Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sessions, Cookies, &.htaccess IT 210. Procedural Issues  Quiz #3 Today!  Homework #3 Due Friday at midnight UML for Lab 4  Withdraw Deadline is Wed,

Published byRaymond Owen Modified over 8 years ago

Similar presentations

Presentation on theme: "Sessions, Cookies, &.htaccess IT 210. Procedural Issues  Quiz #3 Today!  Homework #3 Due Friday at midnight UML for Lab 4  Withdraw Deadline is Wed,"— Presentation transcript:

1 Sessions, Cookies, &.htaccess IT 210

2 Procedural Issues  Quiz #3 Today!  Homework #3 Due Friday at midnight UML for Lab 4  Withdraw Deadline is Wed, Feb 8 th  Resources and strategies when getting stuck?

3 Problem  HTTP is stateless  This causes problems when you want the server to “remember” a user (e.g., checkout baskets, customized presentation).  This problem is solved by using cookies and sessions

4 Sessions and Cookies

5

6 PHP Sessions  Remember: http is memoryless  “Sessions” provide temporary memory for web site access Created by server (e.g., PHP) Associative array (name  value pairs) Expires after ~15 minutes of inactivity Removed when browser is closed  Stored in cookies or on query string. Query string doesn’t allow for back button and has security problems UID, and program defined variables saved

7 Cookies are used for…  Session Management  Personalization  Web analytics

8 Cookies  Cookies Small text file stored in a file on client (“cookie jar”) Name/value pairs with expiration date, location, & source indicated. Can be secure (encrypted when HTTPS) or not  First party (from domain you’re visiting) vs Third Party (from different domain)  Session cookies (end when you close browser) vs persistent cookies (stored for long time and used when you revisit site)

9 Cookies  Set with: <?php //Calculate 60 days in the future //seconds * minutes * hours * days + current time $inTwoMonths = 60 * 60 * 24 * 60 + time(); setcookie('lastVisit', date("G:i - m/d/y"), $inTwoMonths); ?>  Retrieve with: $_COOKIE

10 Our goal: secure login  Secure?  Use PHP to read form, and check the results against a database If valid, set variable to ‘true’, otherwise ‘false’ Column NameTypeNullPrimary KeyExtra user_idint(8)NoPKAUTO usernamevarchar(11)No passwordvarchar(32)No

11 What is.htaccess  Method for remote web-server control  Support multiple users  A simple text file in a directory Called.htaccess

12 .htaccess  Built into Apache Other servers have other means Disabled by default  Put file into a directory to make site settings Controlled by closest file in the hierarchy

13 Performance Hit  If htaccess is turned on in Apache then Apache will look in every directory for an htaccess file and read it if it is there. If a file is requested out of a directory /www/htdocs/example, Apache must look for:  /.htaccess  /www/.htaccess  /www/htdocs/.htaccess  /www/htdocs/example/.htaccess  Lower file directives overrode higher ones

14 On the other hand …  It does allow users to control their own sub-directory tree without affecting others  There are other ways to do this but they require system-level access to Apache— which you may not want to give to users who each control their own sub-tree (website)

15 Use.htaccess to…  Customize error messages  Password protect sites  Block access by IP addresses  Block rippers and bots  Prevent hot linking (e.g., another site to embed images from your site)

16 Error messages ErrorDocument 400 /errors/badrequest.html ErrorDocument 401 /errors/authreqd.html ErrorDocument 403 /errors/forbid.html ErrorDocument 404 “Not here bucko !” ErrorDocument 500 /errors/serverx.html

17

18 Access control  Modify.htaccess: AuthUserFile /usr/local/myhome/.htpasswd AuthGroupFile /dev/null AuthName EnterPassword AuthType Basic require valid-user  Now, create a password file

19 .htpasswd  Put in a safe location  Username, password pairs Passwords are encrypted using a hash Eg: It210:cwQgdU78tJoCc See online site for generating passwordsonline site

