_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

Slides:



Advertisements
Similar presentations
Using EBSCOs Search Box Builder Tool Tutorial. Would you like to promote your EBSCOhost resources by adding an easy-to-use search box to your website?
Advertisements

Using the Self Service BMC Helpdesk
Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Browsers and Servers CGI Processing Model ( Common Gateway Interface ) © Norman White, 2013.
Servlets and a little bit of Web Services Russell Beale.
1 CS6320 – Why Servlets? L. Grewe 2 What is a Servlet? Servlets are Java programs that can be run dynamically from a Web Server Servlets are Java programs.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
1 The World Wide Web. 2  Web Fundamentals  Pages are defined by the Hypertext Markup Language (HTML) and contain text, graphics, audio, video and software.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Form Handling, Validation and Functions. Form Handling Forms are a graphical user interfaces (GUIs) that enables the interaction between users and servers.
Sys Prog & Scripting - HW Univ1 Systems Programming & Scripting Lecture 15: PHP Introduction.
1 Web Developer & Design Foundations with XHTML Chapter 6 Key Concepts.
PHP Tutorials 02 Olarik Surinta Management Information System Faculty of Informatics.
_______________________________________________________________________________________________________________ PHP Bible, 2 nd Edition1  Wiley and the.
Reading Data in Web Pages tMyn1 Reading Data in Web Pages A very common application of PHP is to have an HTML form gather information from a website's.
INTERNET APPLICATION DEVELOPMENT For More visit:
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.
Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.
CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.
Server-side Scripting Powering the webs favourite services.
About Dynamic Sites (Front End / Back End Implementations) by Janssen & Associates Affordable Website Solutions for Individuals and Small Businesses.
Lecture 7 Interaction. Topics Implementing data flows An internet solution Transactions in MySQL 4-tier systems – business rule/presentation separation.
XP New Perspectives on Browser and Basics Tutorial 1 1 Browser and Basics Tutorial 1.
JavaScript, Fourth Edition
Advanced Web Forms with Databases Programming Right from the Start with Visual Basic.NET 1/e 13.
Managing Clients in the IEZ Quote System Objective: Become an expert in managing your clients in the IEZ Quote System.
COMP3121 E-Commerce Technologies Richard Henson University of Worcester November 2011.
Chapter 8 Cookies And Security JavaScript, Third Edition.
_______________________________________________________________________________________________________________ PHP Bible, 2 nd Edition1  Wiley and the.
Session tracking There are a number of problems that arise from the fact that HTTP is a "stateless" protocol. In particular, when you are doing on- line.
Lecture 8 – Cookies & Sessions SFDV3011 – Advanced Web Development 1.
Web Application Development * These slides have been adapted and modified from CoreServlets course material (Marty Hall) and LUMS cs391 (Umair Javed).
Chapter 8 Collecting Data with Forms. Chapter 8 Lessons Introduction 1.Plan and create a form 2.Edit and format a form 3.Work with form objects 4.Test.
 Whether using paper forms or forms on the web, forms are used for gathering information. User enter information into designated areas, or fields. Forms.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Chapter 6 Server-side Programming: Java Servlets
Microsoft Office Outlook 2013 Microsoft Office Outlook 2013 Courseware # 3252 Lesson 6: Organizing Information.
CSC 2720 Building Web Applications Server-side Scripting with PHP.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
CSCI 6962: Server-side Design and Programming Java Server Faces Scoping and Session Handling.
Copyright © 2003 Pearson Education, Inc. Slide 7-1 The Web Wizard’s Guide to PHP by David Lash.
MEMBERSHIP AND IDENTITY Active server pages (ASP.NET) 1 Chapter-4.
Saving State on the WWW. The Issue  Connections on the WWW are stateless  Every time a link is followed is like the first time to the server — it has.
CP476 Internet Computing CGI1 Cookie –Cookie is a mechanism for a web server recall info of accessing of a client browser –A cookie is an object sent by.
ECMM6018 Enterprise Networking for Electronic Commerce Tutorial 7
©SoftMooreSlide 1 Introduction to HTML: Forms ©SoftMooreSlide 2 Forms Forms provide a simple mechanism for collecting user data and submitting it to.
8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.
1 State and Session Management HTTP is a stateless protocol – it has no memory of prior connections and cannot distinguish one request from another. The.
Configuring and Deploying Web Applications Lesson 7.
ITM © Port,Kazman 1 ITM 352 Cookies. ITM © Port,Kazman 2 Problem… r How do you identify a particular user when they visit your site (or any.
Session Tracking Parts of this presentation was provided by SSE.
1 PHP HTTP After this lecture, you should be able to know: How to create and process web forms with HTML and PHP. How to create and process web forms with.
8-Mar-16 More About Servlets Session Tracking. Persistent information A server site typically needs to maintain two kinds of persistent (remembered) information:
Unit-6 Handling Sessions and Cookies. Concept of Session Session values are store in server side not in user’s machine. A session is available as long.
PHP: Further Skills 02 By Trevor Adams. Topics covered Persistence What is it? Why do we need it? Basic Persistence Hidden form fields Query strings Cookies.
111 State Management Beginning ASP.NET in C# and VB Chapter 4 Pages
Tonga Institute of Higher Education IT 141: Information Systems
Managing State Chapter 13.
Client / Session Identification Cookies
Cookies BIS1523 – Lecture 23.
Tonga Institute of Higher Education IT 141: Information Systems
Web Systems Development (CSC-215)
Configuring Internet-related services
Tonga Institute of Higher Education IT 141: Information Systems
State Handling CS 4640 Programming Languages for Web Applications
State Handling CS 4640 Programming Languages for Web Applications
Presentation transcript:

