_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

Slides:

Advertisements

Similar presentations

Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.

Advertisements

Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.

1 Chapter 5 – Handling HTML Controls in Web Pages spring into PHP 5 by Steven Holzner Slides were developed by Jack Davis College of Information Science.

Browsers and Servers CGI Processing Model ( Common Gateway Interface ) © Norman White, 2013.

DT211/3 Internet Application Development JSP: Processing User input.

PHP (2) – Functions, Arrays, Databases, and sessions.

DT228/3 Web Development multi page applications/ sharing data.

Servlets and a little bit of Web Services Russell Beale.

1 CS6320 – Why Servlets? L. Grewe 2 What is a Servlet? Servlets are Java programs that can be run dynamically from a Web Server Servlets are Java programs.

XP Tutorial 9 New Perspectives on JavaScript, Comprehensive1 Working with Cookies Managing Data in a Web Site Using JavaScript Cookies.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

1 The World Wide Web. 2  Web Fundamentals  Pages are defined by the Hypertext Markup Language (HTML) and contain text, graphics, audio, video and software.

Blackbaud Web Purchasing Training Session 1. Agenda What is Blackbaud Web Purchasing? How to login to Blackbaud Web Purchasing Create a purchase requisition.

Form Handling, Validation and Functions. Form Handling Forms are a graphical user interfaces (GUIs) that enables the interaction between users and servers.

Sys Prog & Scripting - HW Univ1 Systems Programming & Scripting Lecture 15: PHP Introduction.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

Chapter 9 Using Perl for CGI Programming. Computation is required to support sophisticated web applications Computation can be done by the server or the.

M. Taimoor Khan * Java Server Pages (JSP) is a server-side programming technology that enables the creation of dynamic,

PHP Tutorials 02 Olarik Surinta Management Information System Faculty of Informatics.

Reading Data in Web Pages tMyn1 Reading Data in Web Pages A very common application of PHP is to have an HTML form gather information from a website's.

INTERNET APPLICATION DEVELOPMENT For More visit:

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

CSCI 6962: Server-side Design and Programming Course Introduction and Overview.

Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.

Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.

About Dynamic Sites (Front End / Back End Implementations) by Janssen & Associates Affordable Website Solutions for Individuals and Small Businesses.

XP New Perspectives on Browser and Basics Tutorial 1 1 Browser and Basics Tutorial 1.

JavaScript, Fourth Edition

Managing Clients in the IEZ Quote System Objective: Become an expert in managing your clients in the IEZ Quote System.

CS453: State in Web Applications (Part 1) State in General Sessions (esp. in PHP) Prof. Tom Horton.

COMP3121 E-Commerce Technologies Richard Henson University of Worcester November 2011.

Chapter 8 Cookies And Security JavaScript, Third Edition.

_______________________________________________________________________________________________________________ PHP Bible, 2 nd Edition1  Wiley and the.

12/3/2012ISC329 Isabelle Bichindaritz1 PHP and MySQL Advanced Features.

Chapter 3 Servlet Basics. 1.Recall the Servlet Role 2.Basic Servlet Structure 3.A simple servlet that generates plain text 4.A servlet that generates.

Session tracking There are a number of problems that arise from the fact that HTTP is a "stateless" protocol. In particular, when you are doing online.

Lecture 8 – Cookies & Sessions SFDV3011 – Advanced Web Development 1.

Web Application Development * These slides have been adapted and modified from CoreServlets course material (Marty Hall) and LUMS cs391 (Umair Javed).

Chapter 8 Collecting Data with Forms. Chapter 8 Lessons Introduction 1.Plan and create a form 2.Edit and format a form 3.Work with form objects 4.Test.

 Whether using paper forms or forms on the web, forms are used for gathering information. User enter information into designated areas, or fields. Forms.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

Chapter 6 Server-side Programming: Java Servlets

Slide 7-1 CHAPTER 7 Managing Multiple-Form Applications: Writing scripts with multiple screens.

ITCS373: Internet Technology Lecture 5: More HTML.

Chapter 9 Session Tracking. Session Tracking Basics Accessing the session object associated with the current request: Call request.getSession to get an.

CSC 2720 Building Web Applications Server-side Scripting with PHP.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

® IBM Software Group © 2007 IBM Corporation Best Practices for Session Management

Java server pages. A JSP file basically contains HTML, but with embedded JSP tags with snippets of Java code inside them. A JSP file basically contains.