20 Other commands  Block IPs order allow,deny deny from 123.45.6.7 deny from 012.34.5. allow from all  Block rippers RewriteEngine On RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR] RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR] RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR] RewriteCond %{HTTP_USER_AGENT} ^WebSauger RewriteRule ^.* - [F,L]

21 Finally  Block hot links These steal your intellectual property and your bandwidth! RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC] RewriteRule \.(gif|jpg|js|css)$ - [F]

Download ppt "Sessions, Cookies, &.htaccess IT 210. Procedural Issues  Quiz #3 Today!  Homework #3 Due Friday at midnight UML for Lab 4  Withdraw Deadline is Wed,"

Similar presentations

LIS651 lecture 3 taming PHP Thomas Krichel 2007-04-15.

LIS651 lecture 3 taming PHP Thomas Krichel
LIS651 lecture 3 functions & sessions Thomas Krichel 2008-11-08.

LIS651 lecture 3 functions & sessions Thomas Krichel
CookiesPHPMay-2007 : [‹#›] Maintaining State in PHP Part I - Cookies.

CookiesPHPMay-2007 : [‹#›] Maintaining State in PHP Part I - Cookies.
UFCE8V-20-3 Information Systems Development 3 (SHAPE HK)

UFCE8V-20-3 Information Systems Development 3 (SHAPE HK)
Session Management A290/A590, Fall 2014 09/25/2014.

Session Management A290/A590, Fall /25/2014.
CSE 154 LECTURE 13: SESSIONS. Expiration / persistent cookies setcookie(name, value, expiration); PHP $expireTime = time() + 60*60*24*7; # 1 week.

CSE 154 LECTURE 13: SESSIONS. Expiration / persistent cookies setcookie("name", "value", expiration); PHP $expireTime = time() + 60*60*24*7; # 1 week.
Chapter 10 Maintaining State Information Using Cookies.

Chapter 10 Maintaining State Information Using Cookies.
APACHE SERVER By Innovationframes.com »

APACHE SERVER By Innovationframes.com »
Web Programming Week 10 Old Dominion University Department of Computer Science CS 418/518 Fall 2010 Martin Klein 11/02/10.

Web Programming Week 10 Old Dominion University Department of Computer Science CS 418/518 Fall 2010 Martin Klein 11/02/10.
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.

Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.
Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.

Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.
Class 8Intro to Databases Authentication and Security Note: What we discuss in class today covers moderate to low security. Before you involve yourself.

Class 8Intro to Databases Authentication and Security Note: What we discuss in class today covers moderate to low security. Before you involve yourself.
CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.

CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.
CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.

CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.
PHP Hypertext PreProcessor. Documentation Available www.php.netwww.w3schools.com SAMS books O’Reilly Books.

PHP Hypertext PreProcessor. Documentation Available SAMS books O’Reilly Books.
SIMPLE ROUTER The slide made by Salim Malakouti. Next we will create the Router  What do I we mean by a router?  Routers work similar to a map. It receives.

SIMPLE ROUTER The slide made by Salim Malakouti. Next we will create the Router  What do I we mean by a router?  Routers work similar to a map. It receives.
JavaScript, Fourth Edition

JavaScript, Fourth Edition
Working with Cookies Managing Data in a Web Site Using JavaScript Cookies* *Check and comply with the current legislation regarding handling cookies.

Working with Cookies Managing Data in a Web Site Using JavaScript Cookies* *Check and comply with the current legislation regarding handling cookies.
CSE 154 LECTURE 12: COOKIES. Including files: include include(filename); PHP include(header.html); include(shared-code.php); PHP inserts the entire.

CSE 154 LECTURE 12: COOKIES. Including files: include include("filename"); PHP include("header.html"); include("shared-code.php"); PHP inserts the entire.
Set 13: Web Servers (configuration and security) (Chapter 21) IT452 Advanced Web and Internet Systems.

Set 13: Web Servers (configuration and security) (Chapter 21) IT452 Advanced Web and Internet Systems.

Similar presentations

Ads by Google