Mark Dixon 1 03 – Passing Data between pages: Forms, Sessions, & Query Strings.

Slides:

Advertisements

Similar presentations

MFA for Business Banking – Security Code Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing these QT sheets.

Advertisements

Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Mark Dixon Page 1 16 – Passing Data between pages: Forms, Sessions, & Query Strings.

Mark Dixon, SoCCE SOFT 131Page 1 20 – Web applications: HTML and Client-side code.

Mark Dixon Page 1 15 – Web applications: Server-side code (ASP)

Mark Dixon, SoCCE SOFT 131Page 1 16 – Passing Data between pages: Sessions, Query Strings, & Self Posting.

JavaScript ICW: Lecture 11 Tom Chothia. Last Lecture URLs Threads, to make a process run in parallel: Make it extend Thread Give it a run method Call.

XP Tutorial 9 New Perspectives on JavaScript, Comprehensive1 Working with Cookies Managing Data in a Web Site Using JavaScript Cookies.

Session Management A290/A590, Fall /25/2014.

Mark Dixon Page 1 15 – Web applications: Server-side code (ASP)

Mark Dixon, SoCCE SOFT 131Page 1 19 – Web applications: Server-side code (ASP)

Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.

 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.

Welcome to the Southeastern Louisiana University’s Online Employment Site Applicant Tutorial!

MIT AITI 2004 JSP – Lecture 2 Get and Post Requests.

Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.

Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.

Mark Dixon Page 1 19 – Passing Data between pages: Forms, Sessions, & Query Strings.

Comp2513 Forms and CGI Server Applications Daniel L. Silver, Ph.D.

CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.

Chapter 8 Handling Cookies. Cookie Cookies are small bits of textual information that a Web server sends to a browser and that the browser later returns.

Welcome message. The background image would be an image of Electronic Circuit And have a flash action script to animate 0 and 1. This site would be for.

JavaScript, Fourth Edition

Mark Dixon Page 1 23 – Web applications: Writing data to Databases using PhP.

Working with Cookies Managing Data in a Web Site Using JavaScript Cookies* *Check and comply with the current legislation regarding handling cookies.

Server-Side Scripting with Java Server Page, JSP ISYS 350.

Mark Dixon Page 1 3 – Web applications: Server-side code (JSP)

Week 9 PHP Cookies and Session Introduction to JavaScript.

CSE 154 LECTURE 12: COOKIES. Including files: include include("filename"); PHP include("header.html"); include("shared-code.php"); PHP inserts the entire.

Mark Dixon 1 22 – Web applications: Writing data to Databases using ASP.Net.

Server-Side Scripting with Java Server Page, JSP ISYS 350.

Creating Databases for Web Applications cookie examples lab time: favorites cookies & Sessions class time for group work/questions on projects Next class:

Chapter 8 Cookies And Security JavaScript, Third Edition.

Session tracking There are a number of problems that arise from the fact that HTTP is a "stateless" protocol. In particular, when you are doing online.

Mark Dixon Page 1 18 – Web applications: Server-side code (PhP)

PHP1-1 PHP Lecture 2 Xingquan (Hill) Zhu

Lecture 8 – Cookies & Sessions SFDV3011 – Advanced Web Development 1.

Chapter 6 Server-side Programming: Java Servlets

11 1 Cookies CGI/Perl Programming By Diane Zak Objectives In this chapter, you will: Learn the difference between temporary and persistent cookies.

CSC 2720 Building Web Applications Server-side Scripting with PHP.

Cookies and Sessions IDIA 618 Fall 2014 Bridget M. Blodgett.

Mark Dixon 1 19 – Passing Data between pages: Forms, Sessions, & Query Strings.

1 Theory, Practice & Methodology of Relational Database Design and Programming Copyright © Ellis Cohen Implementing The Middle Tier These slides.

The Problem of State. We will look at… Sometimes web development is just plain weird! Internet / World Wide Web Aspects of their operation The role of.

