JavaScript, Fourth Edition

Slides:



Advertisements
Similar presentations
Maintaining State Between the Client and Server Internet Programming Using VBScript and JavaScript 9.
Advertisements

Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
JavaScript FaaDoOEngineers.com FaaDoOEngineers.com.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
JavaScript Forms Form Validation Cookies. What JavaScript can do  Control document appearance and content  Control the browser  Interact with user.
1 Chapter 12 Working With Access 2000 on the Internet.
JavaScript Forms Form Validation Cookies CGI Programs.
Servlets and a little bit of Web Services Russell Beale.
Managing State Information. PHP State Information 2 Objectives Learn about state information Use hidden form fields to save state information Use query.
XP Tutorial 9 New Perspectives on JavaScript, Comprehensive1 Working with Cookies Managing Data in a Web Site Using JavaScript Cookies.
Chapter 10 Managing State Information PHP Programming with MySQL.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
JavaScript, Third Edition
Chapter 11 ASP.NET JavaScript, Third Edition. 2 Objectives Learn about client/server architecture Study server-side scripting Create ASP.NET applications.
Chapter 10 Maintaining State Information Using Cookies.
Objectives Learn about state information
Creating Web Page Forms
Operating System & Application Files BACS 371 Computer Forensics.
OS and Application Files BACS 371 Computer Forensics.
 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.
CST JavaScript Validating Form Data with JavaScript.
Chapter 9 Collecting Data with Forms. A form on a web page consists of form objects such as text boxes or radio buttons into which users type information.
Chapter 9 Using Perl for CGI Programming. Computation is required to support sophisticated web applications Computation can be done by the server or the.
Reading Data in Web Pages tMyn1 Reading Data in Web Pages A very common application of PHP is to have an HTML form gather information from a website's.
CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.
Comp2513 Forms and CGI Server Applications Daniel L. Silver, Ph.D.
Chapter 5 Java Script And Forms JavaScript, Third Edition.
Chapter 6: Forms JavaScript - Introductory. Previewing the Product Registration Form.
XHTML Introductory1 Forms Chapter 7. XHTML Introductory2 Objectives In this chapter, you will: Study elements Learn about input fields Use the element.
IT533 Lectures Session Management in ASP.NET. Session Tracking 2 Personalization Personalization makes it possible for e-businesses to communicate effectively.
Cookies and Security Saving the “state”
XHTML Introductory1 Linking and Publishing Basic Web Pages Chapter 3.
Working with Cookies Managing Data in a Web Site Using JavaScript Cookies* *Check and comply with the current legislation regarding handling cookies.
WEEK 3 AND 4 USING CLIENT-SIDE SCRIPTS TO ENHANCE WEB APPLICATIONS.
CSE 154 LECTURE 12: COOKIES. Including files: include include("filename"); PHP include("header.html"); include("shared-code.php"); PHP inserts the entire.
USING PERL FOR CGI PROGRAMMING
Chapter 8 Cookies And Security JavaScript, Third Edition.
JavaScript, Fourth Edition
Week seven CIT 354 Internet II. 2 Objectives Database_Driven User Authentication Using Cookies Session Basics Summary Homework and Project 2.
JavaScript, Fourth Edition Chapter 5 Validating Form Data with JavaScript.
Regular Expression (continue) and Cookies. Quick Review What letter values would be included for the following variable, which will be used for validation.
Cookies Web Browser and Server use HTTP protocol to communicate and HTTP is a stateless protocol. But for a commercial website it is required to maintain.
11 1 Cookies CGI/Perl Programming By Diane Zak Objectives In this chapter, you will: Learn the difference between temporary and persistent cookies.
PHP Programming with MySQL Slide 10-1 CHAPTER 10 Managing State Information.
7 Chapter Seven Client-side Scripts. 7 Chapter Objectives Create HTML forms Learn about client-side scripting languages Create a client-side script using.
Advance web Programming Managing State Information (Cookies-Session) Date: 22 April 2014 Advance web Programming Managing State Information (Cookies-Session)
JavaScript Part 9 George Mason University June 23, 2010.
XP Tutorial 8 Adding Interactivity with ActionScript.
ASP.Net, Web Forms and Web Controls 1 Outline Session Tracking Cookies Session Tracking with HttpSessionState.
JavaScript, Fourth Edition Chapter 4 Manipulating the Browser Object Model.
ECMM6018 Enterprise Networking for Electronic Commerce Tutorial 7
Persistence Maintaining state using cookies and queries.
Cookies (continue). Extracting Data From Cookies Data retrieved from a cookie is a simple text string. While there is no specific JavaScript function.
8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.
1 State and Session Management HTTP is a stateless protocol – it has no memory of prior connections and cannot distinguish one request from another. The.
IS2802 Introduction to Multimedia Applications for Business Lecture 8: JavaScript and Cookies Rob Gleasure
©SoftMooreSlide 1 Cookies. ©SoftMooreSlide 2 Cookies Basic idea –web application sends a simple name/value pair to the client –when the client connects.
1 PHP HTTP After this lecture, you should be able to know: How to create and process web forms with HTML and PHP. How to create and process web forms with.
Project 5: Customizing User Content Essentials for Design JavaScript Level Two Michael Brooks.
Persistence Maintaining state: Queries. State is the Problem What is state? facebook status logins (which user are you?) conversations talking about what?
Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.
1 Chapter 22 World Wide Web (HTTP) Chapter 22 World Wide Web (HTTP) Mi-Jung Choi Dept. of Computer Science and Engineering
HTTP Transactions 1. 2 Client-Server Model 3 HTTP HyperText Transport Protocol Native protocol for WWW Sits on top of internet’s TCP/IP protocol HTTP.
PHP: Further Skills 02 By Trevor Adams. Topics covered Persistence What is it? Why do we need it? Basic Persistence Hidden form fields Query strings Cookies.
Chapter 5 Validating Form Data with JavaScript
JavaScript, Sixth Edition
19.10 Using Cookies A cookie is a piece of information that’s stored by a server in a text file on a client’s computer to maintain information about.
Client / Session Identification Cookies
Client / Session Identification Cookies
Configuring Internet-related services
Presentation transcript:

