Presentation is loading. Please wait.

Presentation is loading. Please wait.

Persistence Maintaining state: Queries. State is the Problem What is state? facebook status logins (which user are you?) conversations talking about what?

Published bySharleen Rich Modified over 8 years ago

Similar presentations

Presentation on theme: "Persistence Maintaining state: Queries. State is the Problem What is state? facebook status logins (which user are you?) conversations talking about what?"— Presentation transcript:

1 Persistence Maintaining state: Queries

2 State is the Problem What is state? facebook status logins (which user are you?) conversations talking about what? talking to whom?

3 HTTP Protocol stateless protocol by design! (why TCP?) The server does not know what you did What website you were on What you just did on the website Who you are page to page Each page is independent of the other!

4 Why do you care? Maintain items in a shopping cart Website User Accounts Web Apps using more than ONE page Allow bookmarks of query results Polling, Statistics, Advertising

5 Security Queries are not secure Cookies are not secure Easily accessible and editable TEXT! Cookies can be set secure - browser will only sent over HTTPS NOT that safe

6 Solution ONLY store session IDs or account name This means the cookie is a token SSL secure the connection: Session IDs can't be ripped off the net *Client man-in-the-middle attacks *Expire sessions + make new ones

7 URL Query Old school way to maintain state http://search.com?search=http://search.com?search=cars&account=john Old school way to maintain state http://search.com?search=http://search.com?search=cars&account=john

8 Query strings URL(Uniform Resource Locator) / URI Delineator characters: ? & = location (http://google.com)http://google.com query=”what is a cookie?” http://search.comhttp://search.com?search=what%20is% 20a%20cookie?

9 The right side of ? window.location.search= "?" cpu uses to find query in URL "name" parameter's name "=" cpu uses to split name from value "value" parameter's value " &" cpu uses to separate parameters http://search.com?search=http://search.com?search=cars&account=john

10 Automatic Queries onSubmit browser MAKES QUERY Before cookies: Servers put state info into ALL URLs tag's hrefs, everything!

11 demo

12 DOM's location Object -hacked- javascript APIs can break rules location looks like a string location= "http://new website"; location.search = ? + right side of URL play with it in the Console (firebug)

13 Javascript String Object String objects have methods!!! substring(), substr() split() is extremely useful!.length = # of how long string is location.search.substr(start, length); location.split('?') -> array

14 DOM's encoders URL/URI have strict format rules space = %20, most stuff must be %hex encodeURI() / decodeURI() doesn't encode :// and some others encodeURIComponent() / decode…() encodes any possible troublemakers

Download ppt "Persistence Maintaining state: Queries. State is the Problem What is state? facebook status logins (which user are you?) conversations talking about what?"

Similar presentations

CS 4720 RESTfulness CS 4720 – Web & Mobile Systems.

CS 4720 RESTfulness CS 4720 – Web & Mobile Systems.
The OWASP Foundation Web Application Security Host Apps Firewall Host Apps Database Host Web serverApp serverDB server Securing the.

The OWASP Foundation Web Application Security Host Apps Firewall Host Apps Database Host Web serverApp serverDB server Securing the.
UFCE8V-20-3 Information Systems Development 3 (SHAPE HK)

UFCE8V-20-3 Information Systems Development 3 (SHAPE HK)
Cookies The HTTP protocol is stateless, that is, it does not maintain information on states after the session ends. But sometimes it is useful to remember.

Cookies The HTTP protocol is stateless, that is, it does not maintain information on states after the session ends. But sometimes it is useful to remember.
Cookies Purpose –Write information that lives after the browser exits –Keep track of form data submitted multiple times during a particular visit –Track.

Cookies Purpose –Write information that lives after the browser exits –Keep track of form data submitted multiple times during a particular visit –Track.
Unit 12 Using the Internet & Browsing the Web.  Understand the difference between the Internet and the World Wide Web  Identify items on a web page.

Unit 12 Using the Internet & Browsing the Web.  Understand the difference between the Internet and the World Wide Web  Identify items on a web page.
Servlets and a little bit of Web Services Russell Beale.

Servlets and a little bit of Web Services Russell Beale.
©2009 Justin C. Klein Keane PHP Code Auditing Session 7 Sessions and Cookies Justin C. Klein Keane

©2009 Justin C. Klein Keane PHP Code Auditing Session 7 Sessions and Cookies Justin C. Klein Keane
Session Management A290/A590, Fall 2014 09/25/2014.

Session Management A290/A590, Fall /25/2014.
Chapter 10 Maintaining State Information Using Cookies.

Chapter 10 Maintaining State Information Using Cookies.
Objectives Learn about state information

Objectives Learn about state information
Handling Security Threats in Kentico CMS Karol Jarkovsky Sr. Solution Architect Kentico Software

Handling Security Threats in Kentico CMS Karol Jarkovsky Sr. Solution Architect Kentico Software
Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.

Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.
WEB SECURITY WORKSHOP TEXSAW 2013 Presented by Joshua Hammond Prepared by Scott Hand.

WEB SECURITY WORKSHOP TEXSAW 2013 Presented by Joshua Hammond Prepared by Scott Hand.
Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department

Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.

Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.
CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.

CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.
CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.

CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.
Java Omar Rana University of South Asia. Course Overview JAVA  C/C++ and JAVA Comparison  OOP in JAVA  Exception Handling  Streams  Graphics User.

Java Omar Rana University of South Asia. Course Overview JAVA  C/C++ and JAVA Comparison  OOP in JAVA  Exception Handling  Streams  Graphics User.
Cookies and Security Saving the “state”

Cookies and Security Saving the “state”

Similar presentations

Ads by Google