1 Maryland ColdFusion User Group Session Management 101 11 December 2001 Michael Schuler

Slides:



Advertisements
Similar presentations
UFCE8V-20-3 Information Systems Development 3 (SHAPE HK)
Advertisements

Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
Client State Management & Application Security  Client State Management  Concept  ASP Examples  Application Security  Database Based Approach 
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Chapter 10 Maintaining State Information Using Cookies.
IBS 685 Week 6. Update Forms Updating Data The update process is as follows: –The user is presented with a list of rows and selects one row to update.
Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.
Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.
CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.
CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.
About Dynamic Sites (Front End / Back End Implementations) by Janssen & Associates Affordable Website Solutions for Individuals and Small Businesses.
IT533 Lectures Session Management in ASP.NET. Session Tracking 2 Personalization Personalization makes it possible for e-businesses to communicate effectively.
JavaScript, Fourth Edition
Advanced Web Forms with Databases Programming Right from the Start with Visual Basic.NET 1/e 13.
5 Chapter Five Web Servers. 5 Chapter Objectives Learn about the Microsoft Personal Web Server Software Learn how to improve Web site performance Learn.
Working with Cookies Managing Data in a Web Site Using JavaScript Cookies* *Check and comply with the current legislation regarding handling cookies.
Session 10: Managing State. Overview State Management Types of State Management Server-Side State Management Client-Side State Management The Global.asax.
CSE 154 LECTURE 12: COOKIES. Including files: include include("filename"); PHP include("header.html"); include("shared-code.php"); PHP inserts the entire.
Week 7 IBS 685. Displaying an Image using CFOUTPUT 1.Save images in a folder under wwwroot directory 2.Create a database column and name it e.g. imagefilename.
Web Programming Language Week 7 Dr. Ken Cosh Security, Sessions & Cookies.
Chapter 8 Cookies And Security JavaScript, Third Edition.
School of Computing and Information Systems CS 371 Web Application Programming PHP – Forms, Cookies, Sessions and Database.
Week seven CIT 354 Internet II. 2 Objectives Database_Driven User Authentication Using Cookies Session Basics Summary Homework and Project 2.
Maintaining State MacDonald Ch. 9 MIS 324 MIS 324 Professor Sandvig Professor Sandvig.
Lecture 8 – Cookies & Sessions SFDV3011 – Advanced Web Development 1.
Chapter 6 Server-side Programming: Java Servlets
Cookies & Session Web Technology
Dr. Azeddine Chikh IS444: Modern tools for applications development.
Christopher M. Pascucci Basic Structural Concepts of.NET Managing State & Scope.
STATE MANAGEMENT.  Web Applications are based on stateless HTTP protocol which does not retain any information about user requests  The concept of state.
COOKIES and SESSIONS. COOKIES A cookie is often used to identify a user. A cookie is a small file that the server embeds on the user's computer. Each.
® IBM Software Group © 2007 IBM Corporation Best Practices for Session Management
Sessions in PHP – Page 1 of 13CSCI 2910 – Client/Server-Side Programming CSCI 2910 Client/Server-Side Programming Topic: Sessions in PHP Reading: Williams.
Web Database Programming Week 7 Session Management & Authentication.
CSCI 6962: Server-side Design and Programming Java Server Faces Scoping and Session Handling.
SE-2840 Dr. Mark L. Hornick1 Servlet Threads and Sessions.
Using Derrick Rapley Maryland CFUG January 8, 2002.
8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.
1 State and Session Management HTTP is a stateless protocol – it has no memory of prior connections and cannot distinguish one request from another. The.
How to maintain state in a stateless web Shirley Cohen
©SoftMooreSlide 1 Session Tracking with Servlets.
Web Technologies Lecture 6 State preservation. Motivation How to keep user data while navigating on a website? – Authenticate only once – Store wish list.
PHP and Sessions. Session – a general definition The GENERAL definition of a session in the “COMPUTER WORLD” is: The interactions (requests and responses)
Advance Caching Techniques Keen Haynes MKAD SCCFUG Winter 2002 Conference.
ITM © Port,Kazman 1 ITM 352 Cookies. ITM © Port,Kazman 2 Problem… r How do you identify a particular user when they visit your site (or any.
1 PHP HTTP After this lecture, you should be able to know: How to create and process web forms with HTML and PHP. How to create and process web forms with.
Active Server Pages Session - 3. Response Request ApplicationObjectContext Server Session Error ASP Objects.
8-Mar-16 More About Servlets Session Tracking. Persistent information A server site typically needs to maintain two kinds of persistent (remembered) information:
Cookies and Sessions in PHP. Arguments for the setcookie() Function There are several arguments you can use i.e. setcookie(‘name’, ‘value’, expiration,
Unit-6 Handling Sessions and Cookies. Concept of Session Session values are store in server side not in user’s machine. A session is available as long.
Navigation Framework using CF Architecture for a Client-Server Application using the open standards of the Web presented by Kedar Desai Differential Technologies,
Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.
COOKIES AND SESSIONS.
1 Chapter 22 World Wide Web (HTTP) Chapter 22 World Wide Web (HTTP) Mi-Jung Choi Dept. of Computer Science and Engineering
PHP: Further Skills 02 By Trevor Adams. Topics covered Persistence What is it? Why do we need it? Basic Persistence Hidden form fields Query strings Cookies.
Distributed Web Systems Cookies and Session Tracking Lecturer Department University.
Programming for the Web Cookies & Sessions Dónal Mulligan BSc MA
Cookies Tutorial Cavisson Systems Inc..
Building Secure ColdFusion Applications
Managing State Chapter 13.
Y.-H. Chen International College Ming-Chuan University Fall, 2004
19.10 Using Cookies A cookie is a piece of information that’s stored by a server in a text file on a client’s computer to maintain information about.
ITM 352 Cookies.
Cookies and Sessions in PHP
Cookies BIS1523 – Lecture 23.
What is Cookie? Cookie is small information stored in text file on user’s hard drive by web server. This information is later used by web browser to retrieve.
The Application Lifecycle
CS320 Web and Internet Programming Cookies and Session Tracking
Cookies A cookie is often used to identify a user. A cookie is a small file that the server embeds on the user's computer. Each time the same computer.
Presentation transcript:

