Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mark Dixon 1 03 – Passing Data between pages: Forms, Sessions, & Query Strings.

Published byPriscilla Morgan Modified over 8 years ago

Similar presentations

Presentation on theme: "Mark Dixon 1 03 – Passing Data between pages: Forms, Sessions, & Query Strings."— Presentation transcript:

1 Mark Dixon 1 03 – Passing Data between pages: Forms, Sessions, & Query Strings

2 Mark Dixon 2 Session Aims & Objectives Aims –To introduce the fundamental ideas involved in passing data between pages Objectives, by end of this week’s sessions, you should be able to: –pass data between pages, using: Self Posting Query Strings Session Variables Cookies

3 Mark Dixon 3 Example: Logon v2 (design) Restrict access to home page

4 Mark Dixon 4 Example: Logon v2 (code) <% String un; String pw; String msg = ""; if (request.getParameter("btnLogon") != null){ un = request.getParameter("txtUserName"); pw = request.getParameter("txtPassWord"); if (un.equals("mark") && pw.equals("soft234")){ response.sendRedirect(“Home.html"); }else{ msg = "Login details incorrect."; } %> Please logon: Logon.jsp My Home page Welcome to my home page. Home.html

5 Mark Dixon 5 Example: Logon (Fixed Problem) View Source – shows client-side script: No server-side code

6 Mark Dixon 6 Example: Logon (Problem 2) User can type home page url (address) directly (bypassing logon page)

7 Mark Dixon 7 Solution Need way for: –password page to tell home page –that user logged in OK

8 Mark Dixon 8 Technique: Dead-Drop Variables 2 Spies wish to pass message between each other without actually meeting Arrange a dead-drop location –one spy leaves message at location –other spy visits location later to pick up message Variables used as dead-drop containers

9 Mark Dixon 9 <% Boolean LogonOK ; if ( LogonOK == false){ response.sendRedirect("Logon3.jsp"); } %> My Home page Welcome to my home page. Home3.jsp <% String un; String pw; String msg = ""; Boolean LogonOK; LogonOK = false; if (request.getParameter("btnLogon") != null){ un = request.getParameter("txtUserName"); pw = request.getParameter("txtPassWord"); if (un.equals("mark") && pw.equals("soft234")){ LogonOK = true; response.sendRedirect("Home3.jsp"); }else{ msg = "Login details incorrect."; } %> Please logon: Logon3.jsp Example: Logon v3 (code)  Does not work  Variables do not persist between pages LogonOK True

10 Mark Dixon 10 Example: Logon v3 (Error) Variables – don't persist between pages

11 Mark Dixon 11 Passing Data (temporary) Session object –used to pass information between pages: –exists for current session –persist between pages –clears if user closes browser –clears after 20 mins of inactivity –no need for declaration session.setAttribute("Thing", 91); Put 91 into Thing

12 Mark Dixon 12 Maintaining State: Session Object <% if (request.getParameter("btnSend") != null){ session.setAttribute("MSG", "Meet in BGB202"); }else if (request.getParameter("btnClear") != null){ session.invalidate(); } %> JSP Page Display Send.jsp Session variable –all objects –no declaration invalidate method –deletes all session variables

13 Mark Dixon 13 Maintaining State: Session Object <% String s = ""; if (session.getAttribute("MSG") != null){ s = session.getAttribute("MSG").toString(); } %> JSP Page Message: Display.jsp read session variable, and display

14 Mark Dixon 14 Example: Message Using Session variable: <% if (request.getParameter("btnSend") != null){ session.setAttribute("MSG", "Meet in BGB202"); }else if (request.getParameter("btnClear") != null){ session.invalidate(); } %> JSP Page Display Send.jsp <% String s = ""; if (session.getAttribute("MSG") != null){ s = session.getAttribute("MSG").toString(); } %> JSP Page Message: Display.jsp MSG Meet in BGB202

15 Mark Dixon 15 Questions: Session Variables Write a line of code to put the number 74 into a session variable called id. Write code that puts 'Hello' a variable called msg if the session variable called id is equal to 74 session.setAttribute("id", 74); if (session.getAttribute("id") == 74){ msg = "Hello"; }

16 Mark Dixon 16 Passing Data (temporary) Query Strings –Useful for passing information between pages via links

17 Mark Dixon 17 Maintaining State: Query Strings Data added to end of URL (address): page.jsp?Surname=Bob JSP code can use this data: –request.getParameter("Surname") would return the value "Bob" Form method=get –data automatically added to query string Query String

