Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS453: State in Web Applications (Part 1) State in General Sessions (esp. in PHP) Prof. Tom Horton.

Published byAnthony Crawford Modified over 8 years ago

Similar presentations

Presentation on theme: "CS453: State in Web Applications (Part 1) State in General Sessions (esp. in PHP) Prof. Tom Horton."— Presentation transcript:

1 CS453: State in Web Applications (Part 1) State in General Sessions (esp. in PHP) Prof. Tom Horton

2 Readings Textbook: –Pages 155-158; On the web: On-line book:

3 State, Stateless, HTTP We say HTTP is stateless –From one request from client/server to the next, the server: Doesn’t remember anything Can’t associate previous request with current request Advantages: simpler protocol and implementations But we need state for real apps

4 State and Sessions State –Variable/info we store and have repeated access to “We” is client-side app and server-side app Session –A sequence of interactions for which we remember state

5 One form of state: Cookies You remember cookies? Clearly an example of state –Stored on disk on client-side –Readable and writable by JavaScript –Readable and writable by server-side scripts Issues? –Security, nuisance, abuse, expiration, limitations on number, size, …

6 Where to Keep State? In server-side application –In Apache etc.? Why not a good idea? –In memory in the server-side program? On the server’s file-system –In files or DBMS –Now: must have user-id or session-id, and pass it around (and manage it)

7 Where to Keep State? (2) On the client? –On the file system: Cookies –In memory in the client Is this possible? Advantages: can’t access through JavaScript, hacking, etc. For any of these, passing things back and forth is still needed

8 Solutions Dynamic URLs –Input some information into the URL –Forms, CGI: GET method Cookies Hidden input fields in forms –Not displayed, but in HTML –Dynamic/changeable with JavaScript Java applets –Why does this solve the state issue?

9 PHP Sessions You’ve seen how PHP supports cookies PHP also support sessions directly without using cookies The key ideas: –Functions to start and end sessions –PHP and browser share a set of variables “cleanly” with little effort on your part –For a single session While the browser is open, and… Between your PHP calls to start and end session

10 What’s Shared $_SESSION –An associative array (super-global, like for POST or cookies) A session-id –Get it with PHP function session-id() –But you don’t really need it

11 Starting a Session First line in script: start_session(); Either –Creates a new session –Or “re-loads” current session Your browser knows if a session is active –So pages using sessions should always start with this

12 Ending a Session At some point your know you’re done. So just call: destroy_session(); Cleans up $_SESSION and session-id

13 Session Variables Use $_SESSION as any associative array –Re-loaded with persistent values by start_session() –As usual, not a good idea to use extract(). –POST variables can over-write these –Don’t forget isset() function

14 Example Live on-line example

15

16 Web sessions Textbook: pages 285-286 Custom URL method –First form http://www.com/path/script.cgi?args&sessionID The script does the work –Second form: http:/www.com/path/sessionID/more/path The server knows how to handle this

17 Where to Store Info (Revisited) What’s a “three-tier” architecture –client, server, database E.g. browser plus PHP and MySQL on server –but other possibilities Other possibilities: federated systems –Cooperating distributed systems that handle certain tasks –Examples: authentication (e.g. MS Passport), wallets, credit card processing, shippers, etc.

18 Some Rules of Thumb Considering storing on the client when: –It’s info where security is crucial –Where OK if info not available when a different machine is used –Where info used by more than one application or page

19 Custom client application We think of web browser as the client application But businesses could supply a custom SW application Advantages/Disadvantages –Can keep more user-info secure –But: user must install/update client app –Can't use it anywhere on any system

20 Shopping Carts Textbook, Chap 16

21 Shopping Cart Basics What’s the metaphor here? –Just a “trolley” in a physical store?

22 Shopping Cart Basics To the business, cart eventually is like a sales order or purchase order –The latter is an accepted sales order Header data –Info on buyer, shipping, payment, etc. Line-item data –Item, SKU, quantity, price, etc.