JavaScript, Fourth Edition Chapter 9 Managing State Information and Security

Objectives Learn about state information Save state information with hidden form fields, query strings, and cookies Learn about security issues JavaScript, Fourth Edition JavaScript, Fourth Edition 2 2

Understanding State Information Information about individual visits to a Web site HTTP was originally designed to be stateless Browsers stored no persistent data about site visits Reasons for maintaining state information Customize individual Web pages Temporarily store information for a user Allow a user to create bookmarks Provide shopping carts JavaScript, Fourth Edition

Understanding State Information (continued) Reasons for maintaining state information Store user IDs and passwords Use counters Example Frame-based Color Printer Product Registration Web page JavaScript, Fourth Edition 4

Understanding State Information (continued) JavaScript, Fourth Edition 5

Understanding State Information (continued) JavaScript, Fourth Edition 6

Saving State Information with Hidden Form Fields Special type of form element Not displayed by the Web browser Allows you to hide information from users Created with the <input> element Temporarily store data that needs to be sent to a server along with the rest of a form But that a user does not need to see Syntax <input type="hidden"> JavaScript, Fourth Edition 7

Saving State Information with Hidden Form Fields (continued) JavaScript, Fourth Edition 8

Saving State Information with Hidden Form Fields (continued) Example Add hidden form fields to the Color Printer Product Registration program Add code to the Customer Information document that copies its form field values to the hidden form fields in the top frame of the Color Printer Product Registration frameset Add code to the Product Information document that copies its form field values to the hidden form fields in the top frame of the Color Printer Product Registration frameset JavaScript, Fourth Edition 9

Saving State Information with Query Strings Set of name=value pairs appended to a target URL Consists of a single text string containing one or more pieces of information You can use a query string to pass information from one Web page to another JavaScript, Fourth Edition

Passing Data with a Query String Add a question mark (?) immediately after a URL Followed by the query string (in name=value pairs) for the information you want to preserve You separate individual name=value pairs within the query string using ampersands (&) The passed query string is then assigned to the search property Of the target Web page Location object Example Modify the Color Printer Product Registration page to pass registration information as query strings JavaScript, Fourth Edition 11

Parsing Data from a Query String Remove the question mark Using the substring() method combined with the length property Convert the individual pieces of information into array elements Using the split() method Example Write your own parsing script that extracts and displays the data in the query string JavaScript, Fourth Edition 12

Parsing Data from a Query String (continued) JavaScript, Fourth Edition 13

Saving State Information with Cookies Query strings and hidden form fields maintain state information only temporarily Cookies Small pieces of information about a user that are stored by a Web server in text files On the user’s computer Each time the Web client visits a Web server Saved cookies are sent from the client to the server Temporary cookies Remain available only for current browser session JavaScript, Fourth Edition 14

Saving State Information with Cookies (continued) Persistent cookies Remain available beyond current browser session And are stored in a text file on a client computer Limitations on the use of cookies Server or domain can store a maximum of 20 cookies Total cookies per browser cannot exceed 300 Largest cookie size is 4 kilobytes JavaScript, Fourth Edition 15

Creating Cookies Use the cookie property of the Document object To create cookies in name=value pairs The name attribute Only required parameter Specifies the cookie’s name=value pair Cookies created with only the name attribute are temporary cookies Cookies cannot include semicolons or special characters You can use special characters in your cookies if you use encoding JavaScript, Fourth Edition 16

Creating Cookies (continued) The name attribute (continued) Encoding involves converting special characters in a text string To their corresponding hexadecimal ASCII value encodeURIComponent() function Used for encoding the individual parts of a URI Converts special characters in the individual parts of a URI to their corresponding hexadecimal ASCII value decodeURIComponent() function Counterpart of encodeURIComponent() function JavaScript, Fourth Edition 17