18 Mark Dixon 18 Example: Date-Time What background colour do you want for you date information? Yellow Light Blue Menu.jsp > The date is. DateTime.jsp

19 Mark Dixon 19 store small textual data on user's (client) computer –Actual location varies with platform (Windows, Linux, etc.) C:\Documents and Settings\UserName\Local Settings\Temporary Internet Files –e.g. (from www.amazon.co.uk) session-id-time 2082758401l amazon.co.uk/ 1536 2679150208 31961202 4219423488 30182897 Cookies: What

20 Mark Dixon 20 has 6 parts: –Name –Value –Domain –Path –Expiration –Security flag Name and Value are required –others have default values 20 Cookies: Parts

21 Mark Dixon 21 1.create cookie object 2.Constructor takes 2 parameters: –name and value (both Strings) 3.add cookie to response Cookies: Creating Cookie c; c = new Cookie("X", "23"); response.addCookie(c); Note: –any number of cookies can be created and added –cookies with same name are replaced

22 Mark Dixon 22 1.get cookies using request.getCookies –cookies are in an array 2.process the cookies: –use loop –getName returns name –getValue returns value Cookies: Reading Cookie[] cookies; cookies = request.getCookies(); for(int i=0; i<cookies.length; i++){ // cookies[i].getName() // cookies[i].getValue() }

23 Mark Dixon 23 browsers don’t always accept cookies –most modern browsers support cookies –still a few people using very old browsers often the user turns cookies off! –user concerned with what server is doing with information about them then probably turn cookies off can be used to transfer sensitive information in clear text NOT a serious security threat ( no viruses) Cookies: Disadvantages

24 Mark Dixon 24 Example: Message 2 (cookies) <% Cookie c; if (request.getParameter("btnSend") != null){ c = new Cookie("MSG", "Meet in SMB109"); c.setMaxAge(3600); // 1 hour (60 * 60) response.addCookie(c); }else if (request.getParameter("btnClear") != null){ c = new Cookie("MSG", null); c.setMaxAge(0); // delete cookie. response.addCookie(c); } %> JSP Page Display Send.jsp <% Cookie[] cookies; int i; String s = ""; cookies = request.getCookies(); if (cookies != null){ for(i=0; i<cookies.length; i++){ if (cookies[i].getName().equals("MSG")){ s += cookies[i].getValue() + " "; } %> JSP Page Message: Display.jsp MSG Meet in BGB202

25 Mark Dixon 25 Example: Message 2 (add cookies) <% Cookie c; if (request.getParameter("btnSend") != null){ c = new Cookie("MSG", "Meet in SMB109"); c.setMaxAge(3600); // 1 hour (60 * 60) response.addCookie(c); }else if (request.getParameter("btnClear") != null){ c = new Cookie("MSG", null); c.setMaxAge(0); // delete cookie. response.addCookie(c); } %> JSP Page Display Send.jsp Cookie c; if (request.getParameter("btnSend") != null){ c = new Cookie("MSG", "Meet in SMB109"); c.setMaxAge(3600); // 1 hour (60 * 60) response.addCookie(c); }else if (request.getParameter("btnClear") != null){ c = new Cookie("MSG", null); c.setMaxAge(0); // delete cookie. response.addCookie(c); }

26 Mark Dixon 26 Example: Message 2 (get cookies) <% Cookie[] cookies; int i; String s = ""; cookies = request.getCookies(); if (cookies != null){ for(i=0; i<cookies.length; i++){ if (cookies[i].getName().equals("MSG")){ s += cookies[i].getValue() + " "; } %> JSP Page Message: Display.jsp Cookie[] cookies; int i; String s = ""; cookies = request.getCookies(); if (cookies != null){ for(i=0; i<cookies.length; i++){ if (cookies[i].getName().equals("MSG")){ s += cookies[i].getValue() + " "; }

27 Mark Dixon 27 Reference: Server Object Model request object: calling web page –getParameter: used to get form and query-string data from page –getCookies: used to get cookie data from page response object: web page sent back –sendRedirect: used to navigate to other page session object: store data between pages –setAttribute: stores data –getAttribute: gets data –invalidate: clears session data

28 Mark Dixon 28 Passing Data (persistent) Cookies –stored on users’ (client) hard drive –persists between sessions –can be viewed by client –sent over http Database/file (covered in later lectures) –stored on server hard drive –persists between sessions –cannot be accessed directly by client

29 Mark Dixon 29 Tutorial Exercise: Message LEARNING OBJECTIVE: pass data between pages using session variables, and (form) self- posting Task 1: Get the message example working (from the lecture) Task 2: Change the send.jsp page so that when you click the buttons it gives some feedback as to what has happened.

