Cookies

• Purpose– Write information that lives after the browser exits

– Keep track of form data submitted multiple times during a particular visit

– Track user purchase and visit habits

– Examples• Log-in account and password so the information doesn't

broadcast over the web

• Shopping cart information

• Personalized greeting when the user next visits a site

A cookie is a small text file written to the client's computer

Security• It would be a serious security hole if html documents with

JavaScript had unlimited access to client-side disks• Client User Solutions

– Block cookies altogether– Restrict cookies to certain trusted sites– Manage those cookies that are present– Restrict cookies to single sessions– Purge all cookies from the system

• Browser solutions: – Restrict cookies to 2,000 to 4,000 characters– Enforce expiration dates

• Caution– Editing cookies is dangerous because it could cause the

browser to fail at certain web-sites

What's in a cookie1. The cookie name and cookie value2. A cookie's expiration data3. Path to the page creating the cookie4. Domain name of the server creating the cookie5. Security parameter that can restrict access to it

Create a cookiedocument.cookie = "userName=John doe";

Cookie name is 'userName' Cookie value is 'John doe'The first '=' is an assignment to the cookie property in the document object

Read a cookieAlert(document.cookie);

Notes: The browser normally sets items 3, 4, and 5Syntax: [name]=[values];expires=[date];secure; path=[path];domain=[domain]

Example

• Make the cookie<html><head></head><body><script type="text/javascript">var expDate = new Date();expDate.setMonth(expDate.getMonth() + 1);document.cookie = "greeting=Hello World;expires=“ +

expDate.toGMTString();</script><h1>Wrote the Cookie</h1></body></html>

• Read the cookie<html><head></head><body><h1>Read the Cookie</h1><script type="text/javascript"> alert(document.cookie);</script></body></html>

Make Cookie and Read Cookie

Expiration Dates

• Browsers hold cookies in memory– When a browser exits, it writes all cookies to disk

– Browsers don’t save cookies that don’t have expiration dates

• How to set a cookie with an expiration dateVar theName = document.someForm.name.value;

document.cookie = "user="+theName + ";expires=" + expDate.toGMTString();

• We'll describe expDate on the next slide

Question: What use are cookies without an expiration date?

Computing an expiration date

• Instructions to set an expiration datevar expDate = new Date();var thirtyDaysMillis = 30*24*60*60*1000;var future = expDate.getTime() + thirtyDaysMillis;expDate.setTime(future);

• A short cut with fewer variablesvar expDate = new Date()expDate.setTime(expDate.getTime() + 30*24*60*60*1000);expDate.setTime(future);

• Another way to do itvar expDate = new Date();expDate.setMonth(expDate.getMonth() + 1);

Writing Multiple Cookies

• Just store over the cookie property more than once• Each store creates a new cookie• Example

– document.cookie = "name=Bill";

– document.cookie = "address=1250 Siskiyou blvd";

– document.cookie = "city=Ashland";

– document.cookie = "state=OR";

– document.cookie = "zip=97520";

Note: This creates five cookies.

Reading Multiple Cookies• We get all cookies at once

• What does JavaScript see?– Cookie names and values– Does NOT see expiration dates and security

information

• Example– alert(document.cookie);

Name=Bill;address=1250 Siskiyou blvd;city=Ashland;state=OR;zip=97520

Output using example on the previous slide:

Splitting Cookies in Pieces• The split function does it!• Assume the cookies are:

Name=bill;address=1250 Siskiyou blvd;city=Ashland;state=OR;zip=97520

• Here is the codevar cookies = document.cookie;var theCookies = cookies.split(";");alert(theCookies[0].split("=")[1]);alert(theCookies[1].split("=")[1]);alert(theCookies[2].split("=")[1]);alert(theCookies[3].split("=")[1]);alert(theCookies[4].split("=")[1]);

Bill1250 Siskiyou blvd

AshlandOR

97520

theCookies[0] = name=bill

theCookies[1] = address=1250 Siskiyou blvd

theCookies[2] = city=Ashland

Question: What's in theCookies[3]?

Server Side Programming• Server side processing: starts where JavaScript leaves off

• Advantages– Different browsers don't execute the script differently– There is only one server, not millions of browsers to worry about

• Examples of server side languages– Php, perl, and Java servelets

• Capabilities– Create web pages that respond to user queries– Access databases and files stored on the server– Perform statistical analysis– Process forms– Many other features

Review Questions

• What is a cookie?

• What are three uses for cookies?

• How does a cookie get an expiration data?

• What does the split function do?

• Which cookies do browsers write to disk? When?

• Give an example of a limitation of JavaScript.