ASP. What is ASP? ASP stands for Active Server Pages ASP is a Microsoft Technology ASP is a program that runs inside IIS IIS stands for Internet Information.

ARMS Advanced Risk Management System User Documentation.

ECMM6018 Enterprise Networking for Electronic Commerce Tutorial 7

Mark Dixon Page 1 15 – Web applications: Server-side code (ASP)

8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.

CSC 2720 Building Web Applications Managing Users' States – Cookies, URL-Rewriting, Hidden Fields and Session Management APIs.

MIT AITI 2004 JSP – Lecture 4 Sessions and Cookies.

ITM © Port,Kazman 1 ITM 352 Cookies. ITM © Port,Kazman 2 Problem… r How do you identify a particular user when they visit your site (or any.

©SoftMooreSlide 1 Cookies. ©SoftMooreSlide 2 Cookies Basic idea –web application sends a simple name/value pair to the client –when the client connects.

Server-Side Scripting with Java Server Page, JSP ISYS 350.

1 PHP HTTP After this lecture, you should be able to know: How to create and process web forms with HTML and PHP. How to create and process web forms with.

PHP Form Processing * referenced from

8-Mar-16 More About Servlets Session Tracking. Persistent information A server site typically needs to maintain two kinds of persistent (remembered) information:

Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.

IST 210: PHP Basics IST 210: Organization of Data IST2101.

PHP: Further Skills 02 By Trevor Adams. Topics covered Persistence What is it? Why do we need it? Basic Persistence Hidden form fields Query strings Cookies.

Distributed Web Systems Cookies and Session Tracking Lecturer Department University.

Cookies Tutorial Cavisson Systems Inc..

21 – Web applications: Server-side code (ASP)

18 – Web applications: Server-side code (PhP)

12 – Passing Data between pages: Forms, Sessions, & Query Strings

What is Cookie? Cookie is small information stored in text file on user’s hard drive by web server. This information is later used by web browser to retrieve.

Cookies Cookies are small bits of textual information that a Web server sends to a browser and that the browser returns unchanged when later visiting the.

Introduction to JavaScript

Presentation transcript:

Mark Dixon 1 03 – Passing Data between pages: Forms, Sessions, & Query Strings

Mark Dixon 2 Session Aims & Objectives Aims –To introduce the fundamental ideas involved in passing data between pages Objectives, by end of this week’s sessions, you should be able to: –pass data between pages, using: Self Posting Query Strings Session Variables Cookies

Mark Dixon 3 Example: Logon v2 (design) Restrict access to home page

Mark Dixon 4 Example: Logon v2 (code) <% String un; String pw; String msg = ""; if (request.getParameter("btnLogon") != null){ un = request.getParameter("txtUserName"); pw = request.getParameter("txtPassWord"); if (un.equals("mark") && pw.equals("soft234")){ response.sendRedirect(“Home.html"); }else{ msg = "Login details incorrect."; } %> Please logon: Logon.jsp My Home page Welcome to my home page. Home.html

Mark Dixon 5 Example: Logon (Fixed Problem) View Source – shows client-side script: No server-side code

Mark Dixon 6 Example: Logon (Problem 2) User can type home page url (address) directly (bypassing logon page)

Mark Dixon 7 Solution Need way for: –password page to tell home page –that user logged in OK

Mark Dixon 8 Technique: Dead-Drop Variables 2 Spies wish to pass message between each other without actually meeting Arrange a dead-drop location –one spy leaves message at location –other spy visits location later to pick up message Variables used as dead-drop containers