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1  Wiley and the book authors, 2001 E-Commerce: Fundamentals and Applications Chapter 6 : Server-Side Programming III Session Tracking

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications2  Wiley and the book authors, 2001 Outline What is session tracking in Web applications Traditional session tracking techniques  Hidden form field  URL rewriting  HTTP user authorization  Cookies

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications3  Wiley and the book authors, 2001 A realistic case in session tracking: shopping in VBS To implement a simple virtual store such as the e-pizza ordering store as shown in Fig. 6.1, users are usually provided with an electronic form (e-form) to fill in the order. After submitting the form to the server, the order can then be processed accordingly. The above approach is fine for a "simple e-retail business", which carries a small number of products. However, for large e-retail businesses, it is impractical to put all the products into a single e-form.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications4  Wiley and the book authors, 2001 Pizza Order Scenario Using the e-Form Mechanism (Fig. 6.1)

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications5  Wiley and the book authors, 2001 A realistic case in session tracking: shopping in VBS (cont.) Let us look at the "physical" shopping scenario, for example shopping in a supermarket. The shopping process is as follows:  enter the supermarket;  get a shopping cart;  walk around the store;  choose the goods and put them into the shopping cart; and  finally check out at the cashier's counter. To emulate the above shopping process in the cyber world, we need to implement a shopping cart.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications6  Wiley and the book authors, 2001 A realistic case in session tracking: shopping in VBS (cont.) To implement shopping cart object, there are two issues to be resolved:  The first one is how to assign and map a“shopping cart” to a user. Note that in most B2C e-commerce system, a user does not need to log into the system before shopping.  The second issue is how to keep track of the shopping cart and its content. Example:  During an e-shopping situation, we may access the VBS, get a shopping cart and then browse another Web site for a while before returning to the VBS again.  The challenge is how can we "get back" the previous shopping cart to continue shopping instead of restarting from the beginning? The solution is Session Tracking.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications7  Wiley and the book authors, 2001 Traditional session tracking techniques To support session tracking for Web-based applications, a number of techniques have been developed. The most common ones are:  Hidden form field;  URL rewriting;  HTTP user authorization;  Cookies.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications8  Wiley and the book authors, 2001 Hidden Form Field (HFF) - A Perspective As part of the HTML standard, "Hidden Form Field" provides a simple solution to session tracking. In the Advance Book Search (Chap 5), hidden form field technique have be used as follows:  First, the user browses the "Advanced Book Search" Web page, which provides an interface for the user to fill in the search criteria  After submitting the form to the VBS Web server, the corresponding servlet is launched by parsing the search criterion and executes the SQL statement.  Once the search result is obtained, the program formats the information using the HTML and returns it to the user  If the search result consists of multiple pages, some page pointers are presented for the user to go to the desired page.  The program uses the hidden form field to return the search criteria together with the previous ISBN of the book being displayed. Hence the books can be displayed accordingly.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications9  Wiley and the book authors, 2001 Hidden Form Field for shopping cart To implement a shopping cart using the "Hidden Form Field", we can define a hidden field element called "username" in an HTML form. This can be used to keep track of the user session and hence the shopping cart. ….

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications10  Wiley and the book authors, 2001 Simple book ordering using HFF We use a simple example to demonstrate how to implement a “Simple Book Store” using the "Hidden Form Field" for session tracking. The system flow of this "Simple Book Store" is shown in Figure 6.2. The simple bookstore consists of FOUR major modules as follows  Bookorder.html – This is the home page or "front-door" of the whole system.  DisplayorderHFF - This servlet program is used to display the selected book(s).  ShoppingHFF – This servlet program allows users to continue shopping by 1) consolidating the previous book selection; and 2) displaying the book list again for selection.  Check out – This allows the user to “check out”.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications11  Wiley and the book authors, 2001 System Flow Diagram for Simple Bookstore Using HFF (Fig. 6.2) Check Out Bookorder.html Displayorder HFF Shopping HFF book book +sbook