CSCI 6962: Server-side Design and Programming Java Server Faces Scoping and Session Handling.

Copyright © 2003 Pearson Education, Inc. Slide 7-1 The Web Wizard’s Guide to PHP by David Lash.

MEMBERSHIP AND IDENTITY Active server pages (ASP.NET) 1 Chapter-4.

Saving State on the WWW. The Issue  Connections on the WWW are stateless  Every time a link is followed is like the first time to the server — it has.

ECMM6018 Enterprise Networking for Electronic Commerce Tutorial 7

Online Catalog Tutorial. Introduction Welcome to the Online Catalog Tutorial. This is the place to find answers to all of your online shopping questions.

©SoftMooreSlide 1 Introduction to HTML: Forms ©SoftMooreSlide 2 Forms Forms provide a simple mechanism for collecting user data and submitting it to.

8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.

1 State and Session Management HTTP is a stateless protocol – it has no memory of prior connections and cannot distinguish one request from another. The.

ITM © Port,Kazman 1 ITM 352 Cookies. ITM © Port,Kazman 2 Problem… r How do you identify a particular user when they visit your site (or any.

Session Tracking Parts of this presentation was provided by SSE.

1 PHP HTTP After this lecture, you should be able to know: How to create and process web forms with HTML and PHP. How to create and process web forms with.

8-Mar-16 More About Servlets Session Tracking. Persistent information A server site typically needs to maintain two kinds of persistent (remembered) information:

Unit-6 Handling Sessions and Cookies. Concept of Session Session values are store in server side not in user’s machine. A session is available as long.

Copyright © 2003 Pearson Education, Inc. Slide 7-1 The Web Wizard’s Guide to PHP by David Lash.

World Wide Web has been created to share the text document across the world. In static web pages the requesting user has no ability to interact with the.

PHP: Further Skills 02 By Trevor Adams. Topics covered Persistence What is it? Why do we need it? Basic Persistence Hidden form fields Query strings Cookies.

Teaching slides Chapter 6. Chapter 6 Software user interface design & construction Contents Introduction Graphical user interface – Rich window based.

Managing State Chapter 13.

Cookies BIS1523 – Lecture 23.

Presentation transcript:

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1  Wiley and the book authors, 2001 E-Commerce: Fundamentals and Applications Chapter 6 : Server-Side Programming III Session Tracking

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications2  Wiley and the book authors, 2001 Outline What is session tracking in Web applications Traditional session tracking techniques  Hidden form field  URL rewriting  HTTP user authorization  Cookies Servlet session tracking API Servlet session tracking program examples

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications3  Wiley and the book authors, 2001 A realistic case in session tracking: shopping in VBS To implement a simple virtual store such as the e-pizza ordering store as shown in Fig. 6.1, users are usually provided with an electronic form (e-form) to fill in the order. After submitting the form to the server, the order can then be processed accordingly. The above approach is fine for a "simple e-retail business", which carries a small number of products. However, for large e-retail businesses, it is impractical to put all the products into a single e-form.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications4  Wiley and the book authors, 2001 Pizza Order Scenario Using the e-Form Mechanism (Fig. 6.1)

