Creating Databases for Web Applications cookie examples lab time: favorites cookies & Sessions class time for group work/questions on projects Next class: presentations

cookies are entries into a file called cookies.txt on the client computer –can be placed there by client-side or server-side code. Server side code uses the HTTP header to set the cookie. used for things such as IDs and preferences. Used to compensate for HTTP being 'stateless' alternatives are storing information in –databases – so-called session variables held on the server (one per client) –the URL call (like method=get form data)

Samples php: set cookie, no expiration. This means cookie goes away when the browser is closed. php: set cookie, 5 minute expiration asp/JavaScript: set cookie, no expiration. asp/JavaScript: set cookie, 5 minute expiration

on sharon.ns.purchase.edu/jeanine cookie.php cookie5min.php cookie.asp cookie5min.php Question: does the cookie know if it is asp or php?

<?php if { setcookie("ccname",$cname); setcookie("ctype",$type); ?> Use cookie Welcome <? print ("$cname! \n"); print (" You like $type cookies."); ?> <? } before anything else sent to browser

else { ?> Form for cookies Your name <input type=text name='cname' value=' '> Your favorite cookie <input type=text name='type' value=' '>

<?php if { setcookie("ccname",$cname,time()+5*60); setcookie("ctype",$type, time()+5*60); ?> Use cookie Welcome <? print ("$cname! \n"); print (" You like $type cookies."); print(" The time in seconds is "); print(time()); ?> <? }

else { ?> Form for cookies Your name <input type=text name='cname' value=' '> Your favorite cookie <input type=text name='type' value=' '>

<% var submitted=String(Request.Form("submitted")); if (submitted !="undefined") { sname=String(Request("cname")); stype=String(Request("type")); Response.Cookies("ccname") = sname; Response.Cookies("ctype") = stype; %> Use cookie Welcome \n"); Response.Write (" You like "+ stype +" cookies."); %> <% }

else { %> Form for cookies Your name <input type=text name='cname' value=' <% fromcookiename=Request.Cookies("ccname"); Response.Write(fromcookiename);%> '> Your favorite cookie <input type=text name='type' value=' <% fromcookietype=Request.Cookies("ctype"); Response.Write(fromcookietype); %> '>

ASP The time expiration needs to be an asp datatype called variant. Need to convert the JavaScript date object to that type: var later=new Date(); //get now later.setMinutes(later.getMinutes()+5 ); // add 5 Response.Cookies("ccname").expires =later.getVarDate();

<% var submitted=String(Request.Form("submitted")); if (submitted !="undefined") { sname=String(Request("cname")); stype=String(Request("type")); var later=new Date(); //get now later.setMinutes(later.getMinutes()+5 ); // add 5 Response.Cookies("ccname") = sname; Response.Cookies("ccname").expires =later.getVarDate(); Response.Cookies("ctype") = stype; Response.Cookies("ctype").expires = later.getVarDate(); %> Use cookie Welcome \n"); Response.Write (" You like "+ stype +" cookies."); Response.Write(" Later is " + later); %> <% }

Form for cookies Your name <input type=text name='cname' value=' <% fromcookiename=Request.Cookies("currentclientname"); Response.Write(fromcookiename);%> '> Your favorite cookie <input type=text name='type' value=' <% fromcookietype=Request.Cookies("ctype"); Response.Write(fromcookietype); %> '>

Experiment do [one of the] cookies.php or cookies.asp go to another site, and go back to this script. exit the browser. try cookies5min exit the browser, but re-invoke browser and go the script. exit the browser and right 5 minutes and then re- invoke the browser and go to the script.

Explore Find the cookies.txt file on your lab computer and your home or office computer On my home computer, it was on c\Program Files\Netscape\users\jeanine

in the cookies.txt file sharon.ns.purchase.eduFALSE/ FALSE ctype chocolate+chip+ sharon.ns.purchase.eduFALSE/ FALSE currentclientname+Mommy

Cookies name & value –can also be a collection (complex cookie): name, keys and values Optionally, set –domain (purchase.edu would mean that sharon.ns.purchase.edu, rachel.ns.purchase.edu, etc. could use the cookie) –path (restriction to folders within domain) –secure: True or False (only set if browser using secure connection) Limits: each cookie <= 4kB (Netscape), number of cookies also limited (oldest deleted to make room for newest): limit sent per domain (20) and limit overall (300)

cookie parameters php –setcookie(string name, string value, int expire, string path, string domain, int secure) asp –Response.Cookies(name).Domain = domainstring –Response.Cookies(name).Path = pathString –Response.Cookies(name).Secure= True

deleting cookies set same name cookie to no value setcookie("cclient",""); –php: If you have specified a domain or path, you need to mention those attributes again in the setcookie call. Response.Cookies("cclient")=""; set same name cookie to have past expiration time setcookie("cclient","", time()-60); Response.Cookies("client").Expires="1/1/1980"

Caution Cookies are browser dependent –Look at the Cookies folder in Windows for the IE cookies Cookies are not dependent on asp or php: that is, –php reads cookies set by asp and –asp reads cookies set by php

Sessions A session is the time a client spends on a site. A session id is stored (as a cookie) on the client OR passed along via the URLs (using php only). The id is a key to session information stored on the server for each client. –Php sessions will work even if cookies have been disabled by the person using the browser Session information is stored on the server.

Sessions: php session_start(); called at each script using the session variables $total = …. $cart["pencils"] = $qty; $cart[$productname] = $productqty; session_register("total"); session_register("cart"); … in another script, can use $cart and $total. $result = session_is_registered("total"); session_unregister("total"); session_destroy();

Sessions: asp Session(sessionvariablename)= ….; = Session(sessionvariablename) Session(“cust_name”) = custname; Again, session variables can be scalar (simple) or complex, such as arrays or associative arrays (aka hashes or collections).

Authentication (briefly) Sessions In forms, use method= post & –'over the shoulder' security Re-direction: invoking another script must be before anything else sent to browser php: header("Location: otherpage.php"); exit; asp: Response.Redirect("otherpage.asp"); In re-direction and links, can add parameters: header("Location:page2.php?user=$username"); php: crypt(), md5() asp/JavaScript: use on-line sources. May need to code your own or purchase plugin.

Homework Keep working on enhancement projects –First presentation due class after break (3/23) Present requirements (yours and your 'system owner' and 'system user' –Final presentation (of enhanced projects) due following week (3/30) Your proposal for your own original project due week after. (4/6)