  if there is a file named index.html in the directory it is sent back.  if there is no index.html, an HTML formatted directory listing is sent back. 69 CGI …

Debugging  It's hard to debug a CGI program!  Debugging print statements should generate HTML.  You can run the program from the Unix command line  you just need to set the environment variables right (use GET for this). 70 CGI …

CGI script example Perl 71

cgi-test This is a sample page to read two data items from the web page: First name= Last name= Parameters passed as arguments xfirst and xlast HTML for Forms Perl 72

Perl - CGI script #!/usr/bin/perl print “Content-Type: text/html\n\n”; print “ \n”; print “ Sample PERL script \n”; print “ \n”; print “ Query_string is $ENV{'QUERY_STRING'}\n”; foreach ( split( /&/, $ENV{'QUERY_STRING'}) ) { ( $key, $val ) = split( /=/, $_, 2 ); $tmp{$key} = $val; } print “ First name is $tmp{'xfirst'} \n”; print “ Last name is $tmp{'xlast'} \n”; print “ \n” Perl 73 Perl program first reads parameters as xfirst&zlast from $ENV (environment) into QUERY_STRING Output of Perl is the syntax of an HTML page that is displayed