creating databases for web applications cookie examples lab time: favorites cookies & sessions...
TRANSCRIPT
Creating Databases for Web Applications
cookie examples
lab time: favorites
cookies & Sessions
class time for group work/questions on projects
Next class: presentations
cookies• are entries into a file called cookies.txt on the client
computer– can be placed there by client-side or server-side code.
Server side code uses the HTTP header to set the cookie.
• used for things such as IDs and preferences. Used to compensate for HTTP being 'stateless'
• alternatives are storing information in– databases – so-called session variables held on the server (one per
client)– the URL call (like method=get form data)
Samples
• php: set cookie, no expiration. This means cookie goes away when the browser is closed.
• php: set cookie, 5 minute expiration
• asp/JavaScript: set cookie, no expiration.
• asp/JavaScript: set cookie, 5 minute expiration
on sharon.ns.purchase.edu/jeanine
cookie.php
cookie5min.php
cookie.asp
cookie5min.php
Question: does the cookie know if it is asp or php?
<?php if (@($submitted)) {
setcookie("ccname",$cname);setcookie("ctype",$type);?><html><head><title>Use cookie </title></head><body><h1> Welcome<?print ("$cname! </h1>\n");print ("<br>You like $type cookies.");
?></body></html><? }
before anything else sent to browser
else { ?><html><head><title>Form for cookies </title></head>
<body><form action="cookies.php" method=post>Your name <input type=text name='cname' value='<? print (@$ccname); ?> '><br>Your favorite cookie <input type=text name='type' value='<? print (@$ctype); ?> '><br><input type=hidden name='submitted' value=TRUE>
<input type=submit value='send info'> <input type=reset value='reset'>
</form></body></html><? } ?>
<?php if (@($submitted)) {
setcookie("ccname",$cname,time()+5*60);setcookie("ctype",$type, time()+5*60);
?><html><head><title>Use cookie </title></head><body><h1> Welcome<?print ("$cname! </h1>\n");print ("<br>You like $type cookies.");
print("<br>The time in seconds is "); print(time()); ?>
</body></html><? }
else { ?><html><head><title>Form for cookies </title></head>
<body><form action="cookies5min.php" method=post>Your name <input type=text name='cname' value='<? print (@$ccname); ?> '><br>
Your favorite cookie <input type=text name='type' value='<? print (@$ctype); ?> '><br><input type=hidden name='submitted' value=TRUE><input type=submit value='send info'>
<input type=reset value='reset'></form></body></html><? } ?>
<%@ Language=JavaScript %><% var submitted=String(Request.Form("submitted")); if (submitted !="undefined") { sname=String(Request("cname")); stype=String(Request("type"));
Response.Cookies("ccname") = sname;Response.Cookies("ctype") = stype; %><html><head><title>Use cookie </title></head><body><h1> Welcome
<% Response.Write (sname + "</h1>\n"); Response.Write ("<br>You like "+ stype +" cookies.");
%></body> </html><% }
else { %><html><head><title>Form for cookies </title></head>
<body><form action="cookies.asp" method=post>Your name <input type=text name='cname' value='<% fromcookiename=Request.Cookies("ccname");
Response.Write(fromcookiename);%> '><br>
Your favorite cookie <input type=text name='type' value='<% fromcookietype=Request.Cookies("ctype");
Response.Write(fromcookietype); %> '> <br><input type=hidden name='submitted' value=TRUE><input type=submit value='send info'>
<input type=reset value='reset'></form> </body> </html><% } %>
ASP
The time expiration needs to be an asp datatype called variant.
