Chapter 8 Cookies And Security JavaScript, Third Edition.

Slides:



Advertisements
Similar presentations
Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
Advertisements

ECA 225 Applied Interactive Programming1 ECA 225 Applied Online Programming cookies.
The Web Warrior Guide to Web Design Technologies
JavaScript Forms Form Validation Cookies. What JavaScript can do  Control document appearance and content  Control the browser  Interact with user.
6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?
JavaScript Forms Form Validation Cookies CGI Programs.
Servlets and a little bit of Web Services Russell Beale.
Managing State Information. PHP State Information 2 Objectives Learn about state information Use hidden form fields to save state information Use query.
XP Tutorial 9 New Perspectives on JavaScript, Comprehensive1 Working with Cookies Managing Data in a Web Site Using JavaScript Cookies.
Chapter 10 Managing State Information PHP Programming with MySQL.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
ASP.NET Programming with C# and SQL Server First Edition
Chapter 11 ASP.NET JavaScript, Third Edition. 2 Objectives Learn about client/server architecture Study server-side scripting Create ASP.NET applications.
Chapter 10 Maintaining State Information Using Cookies.
Objectives Learn about state information
Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.
CST JavaScript Validating Form Data with JavaScript.
1 Forms for the Web Tom Muck
Chapter 9 Using Perl for CGI Programming. Computation is required to support sophisticated web applications Computation can be done by the server or the.
8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.
Copyright © cs-tutorial.com. Introduction to Web Development In 1990 and 1991,Tim Berners-Lee created the World Wide Web at the European Laboratory for.
CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.
Comp2513 Forms and CGI Server Applications Daniel L. Silver, Ph.D.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
JavaScript, Fifth Edition Chapter 1 Introduction to JavaScript.
CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.
Chapter 5 Java Script And Forms JavaScript, Third Edition.
Chapter 6: Forms JavaScript - Introductory. Previewing the Product Registration Form.
IT533 Lectures Session Management in ASP.NET. Session Tracking 2 Personalization Personalization makes it possible for e-businesses to communicate effectively.
Cookies and Security Saving the “state”
JavaScript, Fourth Edition
Working with Cookies Managing Data in a Web Site Using JavaScript Cookies* *Check and comply with the current legislation regarding handling cookies.
WEEK 3 AND 4 USING CLIENT-SIDE SCRIPTS TO ENHANCE WEB APPLICATIONS.
Week 9 PHP Cookies and Session Introduction to JavaScript.
CSE 154 LECTURE 12: COOKIES. Including files: include include("filename"); PHP include("header.html"); include("shared-code.php"); PHP inserts the entire.
USING PERL FOR CGI PROGRAMMING
School of Computing and Information Systems CS 371 Web Application Programming PHP – Forms, Cookies, Sessions and Database.
Week seven CIT 354 Internet II. 2 Objectives Database_Driven User Authentication Using Cookies Session Basics Summary Homework and Project 2.
JavaScript, Fourth Edition Chapter 5 Validating Form Data with JavaScript.
Regular Expression (continue) and Cookies. Quick Review What letter values would be included for the following variable, which will be used for validation.
Cookies Web Browser and Server use HTTP protocol to communicate and HTTP is a stateless protocol. But for a commercial website it is required to maintain.
11 1 Cookies CGI/Perl Programming By Diane Zak Objectives In this chapter, you will: Learn the difference between temporary and persistent cookies.
Session and Cookie Management in.Net Sandeep Kiran Shiva UIN:
STATE MANAGEMENT.  Web Applications are based on stateless HTTP protocol which does not retain any information about user requests  The concept of state.
PHP Programming with MySQL Slide 10-1 CHAPTER 10 Managing State Information.
7 Chapter Seven Client-side Scripts. 7 Chapter Objectives Create HTML forms Learn about client-side scripting languages Create a client-side script using.
Advance web Programming Managing State Information (Cookies-Session) Date: 22 April 2014 Advance web Programming Managing State Information (Cookies-Session)
JavaScript Part 9 George Mason University June 23, 2010.
XP Tutorial 8 Adding Interactivity with ActionScript.
ASP.Net, Web Forms and Web Controls 1 Outline Session Tracking Cookies Session Tracking with HttpSessionState.
ECMM6018 Enterprise Networking for Electronic Commerce Tutorial 7
Persistence Maintaining state using cookies and queries.
Copyright ©2005  Department of Computer & Information Science Working with Cookies.
8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.
1 State and Session Management HTTP is a stateless protocol – it has no memory of prior connections and cannot distinguish one request from another. The.
IS2802 Introduction to Multimedia Applications for Business Lecture 8: JavaScript and Cookies Rob Gleasure
1 PHP HTTP After this lecture, you should be able to know: How to create and process web forms with HTML and PHP. How to create and process web forms with.
Project 5: Customizing User Content Essentials for Design JavaScript Level Two Michael Brooks.
ASP.NET Part II Dr. Awad Khalil Computer Science Department AUC.
Unit-6 Handling Sessions and Cookies. Concept of Session Session values are store in server side not in user’s machine. A session is available as long.
Persistence Maintaining state: Queries. State is the Problem What is state? facebook status logins (which user are you?) conversations talking about what?
Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.
1 Chapter 22 World Wide Web (HTTP) Chapter 22 World Wide Web (HTTP) Mi-Jung Choi Dept. of Computer Science and Engineering
JavaScript, Sixth Edition
19.10 Using Cookies A cookie is a piece of information that’s stored by a server in a text file on a client’s computer to maintain information about.
Client / Session Identification Cookies
Cookies and JavaScript
What is Cookie? Cookie is small information stored in text file on user’s hard drive by web server. This information is later used by web browser to retrieve.
Session Tracking Techniques
Presentation transcript:

