ECMM6018 Enterprise Networking for Electronic Commerce Tutorial 7 CGI/Perl and Cookies

Cookies Definition: Information put on your computer’s hard disk by a website in the form of text files so that the website can remember the user at a later date Cookies can be used to store information such as usernames, passwords or even send current weather and news for your particular region. In other words cookies can be used to help make more customizable web pages.

Cookies Can be used for purposes such as shopping carts (E-Commerce). They can be written in a variety of languages including PERL, JavaScript, ASP, Cold Fusion and PHP. Examples of sites that use cookies are Amazon, Payless

Cookies Only the Internet site that placed the cookie on your machine can read it They are not programs Specification of cookies 1.A cookie may be no larger than 4k. 2.There may be no more than 20 cookies per domain. 3.There may be no more than 300 cookies total from all sources. Stored under the cookie directory in windows, if using MSIE Stored in the cookies.txt file, if using Netscape

Cookies 6 parameters can be passed to it 1. The name of the cookie (mandatory) 2. The value of the cookie (mandatory) 3. The expiration date of the cookie - if blank it will expire when the user closes the browser

Cookies – Parameters ctd 4. The path the cookie is valid for. 5. The domain the cookie is valid for 6. The need for a secure connection to exist to use the cookie. The pieces of information are stored as name-value pairs Each name-value pair is separated by a semi-colon

How it all works The URL of a Web site is entered into the browser, the browser sends a request to the Web site for the page. Your browser will contact Web site’s server and request its home page When the browser does this, it will look on your machine for a cookie file that the Web site has set. If it finds an the Web site’s cookie file, the browser will send all of the name-value pairs in the file to the Web site’s server along with the URL. If it finds no cookie file, it will send no cookie data.

How It Works - ctd The Web site’s Web server receives the cookie data and the request for a page. If name-value pairs are received, the Web site can use them If no name-value pairs are received, the Web site knows that you have not visited before. The server creates a new ID for you in the Web site’s database and then sends name-value pairs to your machine in the header for the Web page it sends. Your machine stores the name-value pairs on your hard disk. The Web server can change name-value pairs or add new pairs whenever you visit the site and request a page.

Example Cookie being sent from the server to the browser Content-type: text/html Set-Cookie: foo=bar; path=/; expires Mon, 09-Dec-2002 13:46:00 GMT Cookie being sent from the browser to the server Cookie: foo=bar

Perl and Cookies CGI scripts create one or more cookies and send them to the browser in the HTTP header. Browser returns the cookies to the CGI script during subsequent interactions Interface to cookies by using the cookie method()

Cookie Method Create an object of type CGI and assign it to a variable E.g. $cgiobject=new CGI; $cookie = $cgiobject->cookie(-name=>'sessionID', -value=>\%cookie_data, -expires=>'+1h', -path=>'/cgi-bin/database', -domain=>'.capricorn.org', -secure=>1);

Sending Cookies through HTTP The cookie created by cookie() method must be incorporated into the HTTP header E.g. print $cgiobject->header(-cookie=>$cookie); It is possible to send multiple cookies in the HTTP header print $cgiobject->header(-cookie=>[$cookie1,$cookie2]);

Retrieving Cookies To retrieve a cookie, request it by name by calling cookie() method with the name parameter E.g. cookie_data=$cgiobject->cookie(“sessionID");

Useful Links http://stein.cshl.org/WWW/software/CGI/cgi_docs.html#cookies http://www.cookiecentral.com http://www.katsueydesignworks.com/cgi_cookies.htm