Presentation is loading. Please wait.

Presentation is loading. Please wait.

[Based in part on SWE 432 and SWE 632 materials by Jeff Offutt, GMU]

Published byEdmund Hofmeister Modified over 5 years ago

Similar presentations

Presentation on theme: "[Based in part on SWE 432 and SWE 632 materials by Jeff Offutt, GMU]"— Presentation transcript:

1 [Based in part on SWE 432 and SWE 632 materials by Jeff Offutt, GMU]
State Handling with Sessions CS Programming Languages for Web Applications [Based in part on SWE 432 and SWE 632 materials by Jeff Offutt, GMU] [Robert W. Sebesta, “Programming the World Wide Web]

2 Session Tracking Methods
revisit Session Tracking Methods URL rewriting -- include data as extra parameters Hidden form fields Cookies Server-side session objects All four methods work by exchanging a token between the client and server Server Client UI implemented in a browser Web server Container engine Program components HTTP Request (with a token / data) HTTP Response (with a token / HTML)

3 Sessions A single coherent use of the system by the same user
All web components sharing a session must start session to join the existing session (or create a new session if none available) $_SESSION global array stores data in the current active object Data disappear when the object is destroyed The session object is destroyed after the session ends, usually 30 minutes after the last request

4 Sessions (Overview) Time Client 1 Web server Client 2 Time HTTP Request HTTP Request HTTP Response Session ID = 0347 HTTP Response Server returns a new unique session ID when the request has none Session ID = 4403 HTTP Request Session ID = 0347 HTTP Request Session ID = 4403 HTTP Response Session ID = 0347 HTTP Response Session ID = 4403 HTTP Request Session ID = 0347 HTTP Request Session ID = 4403 HTTP Response Session ID = 0347 HTTP Response Session ID = 4403

5 Sessions (Overview) Time Client 1 Web server Client 2 Time HTTP Request HTTP Request Client stores the ID and sends it to the server in subsequent HTTP Response Session ID = 0347 HTTP Response Session ID = 4403 HTTP Request Server recognizes all the requests as being from the same client. This defines a session. Session ID = 0347 HTTP Request Session ID = 4403 Server recognizes all the requests as being from a different client. HTTP Response Session ID = 0347 HTTP Response Session ID = 4403 HTTP Request Session ID = 0347 HTTP Request Session ID = 4403 HTTP Response Session ID = 0347 HTTP Response Session ID = 4403

6 Using Session objects Initialize a session object:
Once the session is available, session data are accessible from an implicit $_SESSION global array variable Store information (state) in the session object, use name as a key: Get values from session objects, use name as a key: session_start() $_SESSION[name] = value $_SESSION[name]

7 Using Session Objects count($_SESSION)
Return the number of param/value pairs stored in a session object To view state stored in a session object, iterate a $_SESSION array or specify a parameter name $_SESSION[name] Retrieve a session ID foreach ($_SESSION as $key => $value) { echo “$key maps to $value <br/>”; } session_id()

8 Using Session objects Terminate a session
Remove a session variable, use name as a key: Terminate a session Completely remove a session object unset($_SESSION[name]) session_destroy()

9 Session Definition A session is defined by The web server The client
PHP container The client IP address Browser Session objects are kept on the server Each session object uses different parts of memory (instances of data values) on the server

10 Sharing Data: Session Object
One program component can store a value in the session object Another component can retrieve, use, and modify the value Depends on the PHP container Software components are threads, not processes PHP container stays resident and can keep shared memory

11 Thought Questions What user-specific data are stored on the server? What user-specific data are stored on the client? How does the server recognize whether the requests are from the same user or different user? If a user wants to view his/her information previously stored in the server-side session, how does the server respond to the request? Assuming a user wants to update (or delete) his/her information previously stored in the server-side session, how does the server respond to the request? What can happen if someone (let's say, a hacker) knows the user's sessionID? What can be done to potentially prevent or minimize the chance of the user session being hacked?