Mark Dixon 9 <% Boolean LogonOK ; if ( LogonOK == false){ response.sendRedirect("Logon3.jsp"); } %> My Home page Welcome to my home page. Home3.jsp <% String un; String pw; String msg = ""; Boolean LogonOK; LogonOK = false; if (request.getParameter("btnLogon") != null){ un = request.getParameter("txtUserName"); pw = request.getParameter("txtPassWord"); if (un.equals("mark") && pw.equals("soft234")){ LogonOK = true; response.sendRedirect("Home3.jsp"); }else{ msg = "Login details incorrect."; } %> Please logon: Logon3.jsp Example: Logon v3 (code)  Does not work  Variables do not persist between pages LogonOK True

Mark Dixon 10 Example: Logon v3 (Error) Variables – don't persist between pages

Mark Dixon 11 Passing Data (temporary) Session object –used to pass information between pages: –exists for current session –persist between pages –clears if user closes browser –clears after 20 mins of inactivity –no need for declaration session.setAttribute("Thing", 91); Put 91 into Thing

Mark Dixon 12 Maintaining State: Session Object <% if (request.getParameter("btnSend") != null){ session.setAttribute("MSG", "Meet in BGB202"); }else if (request.getParameter("btnClear") != null){ session.invalidate(); } %> JSP Page Display Send.jsp Session variable –all objects –no declaration invalidate method –deletes all session variables

Mark Dixon 13 Maintaining State: Session Object <% String s = ""; if (session.getAttribute("MSG") != null){ s = session.getAttribute("MSG").toString(); } %> JSP Page Message: Display.jsp read session variable, and display

Mark Dixon 14 Example: Message Using Session variable: <% if (request.getParameter("btnSend") != null){ session.setAttribute("MSG", "Meet in BGB202"); }else if (request.getParameter("btnClear") != null){ session.invalidate(); } %> JSP Page Display Send.jsp <% String s = ""; if (session.getAttribute("MSG") != null){ s = session.getAttribute("MSG").toString(); } %> JSP Page Message: Display.jsp MSG Meet in BGB202

Mark Dixon 15 Questions: Session Variables Write a line of code to put the number 74 into a session variable called id. Write code that puts 'Hello' a variable called msg if the session variable called id is equal to 74 session.setAttribute("id", 74); if (session.getAttribute("id") == 74){ msg = "Hello"; }

Mark Dixon 16 Passing Data (temporary) Query Strings –Useful for passing information between pages via links

Mark Dixon 17 Maintaining State: Query Strings Data added to end of URL (address): page.jsp?Surname=Bob JSP code can use this data: –request.getParameter("Surname") would return the value "Bob" Form method=get –data automatically added to query string Query String

Mark Dixon 18 Example: Date-Time What background colour do you want for you date information? Yellow Light Blue Menu.jsp > The date is. DateTime.jsp

Mark Dixon 19 store small textual data on user's (client) computer –Actual location varies with platform (Windows, Linux, etc.) C:\Documents and Settings\UserName\Local Settings\Temporary Internet Files –e.g. (from session-id-time l amazon.co.uk/ Cookies: What

Mark Dixon 20 has 6 parts: –Name –Value –Domain –Path –Expiration –Security flag Name and Value are required –others have default values 20 Cookies: Parts

Mark Dixon 21 1.create cookie object 2.Constructor takes 2 parameters: –name and value (both Strings) 3.add cookie to response Cookies: Creating Cookie c; c = new Cookie("X", "23"); response.addCookie(c); Note: –any number of cookies can be created and added –cookies with same name are replaced

Mark Dixon 22 1.get cookies using request.getCookies –cookies are in an array 2.process the cookies: –use loop –getName returns name –getValue returns value Cookies: Reading Cookie[] cookies; cookies = request.getCookies(); for(int i=0; i<cookies.length; i++){ // cookies[i].getName() // cookies[i].getValue() }

Mark Dixon 23 browsers don’t always accept cookies –most modern browsers support cookies –still a few people using very old browsers often the user turns cookies off! –user concerned with what server is doing with information about them then probably turn cookies off can be used to transfer sensitive information in clear text NOT a serious security threat ( no viruses) Cookies: Disadvantages