23 Server-Side Shopping Carts Can be more complex in the real-world than you expect. Possible that: –Catalog stored/served separately than Cart Storage –Order system separate –Orders (carts?) sent to other systems (federated systems)

24 Persistence Issues How many carts? By user: –Wish-list, registry, etc. vs. “real” cart In system: Textbook example: –Session cart for anonymous user; session cart for authenticated user; cart on catalog server Other saved carts –Company systems where a third-party approves orders

25 Possible Features, Issues Quick orders –E.g Amazon one-click Configurators –E.g. ordering a computer at dell.com Order processing –To or by third-party organization Don’t forget: integrates with Catalog, Inventory

26 What Processing Is Done What do you remember?

27 What Processing Is Done? Shop, Add items “Edit” or update cart Checkout –Get shipping info –Get payment info and approve –Confirm order Send on to Purchasing

28 More Processing Done See text, pages 325f. Note that these steps part of recognized industry “pipelines” built into commercial e- commerce components/servers –Steps for verfication –Price adjustments; order (sub)totals –Taxes (!) –Shipping: Multiple shipments? –Validity of order?

29 Look and Feel What’s good? What’s not? Features you like?

Download ppt "CS453: State in Web Applications (Part 1) State in General Sessions (esp. in PHP) Prof. Tom Horton."

Similar presentations

Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.

Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.
Session 13 Active Server Pages (ASP) Matakuliah: M0114/Web Based Programming Tahun: 2005 Versi: 5.

Session 13 Active Server Pages (ASP) Matakuliah: M0114/Web Based Programming Tahun: 2005 Versi: 5.
Copyright 2004 Monash University IMS5401 Web-based Systems Development Topic 2: Elements of the Web (g) Interactivity.

Copyright 2004 Monash University IMS5401 Web-based Systems Development Topic 2: Elements of the Web (g) Interactivity.
Server-Side vs. Client-Side Scripting Languages

Server-Side vs. Client-Side Scripting Languages
DT228/3 Web Development multi page applications/ sharing data.

DT228/3 Web Development multi page applications/ sharing data.
Servlets and a little bit of Web Services Russell Beale.

Servlets and a little bit of Web Services Russell Beale.
1 CS6320 – Why Servlets? L. Grewe 2 What is a Servlet? Servlets are Java programs that can be run dynamically from a Web Server Servlets are Java programs.

1 CS6320 – Why Servlets? L. Grewe 2 What is a Servlet? Servlets are Java programs that can be run dynamically from a Web Server Servlets are Java programs.
XP Tutorial 9 New Perspectives on JavaScript, Comprehensive1 Working with Cookies Managing Data in a Web Site Using JavaScript Cookies.

XP Tutorial 9 New Perspectives on JavaScript, Comprehensive1 Working with Cookies Managing Data in a Web Site Using JavaScript Cookies.
Definitions, Definitions, Definitions Lead to Understanding.

Definitions, Definitions, Definitions Lead to Understanding.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Session Management A290/A590, Fall 2014 09/25/2014.

Session Management A290/A590, Fall /25/2014.
CSE 154 LECTURE 13: SESSIONS. Expiration / persistent cookies setcookie(name, value, expiration); PHP $expireTime = time() + 60*60*24*7; # 1 week.

CSE 154 LECTURE 13: SESSIONS. Expiration / persistent cookies setcookie("name", "value", expiration); PHP $expireTime = time() + 60*60*24*7; # 1 week.
Chapter 11 ASP.NET JavaScript, Third Edition. 2 Objectives Learn about client/server architecture Study server-side scripting Create ASP.NET applications.

Chapter 11 ASP.NET JavaScript, Third Edition. 2 Objectives Learn about client/server architecture Study server-side scripting Create ASP.NET applications.
Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.

Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.
Client/Server Architectures

Client/Server Architectures
Sys Prog & Scripting - HW Univ1 Systems Programming & Scripting Lecture 15: PHP Introduction.

Sys Prog & Scripting - HW Univ1 Systems Programming & Scripting Lecture 15: PHP Introduction.
1 Web Developer & Design Foundations with XHTML Chapter 6 Key Concepts.

1 Web Developer & Design Foundations with XHTML Chapter 6 Key Concepts.
INTRODUCTION TO WEB DATABASE PROGRAMMING

INTRODUCTION TO WEB DATABASE PROGRAMMING
Reading Data in Web Pages tMyn1 Reading Data in Web Pages A very common application of PHP is to have an HTML form gather information from a website's.

Reading Data in Web Pages tMyn1 Reading Data in Web Pages A very common application of PHP is to have an HTML form gather information from a website's.
Agenda Web Development Chapter 7 Review Class Discussion Issues.

Agenda Web Development Chapter 7 Review Class Discussion Issues.

Similar presentations

Ads by Google