Creating Cookies (continued) The name attribute (continued) You should manually encode and decode cookies Example Modify the Customer Information form so its fields are saved in temporary cookies instead of in query strings The expires attribute Determines how long a cookie can remain on a client system before it is deleted Cookies created without this attribute are available for only the current browser session Be sure not to encode this attribute JavaScript, Fourth Edition 18

Creating Cookies (continued) The expires attribute (continued) You can manually type a string in UTC format Or you can create the string with the Date object Use the toUTCString() method to convert the Date object to a string Unused persistent cookies can sometimes interfere with the execution of a JavaScript cookie program Example Add to ProductInfo.html a persistent cookie named registered that is assigned a value of true when the user clicks the Submit button JavaScript, Fourth Edition 19

Creating Cookies (continued) The path attribute Determines the availability of a cookie to other Web pages on a server By default, a cookie is available to all Web pages in the same directory To make a cookie available to all directories on a server, use a slash Cookies from other programs that are stored in the same directory Can cause your JavaScript cookie program to run erratically JavaScript, Fourth Edition 20

Creating Cookies (continued) The domain attribute Used for sharing cookies across multiple servers in the same domain You cannot share cookies outside of a domain The secure attribute Indicates that a cookie can only be transmitted across a secure Internet connection Using HTTPS or another security protocol JavaScript, Fourth Edition 21

Reading Cookies Parsing a cookie Example Decode it using decodeURIComponent() function Use the methods of the String object to extract individual name=value pairs Example Modify the code in ProductInfo.html so it does not refer to the query string Add code to the Register.html document that reads and prints the contents of the cookies from the CustomerInfo.html document JavaScript, Fourth Edition 22

Reading Cookies (continued) Example Modify CustomerInfo.html so it reads the persistent registered cookie to determine whether the user has already submitted the product registration JavaScript, Fourth Edition 23

Understanding Security Issues Discuss security issues that relate to Web browsers and JavaScript JavaScript, Fourth Edition 24

Secure Coding with JavaScript Security threats Viruses, worms, and data theft by hackers Consider both Web server security issues and secure coding issues Web server security technologies Firewalls Secure Socket Layer (SSL) JavaScript programs are downloaded and execute locally JavaScript, Fourth Edition 25

Secure Coding with JavaScript (continued) Secure coding or defensive coding Writing code to minimize any intentional or accidental security issues All code is insecure unless proven otherwise No magic formula for writing secure code JavaScript, Fourth Edition 26

JavaScript Security Concerns Security areas of most concern Protection of a Web page and JavaScript program against malicious tampering Privacy of individual client information Protection of the local file system of the client or Web site from theft or tampering Another security concern Privacy of individual client information in the Web browser window An important JavaScript security feature Its lack of certain types of functionality JavaScript, Fourth Edition 27

JavaScript Security Concerns (continued) Missing functionalities File manipulation Create a network connection Cannot run system commands or execute programs on a client JavaScript, Fourth Edition 28

The Same Origin Policy Same origin policy Restricts how JavaScript code in one window or frame accesses a Web page In another window or frame on a client computer To view and modify the elements in other windows and frames They must have the same protocol and exist on the same Web server Same origin policy applies not only to the domain name But also to server on which a document is located JavaScript, Fourth Edition 29

The Same Origin Policy (continued) Policy prevents malicious scripts from modifying the content of other windows and frames And prevents the theft of private browser information and information displayed on secure Web pages Policy also protects the integrity of the design of your Web page Example Create a frame set in which one frame uses JavaScript code to try to change the status bar text of another frame JavaScript, Fourth Edition 30

The Same Origin Policy (continued) domain property of the Document object Changes the origin of a document to its root domain name Allows documents from different origins in the same domain to access each other’s elements and properties JavaScript, Fourth Edition 31

Summary Information about individual visits to a Web site is called state information HTTP was originally designed to be stateless You can hide information from users in a hidden form field Most common tools for maintaining state information are hidden form fields, query strings, and cookies A query string is a set of name=value pairs appended to a target URL JavaScript, Fourth Edition

Summary (continued) Cookies are small pieces of information about a user that are stored by a Web server Cookies can be temporary or persistent The cookie property is created with a required name attribute You can use special characters in your cookies if you use encoding The built-in encodeURIComponent() function encodes the individual parts of a URI JavaScript, Fourth Edition

Summary (continued) When you read a cookie or other text string encoded, you must first decode it with the decodeURIComponent() function Cookies are one continuous string that must be parsed “Secure coding,” or “defensive coding,” refers to writing of code to minimize any intentional or accidental security issues JavaScript, Fourth Edition 34

Summary (continued) The same origin policy restricts how JavaScript code in one window or frame accesses a Web page in another window or frame on a client computer. The domain property of the Document object changes the origin of a document to its root domain name using the statement document.domain = “domain”; JavaScript, Fourth Edition

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.