Need to convert the JavaScript date object to that type:
var later=new Date(); //get now
later.setMinutes(later.getMinutes()+5 ); // add 5
Response.Cookies("ccname").expires =later.getVarDate();
<%@ Language=JavaScript %><% var submitted=String(Request.Form("submitted")); if (submitted !="undefined") { sname=String(Request("cname")); stype=String(Request("type")); var later=new Date(); //get now later.setMinutes(later.getMinutes()+5 ); // add 5Response.Cookies("ccname") = sname;Response.Cookies("ccname").expires =later.getVarDate();
Response.Cookies("ctype") = stype; Response.Cookies("ctype").expires = later.getVarDate();%><html><head><title>Use cookie </title></head><body><h1> Welcome<% Response.Write (sname + "</h1>\n");Response.Write ("<br>You like "+ stype +" cookies.");Response.Write("<br> Later is " + later); %>
</body> </html><% }
<html><head><title>Form for cookies </title></head> <body> <form action="cookies5min.asp" method=post>
Your name <input type=text name='cname' value='<%
fromcookiename=Request.Cookies("currentclientname"); Response.Write(fromcookiename);%> '>
<br>Your favorite cookie <input type=text name='type' value='<% fromcookietype=Request.Cookies("ctype");
Response.Write(fromcookietype); %> '><br><input type=hidden name='submitted' value=TRUE><input type=submit value='send info'><input type=reset
value='reset'></form> </body> </html><% } %>
Experiment
• do [one of the] cookies.php or cookies.asp• go to another site, and go back to this script.• exit the browser.• try cookies5min• exit the browser, but re-invoke browser and go the
script.• exit the browser and right 5 minutes and then re-
invoke the browser and go to the script.
Explore
• Find the cookies.txt file on your lab computer and your home or office computer
• On my home computer, it was onc\Program Files\Netscape\users\jeanine
in the cookies.txt file
• sharon.ns.purchase.edu FALSE /FALSE 1004721406 ctype
chocolate+chip+
• sharon.ns.purchase.edu FALSE /FALSE 1004721406
currentclientname +Mommy
Cookies• name & value
– can also be a collection (complex cookie): name, keys and values
• Optionally, set– domain (purchase.edu would mean that sharon.ns.purchase.edu,
rachel.ns.purchase.edu, etc. could use the cookie)– path (restriction to folders within domain)– secure: True or False (only set if browser using secure
connection)
• Limits: each cookie <= 4kB (Netscape), number of cookies also limited (oldest deleted to make room for newest): limit sent per domain (20) and limit overall (300)
cookie parameters
• php– setcookie(string name, string value, int expire,
string path, string domain, int secure)
• asp– Response.Cookies(name).Domain =
domainstring– Response.Cookies(name).Path = pathString– Response.Cookies(name).Secure= True
deleting cookies
• set same name cookie to no value setcookie("cclient","");– php: If you have specified a domain or path, you need
to mention those attributes again in the setcookie call.
Response.Cookies("cclient")="";
• set same name cookie to have past expiration timesetcookie("cclient","", time()-60);
Response.Cookies("client").Expires="1/1/1980"
Caution
• Cookies are browser dependent– Look at the Cookies folder in Windows for the
IE cookies
• Cookies are not dependent on asp or php: that is, – php reads cookies set by asp and – asp reads cookies set by php
Sessions
• A session is the time a client spends on a site. • A session id is stored (as a cookie) on the client
OR passed along via the URLs (using php only). The id is a key to session information stored on the server for each client.– Php sessions will work even if cookies have been
disabled by the person using the browser
• Session information is stored on the server.
Sessions: php• session_start(); called at each script using the
session variables• $total = ….• $cart["pencils"] = $qty;• $cart[$productname] = $productqty;• session_register("total");• session_register("cart");• … in another script, can use $cart and $total.• $result = session_is_registered("total");• session_unregister("total");• session_destroy();
Sessions: asp
Session(sessionvariablename)= ….;
= Session(sessionvariablename)
Session(“cust_name”) = custname;
Again, session variables can be scalar (simple) or complex, such as arrays or associative arrays (aka hashes or collections).
Authentication (briefly)• Sessions• In forms, use method= post & <input type=password
…>– 'over the shoulder' security
• Re-direction: invoking another script• must be before anything else sent to browser• php: header("Location: otherpage.php"); exit;• asp: Response.Redirect("otherpage.asp");
• In re-direction and links, can add parameters: header("Location:page2.php?user=$username");
• php: crypt(), md5()• asp/JavaScript: use on-line sources. May need to code
your own or purchase plugin.
Homework
• Keep working on enhancement projects– First presentation due class after break (3/23)
• Present requirements (yours and your 'system owner' and 'system user'
– Final presentation (of enhanced projects) due following week (3/30)
• Your proposal for your own original project due week after. (4/6)