Presentation on theme: "Session Management A290/A590, Fall 2014 09/25/2014."— Presentation transcript:
Session Management A290/A590, Fall 2014 09/25/2014
Updates No office hours today, but I will be available tomorrow, Fri Sep 26, from 12:45pm to 2:15pm in Info West 109 (our regular room) Lab 4 extended to tomorrow night Lab 5 has been posted
Hidden Fields Allow for information to be passed between a form to CGI script. The Submit button must be clicked for the hidden information to be passed. The information is not saved on either the client or the server. It is passed from the client every time the form is submitted.
Browser Cookies Allow for a server script to save data on the client (the browser). When accessing a web page/script, the browser automatically sends the cookies associated with that page (as determined by the Domain and Path fields of the cookie) The data is stored on the client, so there is no need to submit a form to facilitate the data transfer.
Session Files All data related to a browser session is stored on the server in a session file. – or as we'll learn later, in a database How do we know which session file is associated with which browser session? – The first time a server script is loaded, it can generate a unique session ID and store it in a cookie on the browser. – When the script is loaded subsequently, the browser sends it the session ID cookie, and the server will know which session file to use. What is the format of the session file? – Whatever you make it. A simple text file to keep track of name/value pairs is all that's required.
Session Files Session files are more efficient than cookies, since only the session ID needs to be sent, not all session information. Session files are more secure than cookies, since they can't be tampered with on the client.
Session Files in Lab 4 You will need to write a small session file management component. It should be able to: – generate a random session id using uuid.uuid4() if one doesn't already exists – retrieve the session id from the cookie sent by the browser (you know how to do this already!) – create a text file with the same name as the session id – store and retrieve the session information to and from the file
GET vs POST Remember the forms we wrote before… …
GET vs POST Both are HTTP request methods GET requests data from the server POST submits data to be processes on the server But… – We can still use a GET request and provide some input to the server through the query string – e.g.: silo.soic.indiana.edu:10053/cgi- bin/process_options.py?name1=value1&name2=valu e2
GET vs POST GET requests… – can be cached by the browser – can be bookmarked – remain in browser history – have length restrictions POST requests… – can't be cached, bookmarked or kept in the browser history – don't have length restrictions
GET vs POST GET requests… – shouldn't be used when dealing with sensitive data – should only be used to retrieve data POST requests – should be used when user information (from forms) is submitted to the server
GET vs POST and Lab 5 Relevant to the Starting Page in Lab 5 – You need to be able to display a set of links to different quizes – The quiz identifier can be submitted through the query string, e.g. silo.soic.indiana.edu:10053/cgi- bin/take_quiz.py?quizid=123456789