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications12  Wiley and the book authors, 2001 Simple book ordering using HFF (cont.) As shown in Fig. 6.3, the Bookorder.html file provides the "main entry" for the whole system. The HTML page consists of a simple book list and three buttons. A user can either:  click "Clear" button to reset the book selection;  click "Put to Cart" button to "put" the selected item(s) into the shopping cart; or  click "Check out" button to exit. Note that no matter which button is selected, the request is handled by the same server-side program. The parameter value of the "submit" button is used to identify the action required.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications13  Wiley and the book authors, 2001 Pros & Cons of using Hidden Form Fields Pros:  The major advantage of using the "Hidden Form Field" is its simplicity.  As part of the HTML standard, it is supported by all browsers and therefore it can be easily implemented in all the major Web programming environments such as CGI programming, servlet programming, etc. Cons:  However if we want to keep track of a lot of information, passing information using hidden form fields may be clumsy from the implementation point of view.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications14  Wiley and the book authors, 2001 URL Rewriting There are two commonly used methods to identify a session using URL rewriting: Method (1) To add an extra directory path to the original URL Method (2) To add additional parameters at the end of the URL E.g. Suppose that the original URL is  A user with session identity 007 will access the URL as  Using method (1) - Not supported in PHP  Note: each user is assigned a different directory path so that the Web server can identify the client accordingly.  Using method (2) Note: In this case, the program knows that the request is from the session with ID of 007.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications15  Wiley and the book authors, 2001 URL Rewriting - Pros & Cons Pros:  URL Rewriting provides an easy-to-implement solution to session tracking. Cons:  The "Adding an Extra Path" method may not work well for complex applications and the "Adding an Extra Parameter" method can only be used with the "GET" command, but not the "POST" command.  As the POST command is often used in HTML forms, it applicability is quite limited.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications16  Wiley and the book authors, 2001 HTTP user authorization What is HTTP user authorization?  This method supports session tracking by means of the HTTP "User Authorization" response header. Authentication is done by asking the user to provide his username and password. How can User Authorization be done for session tracking? Example:  The Web server is configured to use the WWW authentication scheme.  When a user accesses the Web server for the first time, he needs to fill in the username and password for authentication  The information is then passed to the Web server for authentication.  Once the Web server identifies the user, appropriate actions can be taken for that user.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications17  Wiley and the book authors, 2001 Sample Page for a Web Site that Needs User Authorization (Fig. 6.8)

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications18  Wiley and the book authors, 2001 HTTP user authorization: Pros & Cons Pros:  The major advantage of using User Authorization is that it is a "standard" feature of the HTTP so it is supported by all Web servers.  It can be implemented easily.  In fact, User Authorization is still commonly used in many contemporary Web systems, especially in Intranets. Cons:  Users must be pre-registered with the Web server. Therefore it may not be suitable for B2C e-commerce system because the customers may not have any relationship with the company.  Simultaneous login cannot be supported. In other words, a user cannot establish more than one session with the same site.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications19  Wiley and the book authors, 2001 Session tracking using Cookies In summary, cookies are "tiny" pieces of information stored in the client browser. In an e-shopping scenario, one can use cookies for session tracking as follows:  When a user accesses a B2C Web site for the first time, the Web server asks for the user information (e.g. username). Then the Web server can ask the client browser to "store" a cookie by including this cookie in the HTTP response header. For example, Set-Cookie: Username=ray The cookie with Username=ray is then stored in the client browser for later use.  Each time the user returns to the Web site, the client browser will send this cookie in the HTTP request message. Hence the cookie can be used for session tracking purpose.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications20  Wiley and the book authors, 2001 Using Cookies: Pros & Cons Pros:  Cookies are the most commonly used method for supporting session tracking.  They are easy to implement as most server-side programming tools provide API for managing cookies.  Cookies are supported by nearly all browsers. In fact, the use of cookies is standardized in RFC Cons  A cookie can only store a limited amount of information.  There are security concerns in using cookies because it involves saving something on the client side.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications21  Wiley and the book authors, 2001 Servlet session tracking Java servlet API provides a set of classes, namely the Session Tracking API, to handle session tracking. The advantages of using this API are as follows:  It can be used in any servlet program with little additional programming effort.  Similar to Cookies  Stored in memory of client computer

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications22  Wiley and the book authors, 2001 Session tracking: How does it work? Let us look at how session tracking can be applied for our store as follows:  When a user visits the store for the first time, the servlet engine will automatically assign a session ID to the user. The session ID is passed to the user using the “Set-Cookie” command such as Set-cookie: Session id=  Once the client’s browser gets this cookie, the cookie and hence the session ID will be stored.  Whenever the user returns to the store, the client browser sends this cookie (i.e. the session ID) to the Web server.  By identifying the session ID, the corresponding shopping cart can be retrieved for shopping.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications23  Wiley and the book authors, 2001 System Flow of SessionDemo program (Fig. 6.10)