12 More General Concept on Maintaining State
Single-user session state Cookies and session object Multi-user session state Context object (will not be tested) Data persistence Why do we need them? Social network system – allow multiple users to interact Group working – online meeting Online bidding Reservation system, invitation system Sometimes we want to share session data among multiple clients (group of users)

13 Summary Managing state is fundamental to any program
Managing state is the most unique aspect of designing and programming web applications Software vendors are creating new frameworks all the time Most of them introduce additional state handling techniques Many professional developers make fundamental mistakes with managing state Books and tutorials describe syntax, but not concepts State management is the most common source of software faults in web apps

14 More general concepts on maintaining states
Extra slide More general concepts on maintaining states (will not be tested)

15 Context (application)
Context Scope Container Engine session object 1 session object 2 Component4 Component1 Component5 Component2 context object Component6 Component3 Session 1 Session 2 Context (application)

Download ppt "[Based in part on SWE 432 and SWE 632 materials by Jeff Offutt, GMU]"

Similar presentations

Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 10 Servlets and Java Server Pages.

Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 10 Servlets and Java Server Pages.
7 Copyright © 2005, Oracle. All rights reserved. Maintaining State in J2EE Applications.

7 Copyright © 2005, Oracle. All rights reserved. Maintaining State in J2EE Applications.
Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.

Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
Cutting Edge Research in Engineering of Web Applications Part 2 What is Different about Engineering Web Apps? Jeff Offutt Professor of Software Engineering.

Cutting Edge Research in Engineering of Web Applications Part 2 What is Different about Engineering Web Apps? Jeff Offutt Professor of Software Engineering.
Chapter 10 Managing State Information Using Sessions.

Chapter 10 Managing State Information Using Sessions.
CSE 154 LECTURE 13: SESSIONS. Expiration / persistent cookies setcookie(name, value, expiration); PHP $expireTime = time() + 60*60*24*7; # 1 week.

CSE 154 LECTURE 13: SESSIONS. Expiration / persistent cookies setcookie("name", "value", expiration); PHP $expireTime = time() + 60*60*24*7; # 1 week.
Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.

Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.
Sys Prog & Scripting - HW Univ1 Systems Programming & Scripting Lecture 15: PHP Introduction.

Sys Prog & Scripting - HW Univ1 Systems Programming & Scripting Lecture 15: PHP Introduction.
CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.

CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.
IT533 Lectures Session Management in ASP.NET. Session Tracking 2 Personalization Personalization makes it possible for e-businesses to communicate effectively.

IT533 Lectures Session Management in ASP.NET. Session Tracking 2 Personalization Personalization makes it possible for e-businesses to communicate effectively.
Advanced Web Forms with Databases Programming Right from the Start with Visual Basic.NET 1/e 13.

Advanced Web Forms with Databases Programming Right from the Start with Visual Basic.NET 1/e 13.
Lecture 8 – Cookies & Sessions SFDV3011 – Advanced Web Development 1.

Lecture 8 – Cookies & Sessions SFDV3011 – Advanced Web Development 1.
Chapter 6 Server-side Programming: Java Servlets

Chapter 6 Server-side Programming: Java Servlets
1 Chapter 9 – Cookies, Sessions, FTP, Email and More spring into PHP 5 by Steven Holzner Slides were developed by Jack Davis College of Information Science.

1 Chapter 9 – Cookies, Sessions, FTP, and More spring into PHP 5 by Steven Holzner Slides were developed by Jack Davis College of Information Science.
Christopher M. Pascucci Basic Structural Concepts of.NET Managing State & Scope.

Christopher M. Pascucci Basic Structural Concepts of.NET Managing State & Scope.
STATE MANAGEMENT.  Web Applications are based on stateless HTTP protocol which does not retain any information about user requests  The concept of state.

STATE MANAGEMENT.  Web Applications are based on stateless HTTP protocol which does not retain any information about user requests  The concept of state.
® IBM Software Group © 2007 IBM Corporation Best Practices for Session Management 4.1.0.3.

® IBM Software Group © 2007 IBM Corporation Best Practices for Session Management
Web Database Programming Week 7 Session Management & Authentication.

Web Database Programming Week 7 Session Management & Authentication.
Cookies and Sessions IDIA 618 Fall 2014 Bridget M. Blodgett.

Cookies and Sessions IDIA 618 Fall 2014 Bridget M. Blodgett.
CSCI 6962: Server-side Design and Programming Java Server Faces Scoping and Session Handling.

CSCI 6962: Server-side Design and Programming Java Server Faces Scoping and Session Handling.

Similar presentations

Ads by Google