30 Mark Dixon 30 Tutorial Exercise: Logon LEARNING OBJECTIVE: pass data between pages using session variables, and (form) self- posting Task 1: Type in the code for the Logon v3 example (from the lecture) NOTE: this will not work properly (variables do not persist between pages) Task 2: Modify this to use a session variable to 'remember' whether the logon was successful. Note: It should not be possible to view the source code Note: It should not be possible to bypass the logon

31 Mark Dixon 31 Tutorial Exercise: Date LEARNING OBJECTIVE: pass data between pages using query strings Task 1: Get the Date-Time example (from the lecture) working Task 2: Modify your page to provide another choice of background colour.

32 Mark Dixon 32 Tutorial Exercise: Message 2 LEARNING OBJECTIVE: pass data between pages using cookies Task 1: Get the message 2 example working (from the lecture) Task 2: Change the send.jsp page so that the user can change the text that is sent hint: add a text box

Download ppt "Mark Dixon 1 03 – Passing Data between pages: Forms, Sessions, & Query Strings."

Similar presentations

MFA for Business Banking – Security Code Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing these QT sheets.

MFA for Business Banking – Security Code Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing these QT sheets.
Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.

Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
Copyright © 2004 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Mark Dixon Page 1 16 – Passing Data between pages: Forms, Sessions, & Query Strings.

Mark Dixon Page 1 16 – Passing Data between pages: Forms, Sessions, & Query Strings.
Mark Dixon, SoCCE SOFT 131Page 1 20 – Web applications: HTML and Client-side code.

Mark Dixon, SoCCE SOFT 131Page 1 20 – Web applications: HTML and Client-side code.
Mark Dixon Page 1 15 – Web applications: Server-side code (ASP)

Mark Dixon Page 1 15 – Web applications: Server-side code (ASP)
Mark Dixon, SoCCE SOFT 131Page 1 16 – Passing Data between pages: Sessions, Query Strings, & Self Posting.

Mark Dixon, SoCCE SOFT 131Page 1 16 – Passing Data between pages: Sessions, Query Strings, & Self Posting.
JavaScript ICW: Lecture 11 Tom Chothia. Last Lecture URLs Threads, to make a process run in parallel: Make it extend Thread Give it a run method Call.

JavaScript ICW: Lecture 11 Tom Chothia. Last Lecture URLs Threads, to make a process run in parallel: Make it extend Thread Give it a run method Call.
XP Tutorial 9 New Perspectives on JavaScript, Comprehensive1 Working with Cookies Managing Data in a Web Site Using JavaScript Cookies.

XP Tutorial 9 New Perspectives on JavaScript, Comprehensive1 Working with Cookies Managing Data in a Web Site Using JavaScript Cookies.
Session Management A290/A590, Fall 2014 09/25/2014.

Session Management A290/A590, Fall /25/2014.
Mark Dixon Page 1 15 – Web applications: Server-side code (ASP)

Mark Dixon Page 1 15 – Web applications: Server-side code (ASP)
Mark Dixon, SoCCE SOFT 131Page 1 19 – Web applications: Server-side code (ASP)

Mark Dixon, SoCCE SOFT 131Page 1 19 – Web applications: Server-side code (ASP)
Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.

Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.
 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.

 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.
Welcome to the Southeastern Louisiana University’s Online Employment Site Applicant Tutorial!

Welcome to the Southeastern Louisiana University’s Online Employment Site Applicant Tutorial!
MIT AITI 2004 JSP – Lecture 2 Get and Post Requests.

MIT AITI 2004 JSP – Lecture 2 Get and Post Requests.
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.

Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.
Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.

Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.
Mark Dixon Page 1 19 – Passing Data between pages: Forms, Sessions, & Query Strings.

Mark Dixon Page 1 19 – Passing Data between pages: Forms, Sessions, & Query Strings.
Comp2513 Forms and CGI Server Applications Daniel L. Silver, Ph.D.

Comp2513 Forms and CGI Server Applications Daniel L. Silver, Ph.D.

Similar presentations

Ads by Google