Chapter 8 Cookies And Security JavaScript, Third Edition

2 Objectives Learn about state information Save state information with hidden form fields, query strings, and Cookies Manipulate strings Learn about security issues

JavaScript, Third Edition 3 Introduction The ability to store user information, including preferences, passwords, and other data, is very important –Improves usability of a Web page The three most common tools for maintaining state information are: –Hidden form fields –Query strings –Cookies

JavaScript, Third Edition 4 Understanding State Information State Information: –Information about individual visits to a Web site HTTP was originally designed to be stateless –Web browsers stored no persistent data about a visit to a Web site –Design was efficient, but limiting

JavaScript, Third Edition 5 Understanding State Information (Cont.) Server that maintains state information can: –Customize individual Web pages based on user preferences –Temporarily store information for a user as a browser navigates within a multipart form –Allow a user to create bookmarks for returning to specific locations within a Web site

JavaScript, Third Edition 6 Understanding State Information (Cont.) –Provide shopping carts that store order information –Store user IDs and passwords –Use counters to keep track of how many times a user has visited a site

JavaScript, Third Edition 7 Saving State Information with Hidden Form Fields Hidden form field: –Not displayed by the Web browser –Allows you to hide information from users –Created with the element –Temporarily stores data that needs to be sent to a server along with the rest of a form, but that a user does not need to see

JavaScript, Third Edition 8 Saving State Information with Hidden Form Fields (Cont.) –Is created using the same syntax used for other fields created with the element: –Name and value attributes are the only attributes that you can include with it

JavaScript, Third Edition 9 Saving State Information with Query Strings A query string: –Set of name=value pairs appended to a target URL –Consists of a single text string containing one or more pieces of information To pass information from one Web page to another using a query string: –Add a question mark (?) immediately after a URL, followed by the query string (in name=value pairs) for the information you want to preserve

JavaScript, Third Edition 10 Manipulating Strings Parsing: –Refers to the act of extracting characters or substrings from a larger string –Essentially the same concept as the parsing (rendering) that occurs in a Web browser

JavaScript, Third Edition 11 The String Object String object: –Represents all literal strings and string variables in JavaScript –Contains methods for manipulating text strings –Length property returns the number of characters in a string

JavaScript, Third Edition 12 The String Object (Cont.)

JavaScript, Third Edition 13 The String Object (Cont.)

JavaScript, Third Edition 14 Parsing a String The first parsing task: –Remove question mark at the start of query string Use substring() method combined with length property –Substring() method takes two arguments: Starting index number and an ending index number The first character in a string has an index number of 0

JavaScript, Third Edition 15 Parsing a String (Cont.) The next step: –Convert individual pieces of information in queryData variable into array elements using the split() method –Pass to the split() method the character that separates each individual piece of information in a string

JavaScript, Third Edition 16 Saving State information with Cookies Query strings do not permanently maintain state information: –Information available only during current Web page session Hidden form fields maintain state information between Web pages: –The data they contain are lost once the Web page that reads the hidden fields closes

JavaScript, Third Edition 17 Saving State information with Cookies (Cont.) You can save the contents of a query string or hidden form fields: –Submit the form data using a server-side scripting language Requires separate server-based application

JavaScript, Third Edition 18 Saving State information with Cookies (Cont.) To make it possible to store state information beyond the current Web page session, Netscape created cookies Cookies: –Small pieces of information about a user stored by a Web server in text files on the user’s computer

JavaScript, Third Edition 19 Saving State information with Cookies (Cont.) Each time the Web client visits a Web server: –Saved cookies for the requested Web page are sent from the client to the server –Server then uses cookies to customize the Web page for the client

JavaScript, Third Edition 20 Saving State information with Cookies (Cont.) Cookies can be temporary or persistent: –Temporary cookies remain available only for the current browser session –Persistent cookies remain available beyond the current browser session Stored in a text file on a client computer

JavaScript, Third Edition 21 Creating Cookies You use the cookie property of the Document object to create cookies in name=value pairs The syntax for the cookie property is as follows: –document.cookie = name + value; The cookie property is created with a required name attribute and four optional attributes: –Expires –Path –Domain –Secure

