Presentation is loading. Please wait.

Presentation is loading. Please wait.

MIS Professor Sandvig MIS 324 Professor Sandvig

Published byLoren Murphy Modified over 6 years ago

Similar presentations

Presentation on theme: "MIS Professor Sandvig MIS 324 Professor Sandvig"— Presentation transcript:

1 MIS 324 -- Professor Sandvig MIS 324 Professor Sandvig
11/22/2018 Maintaining State MIS 324 Professor Sandvig

2 MIS 324 -- Professor Sandvig
11/22/2018 Maintaining State Client-Server Model Tools: Cookies Session Security

3 Client-Server Model Communication is intermittent
Server needs to know “state” of each client Logged in UserID Items in cart Etc. Solution: cookies

4 MIS 324 -- Professor Sandvig
11/22/2018 Cookies Created by server (us) Stored on user’s computer Included with each subsequent request

5 Cookies Persist between sessions

6 MIS 324 -- Professor Sandvig
11/22/2018 Cookies Write: Single value per cookie: Response.Cookies[“Name”].Value = “Bart”; Multiple values per cookie Response.Cookies[“Name”][“First”] = “Bart”; Response.Cookies[“Name”][“Last”] = “Simpson”; Read Request.Cookies[“Name”].Value; Request.Cookies[“Name”][“First”].Value;

7 MIS 324 -- Professor Sandvig
11/22/2018 Cookies Expiration: Default: when browser is closed Response.Cookies[“CookieName”].Expires = DateTime.Now.AddDays(180); Delete Cookie: set expiration to past (-1)

8 MIS 324 -- Professor Sandvig
11/22/2018 Cookies Testing for cookie Attempt to read a cookie that is not present: Error: Object reference not set to an instance of an object Solution: If (Request.Cookies[“Name”] != null) { //safe to read cookie name = Request.Cookies[“Name”] .Value; }

9 Cookies Amazon.com

10 Cookies User can block Chrome Can’t do much…

11 Cookies Gmail

12 MIS 324 -- Professor Sandvig
11/22/2018 Cookies Benefits: Persist between sessions Keep track of usernames, last visit, etc. Easy to use Drawbacks: Client can block Not secure Example: output (see handout for source)

13 MIS 324 -- Professor Sandvig
11/22/2018 2. Sessions Data stored on server Server create unique session ID for each user Session data stored in server memory Create: Session[“LastName”] = “Simpson”; Delete Session.Abandon; – Deletes the session Session.Remove[“LastName”]; – removes items

14 Sessions Uses cookie to pass SessionID with each request
User must have cookies enabled Class example view with Chrome developer tools:

15 MIS 324 -- Professor Sandvig
11/22/2018 Sessions Expiration Default: 20 minutes Session.Timeout = 60; Benefits Secure Client cannot view, edit, delete Automatic timeout Drawbacks Do not persist Require cookies Use server resources

16 Security Session hijacking Thief steals sessionID Session Hijacking
Cookie Hijacking Thief steals sessionID Impersonates user Session Hijacking

17 Security Solution SSL Browser IDs server Encrypts all data

18 Security Require SSL for project - easy Add to Global.asax
GlobalFilters.Filters.Add(new RequireHttpsAttribute()); Not in MIS 324 Too many issues with Visual Studio in labs

19 MIS 324 -- Professor Sandvig
11/22/2018 Summary Two options for maintaining state: Cookies Text stored by browser Passed with each request Persists between sessions Sessions Data stored in server memory Secure Auto timeout Depends upon cookies for SessionID

Download ppt "MIS Professor Sandvig MIS 324 Professor Sandvig"

Similar presentations

7 Copyright © 2005, Oracle. All rights reserved. Maintaining State in J2EE Applications.

7 Copyright © 2005, Oracle. All rights reserved. Maintaining State in J2EE Applications.
Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.

Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
CIS 451: ASP Sessions and Applications Dr. Ralph D. Westfall January, 2009.

CIS 451: ASP Sessions and Applications Dr. Ralph D. Westfall January, 2009.
6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?

6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?
Chapter 10 Managing State Information Using Sessions.

Chapter 10 Managing State Information Using Sessions.
What are cookies? Cookies are text files stored on one’s computer after visiting a website Used for: -Storing information such as a unique visitor ID -Allowing.

What are cookies? Cookies are text files stored on one’s computer after visiting a website Used for: -Storing information such as a unique visitor ID -Allowing.
Client State Management & Application Security  Client State Management  Concept  ASP Examples  Application Security  Database Based Approach 

Client State Management & Application Security  Client State Management  Concept  ASP Examples  Application Security  Database Based Approach 
Chapter 10 Managing State Information PHP Programming with MySQL.

Chapter 10 Managing State Information PHP Programming with MySQL.
CSE 154 LECTURE 13: SESSIONS. Expiration / persistent cookies setcookie(name, value, expiration); PHP $expireTime = time() + 60*60*24*7; # 1 week.

CSE 154 LECTURE 13: SESSIONS. Expiration / persistent cookies setcookie("name", "value", expiration); PHP $expireTime = time() + 60*60*24*7; # 1 week.
Chapter 10 Maintaining State Information Using Cookies.

Chapter 10 Maintaining State Information Using Cookies.
Objectives Learn about state information

Objectives Learn about state information
Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.

Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.
 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.

 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.

Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.
Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.

Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.
CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.

CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.
IT533 Lectures Session Management in ASP.NET. Session Tracking 2 Personalization Personalization makes it possible for e-businesses to communicate effectively.

IT533 Lectures Session Management in ASP.NET. Session Tracking 2 Personalization Personalization makes it possible for e-businesses to communicate effectively.
Advanced Web Forms with Databases Programming Right from the Start with Visual Basic.NET 1/e 13.

Advanced Web Forms with Databases Programming Right from the Start with Visual Basic.NET 1/e 13.
Working with Cookies Managing Data in a Web Site Using JavaScript Cookies* *Check and comply with the current legislation regarding handling cookies.

Working with Cookies Managing Data in a Web Site Using JavaScript Cookies* *Check and comply with the current legislation regarding handling cookies.
Session 10: Managing State. Overview State Management Types of State Management Server-Side State Management Client-Side State Management The Global.asax.

Session 10: Managing State. Overview State Management Types of State Management Server-Side State Management Client-Side State Management The Global.asax.

Similar presentations

Ads by Google