Mark Dixon 24 Example: Message 2 (cookies) <% Cookie c; if (request.getParameter("btnSend") != null){ c = new Cookie("MSG", "Meet in SMB109"); c.setMaxAge(3600); // 1 hour (60 * 60) response.addCookie(c); }else if (request.getParameter("btnClear") != null){ c = new Cookie("MSG", null); c.setMaxAge(0); // delete cookie. response.addCookie(c); } %> JSP Page Display Send.jsp <% Cookie[] cookies; int i; String s = ""; cookies = request.getCookies(); if (cookies != null){ for(i=0; i<cookies.length; i++){ if (cookies[i].getName().equals("MSG")){ s += cookies[i].getValue() + " "; } %> JSP Page Message: Display.jsp MSG Meet in BGB202

Mark Dixon 25 Example: Message 2 (add cookies) <% Cookie c; if (request.getParameter("btnSend") != null){ c = new Cookie("MSG", "Meet in SMB109"); c.setMaxAge(3600); // 1 hour (60 * 60) response.addCookie(c); }else if (request.getParameter("btnClear") != null){ c = new Cookie("MSG", null); c.setMaxAge(0); // delete cookie. response.addCookie(c); } %> JSP Page Display Send.jsp Cookie c; if (request.getParameter("btnSend") != null){ c = new Cookie("MSG", "Meet in SMB109"); c.setMaxAge(3600); // 1 hour (60 * 60) response.addCookie(c); }else if (request.getParameter("btnClear") != null){ c = new Cookie("MSG", null); c.setMaxAge(0); // delete cookie. response.addCookie(c); }

Mark Dixon 26 Example: Message 2 (get cookies) <% Cookie[] cookies; int i; String s = ""; cookies = request.getCookies(); if (cookies != null){ for(i=0; i<cookies.length; i++){ if (cookies[i].getName().equals("MSG")){ s += cookies[i].getValue() + " "; } %> JSP Page Message: Display.jsp Cookie[] cookies; int i; String s = ""; cookies = request.getCookies(); if (cookies != null){ for(i=0; i<cookies.length; i++){ if (cookies[i].getName().equals("MSG")){ s += cookies[i].getValue() + " "; }

Mark Dixon 27 Reference: Server Object Model request object: calling web page –getParameter: used to get form and query-string data from page –getCookies: used to get cookie data from page response object: web page sent back –sendRedirect: used to navigate to other page session object: store data between pages –setAttribute: stores data –getAttribute: gets data –invalidate: clears session data

Mark Dixon 28 Passing Data (persistent) Cookies –stored on users’ (client) hard drive –persists between sessions –can be viewed by client –sent over http Database/file (covered in later lectures) –stored on server hard drive –persists between sessions –cannot be accessed directly by client

Mark Dixon 29 Tutorial Exercise: Message LEARNING OBJECTIVE: pass data between pages using session variables, and (form) self- posting Task 1: Get the message example working (from the lecture) Task 2: Change the send.jsp page so that when you click the buttons it gives some feedback as to what has happened.

Mark Dixon 30 Tutorial Exercise: Logon LEARNING OBJECTIVE: pass data between pages using session variables, and (form) self- posting Task 1: Type in the code for the Logon v3 example (from the lecture) NOTE: this will not work properly (variables do not persist between pages) Task 2: Modify this to use a session variable to 'remember' whether the logon was successful. Note: It should not be possible to view the source code Note: It should not be possible to bypass the logon

Mark Dixon 31 Tutorial Exercise: Date LEARNING OBJECTIVE: pass data between pages using query strings Task 1: Get the Date-Time example (from the lecture) working Task 2: Modify your page to provide another choice of background colour.

Mark Dixon 32 Tutorial Exercise: Message 2 LEARNING OBJECTIVE: pass data between pages using cookies Task 1: Get the message 2 example working (from the lecture) Task 2: Change the send.jsp page so that the user can change the text that is sent hint: add a text box