JavaScript, Third Edition 22 The name attribute Only required parameter of the cookie property Specifies the cookie’s name=value pair Cookies created with only the name attribute are temporary cookies –Available for only the current browser session

JavaScript, Third Edition 23 The name attribute (Cont.) Cookies themselves cannot include semicolons or other special characters, such as commas or spaces: –Transmitted between Web browsers and Web servers using HTTP Does not allow certain non-alphanumeric characters to be transmitted in their native format

JavaScript, Third Edition 24 The name attribute (Cont.) You can use special characters in your cookies if you use encoding: Encoding: –Involves converting special characters in a text string to their corresponding hexadecimal ASCII value, preceded by a percent sign

JavaScript, Third Edition 25 The name attribute (Cont.) The built-in encodeURI() function is used in JavaScript for encoding text strings into a valid URI The syntax for the encodeURI() function is: –encodeURI(text);

JavaScript, Third Edition 26 The name attribute (Cont.) When you read a cookie or other text string encoded with the encodeURI() function: –Decode it with the decodeURI() function –The syntax for the decodeURI() function is: decodeURI(text);

JavaScript, Third Edition 27 The Expires attribute For a cookie to persist beyond the current browser session: –Use the expires attribute of the cookie property The expires attribute of the cookie property: –Determines how long a cookie can remain on a client system before it is deleted Cookies created without an expires attribute are available for only the current browser session

JavaScript, Third Edition 28 The Expires attribute (Cont.) Expires=date: –Syntax for assigning the expires attribute to the cookie property, along with an associated name=value pair The name=value pair and the expires=date pair are separated by a semicolon and a space

JavaScript, Third Edition 29 The Path attribute The path attribute: –Determines the availability of a cookie to other Web pages on a server –Assigned to the cookie property, along with an associated name=value pair, using the syntax: path=path name

JavaScript, Third Edition 30 The Path attribute (Cont.) By default, a cookie is available to all Web pages in the same directory If a path is specified: –Then a cookie is available to all Web pages in the specified path AND all Web pages in all subdirectories in the specified path

JavaScript, Third Edition 31 The Domain attribute Using the path attribute allows cookies to be shared across a server The domain attribute is used for sharing cookies across multiple servers in the same domain

JavaScript, Third Edition 32 The Domain attribute (Cont.) Cookies cannot be shared outside of a domain The domain attribute is assigned to the cookie property, along with an associated name=value pair, using the syntax domain=domain name

JavaScript, Third Edition 33 The secure attribute Indicates that a cookie can only be transmitted across a secure Internet connection using HTTPS or another security protocol Generally when working with client-side JavaScript –Secure attribute should be omitted

JavaScript, Third Edition 34 The secure attribute (cont.) If you wish to use the secure attribute: –Assign it to the cookie property with a Boolean value of true or false, along with an associated name=value pair, using the syntax secure=boolean value

JavaScript, Third Edition 35 Reading Cookies To parse a cookie, you must: 1.Decode it using the decodeURI() function 2.Use the methods of the String object to extract individual name=value pairs

JavaScript, Third Edition 36 JavaScript Security concerns Security areas of most concern to JavaScript programmers are: –Protection of a Web page and JavaScript program against malicious tampering –Privacy of individual client information –Protection of the local file system of the client or Web site from theft or tampering –Privacy of individual client information in the Web browser window

JavaScript, Third Edition 37 The same origin Policy Restricts how JavaScript code in one window or frame accesses a Web page in another window or frame on a client computer For windows and frames to view and modify elements and properties of documents displayed in other windows and frames: –Must have the same protocol (such as HTTP) –Must exist on the same Web server

JavaScript, Third Edition 38 The same origin Policy (cont.) Applies not only to the domain name –Also to the server on which a document is located Prevents –Malicious scripts from modifying the content of other windows and frames –Theft of private browser information and information displayed on secure Web pages

JavaScript, Third Edition 39 Chapter Summary State information: –Information about individual visits to a Web site HTTP: –Originally designed to be stateless : Web browsers stored no persistent data about a visit to a Web site

JavaScript, Third Edition 40 Chapter Summary (cont.) Hidden form field: –Special type of form element –Not displayed by the Web browser –Used to hide information from users Form fields, query strings, and cookies: –Most common tools for maintaining state information

JavaScript, Third Edition 41 Chapter Summary (cont.) A query string: –Set of name=value pairs appended to a target URL The String object: –Contains methods for manipulating text strings Cookies: –Small pieces of information about a user stored by a Web server in text files on the user’s computer

JavaScript, Third Edition 42 Chapter Summary (cont.) EncodeURI() function: –Used in JavaScript for encoding text strings into a valid URI DecodeURI() function: –Decodes a cookie or other text string encoded with the encodeURI() function

JavaScript, Third Edition 43 Chapter Summary (cont.) The same origin policy: –Restricts how JavaScript code in one window or frame accesses a Web page in another window or frame on a client computer Domain property: –Domain property of the Document object changes the origin of a document to its root domain name

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.