1 Maryland ColdFusion User Group Session Management December 2001 Michael Schuler

2 Agenda  Addressing the Web’s Statelessness  The Application Framework  Session Variables  Locking Shared Variables

3 The Web's Statelessness  You will need to persist information across pages in order to:  Validate user authentication at login, and maintain that authentication throughout the session  Personalize the user’s experience  Maintain information about the user’s session - for example, a shopping cart

4 The Web's Statelessness  HTTP creates a new connection for every page request  Variables and flags set during one request are not available for the next request  Work around this problem by using:  Cookies  Application framework  Session variables

5 Securing Applications  You need to:  Authenticate them on first access by giving them a login page  Allow access to an application for a predetermined session time or time without activity  Secure each page to be sure they cannot bookmark a page and circumvent the login

6 Security Components  Secure your Web pages by using the following security components:  Login page and login action page to authenticate users against a database table of users  Application Framework to test for login on each page in the application  Session variables to persist a logged in flag for each page in the application

7 Cookie Types  There are two types of cookies you can create:  Persistent cookies  Session cookies  Both can be created using the tag  Differentiated by the use of the EXPIRES attribute.

8 Persistent vs. Sesssion Cookies  Persistent Cookies:  EXPIRES attribute determines when the cookie gets deleted from the browser machine:  EXPIRES = "n"  EXPIRES = "date"  EXPIRES = "never  EXPIRES = "now"

9 Session Cookies  Created by omitting the EXPIRES attribute from the tag  Only valid until all the browser sessions on that client machine are closed  Use this value when you only want to track the user for the current session  Destroyed when the browser sessions close, and are never stored in a file on the browser machine

10 Persistent State Variables  Variables that allow you to store information once, and then share it in an application, a session or the entire server.  Server  Application  Session  Client  Request

11 Session Variables  Session variables are:  Stored in the Web server's memory  Lost when the Web server is restarted  Used for single site visit  In order to use Session variables, you will need to:  Check the ColdFusion Administrator for Session settings  Enable Session variables within your Application.cfm file  Set Session variables in your ColdFusion pages

12 ColdFusion Administrator Settings  Session variables must be enabled before use.  Check the following settings in the ColdFusion Administrator to:  Make sure that Session variables have not been disabled  Set/reset the Session variables default and maximum timeout settings

13 ColdFusion Administrator Settings  Found in the ColdFusion Administrator in the Server Settings section under Memory Variables

14 Enabling Session Variables  Enable session variables in the Application.cfm file:  Enables session variables and sets expiration to 1 hour after last browser activity for each session The maximum timeout default in the ColdFusion Administrator is 20 minutes. Change this value in order for the above tag to allow timeout at 1 hour.

15 Session Variable Process  The first time a browser requests a page from ColdFusion, it will encounter the tag. This is always placed in an Application.cfm file.  ColdFusion will generate a unique identifier for the browser. The unique ID is made up of two values: CFID and CFTOKEN.  Two cookies are created and sent to the browser: CFID and CFTOKEN.  These two values are also stored in the Web server’s memory within the application. This is the link between the Web server and the browser session.

16 Session Variable Process

17 Creating Session Variables  Session variables are stored in server memory with the matching CFID and CFTOKEN values  Each session will have a separate set of variables  Created using the tag  The Session. prefix is required

18 Creating Session Variables

19 Disabled Cookies  If a browser has disabled the receipt of cookies, your ColdFusion application will need to pass the client information for every page request  Append CFID and CFTOKEN on URL  Pass CFID and CFTOKEN in hidden form controls  Use ADDTOKEN=“Yes” to CFLOCATION tag

20 Demonstration  Using Session Variables to Secure All Application Pages

21 Locking Shared Variables  Application and session (as well as server) scope variables are shared  These variables can be set and retrieved at the same time  Setting/getting values from the same place in memory at the same time can cause corruption, and can lead to system failure  Session variables can collide if:  The user hits Refresh in their browser while it's already processing a Session variable  A Session variable is used within a frameset  Every read and write of shared memory values requires the use of the tag to ensure memory integrity

22  Locks variables or code for the duration of the tag  Two types of locks:  Exclusive lock for variable setting  Read-only lock for variable getting

23 Setting Variables  All sets of shared memory variables must be locked exclusively  An exclusive lock single-threads access to the CFML constructs in its body  Implies that the body of the tag can be executed by at most one request at a time  No other requests can start executing inside the tag while a request has an exclusive lock.  ColdFusion issues exclusive locks on a first-come, first-served basis  Use the tag around all writes to server, application and session variables.

24 Getting Variables  A read-only lock allows multiple requests to concurrently access the CFML constructs inside its body  Should be used only when the shared data is read only and not modified  If another request already has an exclusive lock on the shared data, the request waits for the exclusive lock to be released Welcome #Session.UserName#!

25 Demonstration  Locking Session Variables

26 Questions ?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.