Maintaining State

Maintaining State MIS 324 Professor Sandvig

Maintaining State • Client-Server Model • Tools: • Cookies • Session • Security

Client-Server Model • Communication is intermittent • Server needs to know “state” of each client • Logged in • UserID • Items in cart • Etc. • Solution: cookies

Cookies • Stored on user’s computer • Included with each request

Cookies • Persist between sessions Source: https://docs.microsoft.com/en-us/aspnet/web-api/overview/advanced/http-cookies

Cookies • Write: • Single value per cookie: • Response.Cookies[“Name”].Value = “Bart”; • Multiple values per cookie • Response.Cookies[“Name”][“First”] = “Bart”; • Response.Cookies[“Name”][“Last”] = “Simpson”; • Read • Request.Cookies[“Name”].Value; • Request.Cookies[“Name”][“First”].Value; • Where • Controller handles http requests • Is logical location for reading and writing cookies

Cookies • Expiration: • Default: when browser is closed • Response.Cookies[“CookieName”].Expires = DateTime.Now.AddDays(180); • Delete Cookie: set expiration to past (-1)

Cookies • Testing for cookie • Attempt to read a cookie that is not present:Error: Object reference not set to an instance of an object • Solution: If (Request.Cookies[“Name”] != null) { //safe to read cookie name = Request.Cookies[“Name”] .Value;}

Cookies • Amazon.com

Cookies • User can block • Chrome • Can’t do much…

Cookies • Gmail

Cookies • Benefits: • Persist between sessions • Keep track of usernames, last visit, etc. • Easy to use • Drawbacks: • Client can block • Not secure • Example: output (see handout for source)

2. Sessions • Data stored on server • Server create unique session ID for each user • Session data stored in server memory • Create: • Session[“LastName”] = “Simpson”; • Delete • Session.Abandon; – Deletes the session • Session.Remove[“LastName”]; – removes items

Sessions • Uses cookie to pass SessionID with each request • User must have cookies enabled • Class example view with Chrome developer tools:

Sessions • Expiration • Default: 20 minutes • Session.Timeout = 60; • Benefits • Secure • Client cannot view, edit, delete • Automatic timeout • Drawbacks • Do not persist • Require cookies • Use server resources

Security • Session hijacking • Cookie Hijacking • Thief steals sessionID • Impersonates user • Session Hijacking

Security • Solution • SSL • Browser IDs server • Encrypts all data

Security • Require SSL for project - easy • Add to Global.asax • GlobalFilters.Filters.Add(new RequireHttpsAttribute()); • Not in MIS 324 • Too many issues with Visual Studio in labs

Summary • Two options for maintaining state: • Cookies • Text stored by browser • Passed with each request • Persists between sessions • Sessions • Data stored in server memory • Secure • Auto timeout • Depends upon cookies for SessionID

Maintaining State

Maintaining State

Presentation Transcript

Maintaining State in PHP

Maintaining Isolation

Maintaining State in PHP Part I - Cookies

Maintaining Application State

Maintaining State in PHP with Sessions

MAINTAINING ANESTHESIA

MAINTAINING CULTURE

Maintaining Accreditation

Maintaining Access:

Maintaining Momentum

Maintaining competence

Maintaining Access

Maintaining Momentum

Maintaining Homeostasis

Maintaining Margin

Maintaining Excellence

Maintaining Excellence

Maintaining State Between the Client and Server

Maintaining State in PHP Part I - Cookies

Maintaining

Maintaining Excellence