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications5  Wiley and the book authors, 2001 A realistic case in session tracking: shopping in VBS (cont.) Let us look at the "physical" shopping scenario, for example shopping in a supermarket. The shopping process is as follows:  enter the supermarket;  get a shopping cart;  walk around the store;  choose the goods and put them into the shopping cart; and  finally check out at the cashier's counter. To emulate the above shopping process in the cyber world, we need to implement a shopping cart.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications6  Wiley and the book authors, 2001 A realistic case in session tracking: shopping in VBS (cont.) To implement shopping cart object, there are two issues to be resolved:  The first one is how to assign and map a“shopping cart” to a user. Note that in most B2C e-commerce system, a user does not need to log into the system before shopping.  The second issue is how to keep track of the shopping cart and its content. Example:  During an e-shopping situation, we may access the VBS, get a shopping cart and then browse another Web site for a while before returning to the VBS again.  The challenge is how can we "get back" the previous shopping cart to continue shopping instead of restarting from the beginning? The solution is Session Tracking.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications7  Wiley and the book authors, 2001 Traditional session tracking techniques To support session tracking for Web-based applications, a number of techniques have been developed. The most common ones are:  Hidden form field;  URL rewriting;  HTTP user authorization;  Cookies.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications8  Wiley and the book authors, 2001 Hidden Form Field (HFF) - A Perspective As part of the HTML standard, "Hidden Form Field" provides a simple solution to session tracking. In the Advance Book Search (Chap 5), hidden form field technique have be used as follows:  First, the user browses the "Advanced Book Search" Web page, which provides an interface for the user to fill in the search criteria  After submitting the form to the VBS Web server, the corresponding servlet is launched by parsing the search criterion and executes the SQL statement.  Once the search result is obtained, the program formats the information using the HTML and returns it to the user  If the search result consists of multiple pages, some page pointers are presented for the user to go to the desired page.  The program uses the hidden form field to return the search criteria together with the previous ISBN of the book being displayed. Hence the books can be displayed accordingly.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications9  Wiley and the book authors, 2001 Hidden Form Field for shopping cart To implement a shopping cart using the "Hidden Form Field", we can define a hidden field element called "username" in an HTML form. This can be used to keep track of the user session and hence the shopping cart. ….

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications10  Wiley and the book authors, 2001 Simple book ordering using HFF We use a simple example to demonstrate how to implement a “Simple Book Store” using the "Hidden Form Field" for session tracking. The system flow of this "Simple Book Store" is shown in Figure 6.2. The simple bookstore consists of FOUR major modules as follows  Bookorder.html – This is the home page or "front-door" of the whole system.  DisplayorderHFF - This servlet program is used to display the selected book(s).  ShoppingHFF – This servlet program allows users to continue shopping by 1) consolidating the previous book selection; and 2) displaying the book list again for selection.  Check out – This allows the user to “check out”.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications11  Wiley and the book authors, 2001 System Flow Diagram for Simple Bookstore Using HFF (Fig. 6.2) Check Out Bookorder.html Displayorder HFF Shopping HFF book book +sbook

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications12  Wiley and the book authors, 2001 Simple book ordering using HFF (cont.) As shown in Fig. 6.3, the Bookorder.html file provides the "main entry" for the whole system. The HTML page consists of a simple book list and three buttons. A user can either:  click "Clear" button to reset the book selection;  click "Put to Cart" button to "put" the selected item(s) into the shopping cart; or  click "Check out" button to exit. Note that no matter which button is selected, the request is handled by the same server-side program, "displayorderHFF". The parameter value of the "submit" button is used to identify the action required.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications13  Wiley and the book authors, 2001 Snapshot of Bookorder.html Page (Fig. 6.3)

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications14  Wiley and the book authors, 2001 DisplayorderHFF program The main functions of "displayorderHFF" program are:  to display the list of book(s) selected by the user; to handle different actions selected by the user; Having determined the action, the program will invoke one of the following servlets: - launch the "checkout" program if the user clicks "Check Out" button; - launch the "shoppingHFF" program if the user clicks "Put to cart" button.  to create the hidden form field elements in the response In order to keep track of the books in the shopping cart, the program finally "embeds" all the books within the "book" and "sbook" parameters, into a hidden form field called "book".

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications15  Wiley and the book authors, 2001 Sample Output Screen From displayorderHFF (Fig. 6.4)

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications16  Wiley and the book authors, 2001 ShoppingHFF program The main function of the "shoppingHFF" program is to allow the user to continue the shopping process, which involves the following actions: "Store-and-forward" the books in the shopping cart First, the program uses the "getParameter("book")" command to retrieve all the books in the shopping cart and store them in a string array called “books” : It then forwards these items to the "next" program by using another hidden form field called "book”: if (books != null) { for (int j=0; j<books.length; j++) { out.println(" "); }

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications17  Wiley and the book authors, 2001 ShoppingHFF program (cont.) Display a book list for user selection  The program shows a selection menu for the user to continue the book selection.  It is important to notice that "sbook" and “book” contain the currently selected books and the books inside the shopping cart, respectively.  A snapshot of the screen output from "shoppingHFF" program is shown in Figure 6.5.  In this example, we select the last two books: "Java 2" and "Basic Cryptography". Then we press the "Put to cart" button and finally the "continue" button to return to the main program.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications18  Wiley and the book authors, 2001 Snapshot of "shoppingHFF" Screen Output (Fig. 6.5)

