1 / 11

Persistent Client State Storage A problem with Web pages

Persistent Client State Storage A problem with Web pages. A traditional (static) Web page is individual and cannot affect other pages Static pages can only store and retrieve user information via CGI scripting Scenario: Initial page gets preferences, user ID, password

amalia
Download Presentation

Persistent Client State Storage A problem with Web pages

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Persistent Client State StorageA problem with Web pages • A traditional (static) Web page is individual and cannot affect other pages • Static pages can only store and retrieve user information via CGI scripting • Scenario: • Initial page gets preferences, user ID, password • Subsequent pages use information to customise display (colours, data content)

  2. Persistent Client State StorageWhat is “state”? • “State” is any data that gets stored for use by multiple pages • State information can be stored and retrieved by a server through CGI scripting • Server-side solutions have many disadvantages: • constant prompting for ID (or less secure identifiers) • clogs up the server • increases net traffic

  3. Persistent Client State StorageClient-Side Storage - Cookies • State information can be locally stored and retrieved by a browser through the “cookie” mechanism • The three main disadvantages of cookies are: • User resistance – web sites store info on your machine! • Compatibility – all modern, full-scale browsers • Targeted by malware (spyware, XSS) • Cookies solve some of the server-side problems

  4. Persistent Client State StorageCookies • Cookies can be read and written by server-side applications or client-side applications • Cookies were developed for server-side use, client-side support came later • A cookie is a bit of structured text stored locally by the browser (in memory, a file or a database) • Cookies are intended to be small (<4KB) and each site is limited to 20 current cookies

  5. Persistent Client State StorageCookies • By default, cookies are kept in memory and expire when the browser session finishes • By default, a cookie is only accessible to the site that created it – to any pages in the site directory (or in subdirectories off the main directory) • By default, cookies are not secure. Cookies are only secure if the system is using HTTPS (secure HTTP) or some other secure system

  6. Persistent Client State StorageCookies • Client-side storage of user data is great for users with one browser on one computer… • Server-side storage of user data is clumsy but is able to follow the user • Pick and choose your data storage method based on the needs of your users • Cookies are officially the “HTTP Persistent Client State Mechanism”

  7. Persistent Client State StorageStructure of a Cookie SomeName=SomeValue • Note that the cookie’s value cannot hold white space, commas or semicolons. • Expires=date-info [optional] Absolute timeMax-Age=secs [optional] Relative timeDomain=domain-name [optional]Path=path-info [optional] Change visibilitySecure[optional] HTTPS: onlyHttpOnly [optional] No JS access

  8. Persistent Client State StorageWriting Cookies in JavaScript // prompt the user for a name sName = window.prompt("Enter your name"); // now build a string including an expiry date var sCookie = "n=" + sName + "; expires=Friday, 31-Dec-2010 23:59:00 GMT"; // add the information to the cookie store document.cookie = sCookie;

  9. Persistent Client State StorageWriting cookies in PHP <?php // sets a cookie called “DSATest3” to last 5 minutes setcookie(“DSATest3", $value, time()+5*60); ?> <html> <!- - setting a cookie must come before any HTML - -> … </html>

  10. Persistent Client State StorageReading Cookies in PHP <html> … <!- - Header stuff goes here - -> <body> <?php $sCookie = $_COOKIE["DSATest3"]; echo "<h2>Cookie value is $sCookie</h2>"; ?> </body> </html>

  11. Persistent Client State StorageThe Cookie Specification & Info • Internet Engineering Task Force (IETF) Request for Comments: 6265(http://tools.ietf.org/html/rfc6265) • HTTP cookie: Wikipedia, the free encyclopedia • How to Create Totally Secure Cookies (Treehouse) • PHP setcookie() function (W3Schools)

More Related