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications19  Wiley and the book authors, 2001 Screen Display of the Next displayorderHFF Program Output (Fig. 6.6)

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications20  Wiley and the book authors, 2001 Checkout program It is important to note that, whether the user clicks the "Put to Cart" or the "Check out" button, the same program "displayorderHFF" is launched. The main function of the "checkout" program is to provide an "exit" for the system, so it just displays a simple “check out” message. To complete the discussion, Fig. 6.7 shows the screen output of the "checkout" program.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications21  Wiley and the book authors, 2001 Screen Display of the Checkout Program Output (Fig. 6.7)

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications22  Wiley and the book authors, 2001 Pros & Cons of using Hidden Form Fields Pros:  The major advantage of using the "Hidden Form Field" is its simplicity.  As part of the HTML standard, it is supported by all browsers and therefore it can be easily implemented in all the major Web programming environments such as CGI programming, servlet programming, etc. Cons:  However if we want to keep track of a lot of information, passing information using hidden form fields may be clumsy from the implementation point of view.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications23  Wiley and the book authors, 2001 URL Rewriting There are two commonly used methods to identify a session using URL rewriting: Method (1) To add an extra directory path to the original URL Method (2) To add additional parameters at the end of the URL E.g. Suppose that the original URL is  A user with session identity 007 will access the URL as  Using method (1) - Not supported in PHP  Note: each user is assigned a different directory path so that the Web server can identify the client accordingly.  Using method (2) Note: In this case, the program knows that the request is from the session with ID of 007.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications24  Wiley and the book authors, 2001 URL Rewriting - Pros & Cons Pros:  URL Rewriting provides an easy-to-implement solution to session tracking. Cons:  The "Adding an Extra Path" method may not work well for complex applications and the "Adding an Extra Parameter" method can only be used with the "GET" command, but not the "POST" command.  As the POST command is often used in HTML forms, it applicability is quite limited.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications25  Wiley and the book authors, 2001 HTTP user authorization What is HTTP user authorization?  This method supports session tracking by means of the HTTP "User Authorization" response header. Authentication is done by asking the user to provide his username and password. How can User Authorization be done for session tracking? Example:  The Web server is configured to use the WWW authentication scheme.  When a user accesses the Web server for the first time, he needs to fill in the username and password for authentication (Fig. 6.8)  The information is then passed to the Web server for authentication. E.g. the username can be obtained from the "getRemoteUser()" method as follows: String username = req.getRemoteUser();  Once the Web server identifies the user, appropriate actions can be taken for that user.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications26  Wiley and the book authors, 2001 Sample Page for a Web Site that Needs User Authorization (Fig. 6.8)

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications27  Wiley and the book authors, 2001 HTTP user authorization: Pros & Cons Pros:  The major advantage of using User Authorization is that it is a "standard" feature of the HTTP so it is supported by all Web servers.  It can be implemented easily.  In fact, User Authorization is still commonly used in many contemporary Web systems, especially in Intranets. Cons:  Users must be pre-registered with the Web server. Therefore it may not be suitable for B2C e-commerce system because the customers may not have any relationship with the company.  Simultaneous login cannot be supported. In other words, a user cannot establish more than one session with the same site.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications28  Wiley and the book authors, 2001 Session tracking using Cookies In summary, cookies are "tiny" pieces of information stored in the client browser. In an e-shopping scenario, one can use cookies for session tracking as follows:  When a user accesses a B2C Web site for the first time, the Web server asks for the user information (e.g. username). Then the Web server can ask the client browser to "store" a cookie by including this cookie in the HTTP response header. For example, Set-Cookie: Username=ray The cookie with Username=ray is then stored in the client browser for later use.  Each time the user returns to the Web site, the client browser will send this cookie in the HTTP request message. Hence the cookie can be used for session tracking purpose.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications29  Wiley and the book authors, 2001 Using Cookies: Pros & Cons Pros:  Cookies are the most commonly used method for supporting session tracking.  They are easy to implement as most server-side programming tools provide API for managing cookies.  Cookies are supported by nearly all browsers. In fact, the use of cookies is standardized in RFC Cons  A cookie can only store a limited amount of information.  There are security concerns in using cookies because it involves saving something on the client side.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications30  Wiley and the book authors, 2001 Servlet session tracking Java servlet API provides a set of classes, namely the Session Tracking API, to handle session tracking. The advantages of using this API are as follows:  It can be used in any servlet program with little additional programming effort.  Similar to Cookies  Stored in memory of client computer

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications31  Wiley and the book authors, 2001 Servlet session tracking API: How does it work? Let us look at how the Java session tracking API can be applied for our VBS as follows:  When a user visits the VBS for the first time, the servlet engine will automatically assign a session ID to the user. The session ID is passed to the user using the “Set-Cookie” command such as Set-cookie: Session id=  Once the client’s browser gets this cookie, the cookie and hence the session ID will be stored.  Whenever the user returns to the VBS, the client browser sends this cookie (i.e. the session ID) to the Web server.  By identifying the session ID, the corresponding shopping cart object can be retrieved for shopping.  A schematic diagram of the servlet Session Tracking mechanism is shown in Fig. 6.9.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications32  Wiley and the book authors, 2001 Schematic Diagram of Servlet Session Tracking API (Fig. 6.9)

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications33  Wiley and the book authors, 2001 Servlet session tracking API: Sample program SessionDemo We demonstrate the functionality of the servlet session tracking API by using a simple example - SessionDemo. In this example, a customer enters his name on an HTML form. After submitting the form to the SessionDemo servlet, a session is created for the customer. This simple program illustrates the basic methods and procedures for manipulating session objects using the Servlet Session Tracking API. Figure 6.10 shows the system flow for the whole program.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications34  Wiley and the book authors, 2001 System Flow of SessionDemo program (Fig. 6.10)

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications35  Wiley and the book authors, 2001 SessionDemo: Main features The program first “retrieves” the session with the “getSession()” method If the session does not exist  either the client visits the Web site for the first time or  the previous session has been terminated due to “timeout”, The servlet engine will create a new session for the user. Then, the program retrieves the customer’s name using the "getParameter()" method i.e., The program also creates a background color object for the session. The background color toggles between red and blue by updating the background color object continuously.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications36  Wiley and the book authors, 2001 SessionDemo: Main features Then the program puts the “custname” and “bkcolor” objects into the session for the customer In the subsequent visits (i.e., after the session has been created), the program will retrieve the session objects and print the customer name with the background color accordingly. The program will also update the background color object for the next visit. Finally the session objects are put back into the session.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications37  Wiley and the book authors, 2001 Snapshot of SessionDemo Program Output (Fig. 6.11) QUIT Session Continue Session Welcome screen

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications38  Wiley and the book authors, 2001 Simple Shopping cart: SimpleCart In this example, we demonstrate how to use the session tracking API to support user authentication and to build a simple shopping cart - namely SimpleCart. We assume that after logging into the system, the user will be provided with an object called the simple shopping cart object (SCart). A SimpleCart object contains:  Customer name : the full name of the customer  Bonus points : the bonus points of the customer

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications39  Wiley and the book authors, 2001 SimpleCart: Main features Essentially the simple shopping cart is used to store the user information for the current session. The information is obtained from the “Userlog” table of the simple database, called “mall”. This table contains the following information:  User - Text field contains the username.  Password- Text field contains user password.  Customer name – Text field contains the full name of the customer.  Bonus points – Number field contains the bonus points for the user.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications40  Wiley and the book authors, 2001 Snapshot of SimpleCart User Login Screen (Fig. 6.12)

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications41  Wiley and the book authors, 2001 Snapshot of SimpleCart Welcome Main Page (Fig. 6.13)

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications42  Wiley and the book authors, 2001 VBS Shopping Cart In this chapter, a simple shopping cart is built. Later in Chapter 15, we will build a comprehensive shopping cart. In general, a shopping cart contains the following information:  user ID;  number of items being selected;  total price of the goods being selected;  list of goods selected including:  product code;  quantity purchased;  item price;  item description. A sample shopping cart screen is shown in Fig

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications43  Wiley and the book authors, 2001 Sample Shopping Cart in VBS (Fig. 6.14)