Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS3220 Web and Internet Programming Cookies and Session Tracking

Published byHilja Hovinen Modified over 5 years ago

Similar presentations

Presentation on theme: "CS3220 Web and Internet Programming Cookies and Session Tracking"— Presentation transcript:

1 CS3220 Web and Internet Programming Cookies and Session Tracking
Chengyu Sun California State University, Los Angeles

2 Session Tracking The Need The Difficulty The Trick?
shopping cart, personalization, ... The Difficulty HTTP is a “stateless” protocol Even persistent connections only last seconds The Trick?

3 General Idea client server request response + session id (sid)
request + sid request + sid request + sid request + sid

4 Three Ways to Implement Session Tracking
URL Re-writing E.g. Hidden form fields Cookies

5 Cookies Set by the server as a response header Set-Cookie
Added to each subsequent request by the browser as a request header Cookie

6 HTTP Response Example HTTP/1.1 200 OK
Date: Mon, 11 Apr :53:26 GMT Set-Cookie: JSESSIONID=7E3019D5D76D41E0B42FC1410B0A; Path=/ Content-Type: text/html;charset=ISO Content-Language: en-US Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2208 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html><head><title>CSNS</title></head> … …

7 HTTP Request Example GET /img/style/title_bg.gif HTTP/1.1
Host: csns.calstatela.edu User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:2.0) Firefox/4.0 Accept: image/png,image/*;q=0.8,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflate Accept-Charset: ISO ,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Cookie: JSESSIONID=7E3019D5D76D41E0B42FC1410B0A

8 Cookie Attributes Name, Value Host/Domain, Path
Controls whether the cookie should be included in a request Require secure connection Max age Comment

9 Servlet Cookie API Cookie HttpServletResponse HttpServletRequest
HttpServletResponse addCookie( Cookie ) HttpServletRequest Cookie[] getCookies()

10 Example: GuestBook with Cookie
Use a cookie to store name so a user only needs to enter their name once

11 Cookie or No Cookie? Is cookie a potential security problem?
Virus? DoS? How about privacy? Cookie manager in Firefox Internet Options in IE

12 Problems with Cookies Cookies have size limit
Malicious users can fake cookie data Sometimes cookie is disabled in browser Cookie API is somewhat tedious to use

13 Servlet Session Tracking API
HttpServletRequest HttpSession getSession() HttpSession setAttribute( String, Object ) getAttribute( String ) invalidate()

14 About Session Tracking API
Data is stored on the server, i.e. no size limit Each session is assigned a unique session id, which is used to access data associated with the session Session id is randomly generated and hard to fake Session tracking use cookie by default, but can automatically switch to URL rewriting if cookie is disabled

15 Example: GuestBook Using Session Tracking API
Session is shared among servlets Servlet context attributes (a.k.a. application scope variables) vs. session attributes (a.k.a. session scope variables) Similarities?? Differences?? Usage??

16 Session Configuration in web.xml
Default session timeout in Tomcat is 30 minutes Session timeout can be changed in web.xml The timeout value must be an integer Session never timeout if value <= 0 <session-config> <session-timeout>60</session-timeout> </session-config>

Download ppt "CS3220 Web and Internet Programming Cookies and Session Tracking"

Similar presentations

7 Copyright © 2005, Oracle. All rights reserved. Maintaining State in J2EE Applications.

7 Copyright © 2005, Oracle. All rights reserved. Maintaining State in J2EE Applications.
Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.

Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
CS320 Web and Internet Programming Handling HTTP Requests Chengyu Sun California State University, Los Angeles.

CS320 Web and Internet Programming Handling HTTP Requests Chengyu Sun California State University, Los Angeles.
CS320 Web and Internet Programming Generating HTTP Responses

CS320 Web and Internet Programming Generating HTTP Responses
Servlet Session Tracking. 2 Persistent information A server site typically needs to maintain two kinds of persistent (remembered) information: Information.

Servlet Session Tracking. 2 Persistent information A server site typically needs to maintain two kinds of persistent (remembered) information: Information.
Servlet Session Tracking II Session API All material and examples are from www.coreservlets.com.

Servlet Session Tracking II Session API All material and examples are from
Servlets Compiled by Dr. Billy B. L. Lim. Servlets Servlets are Java programs which are invoked to service client requests on a Web server. Servlets extend.

Servlets Compiled by Dr. Billy B. L. Lim. Servlets Servlets are Java programs which are invoked to service client requests on a Web server. Servlets extend.
Web technologies and programming cse4461 - hypermedia and multimedia technology Fanis Tsandilas April 3, 2007.

Web technologies and programming cse hypermedia and multimedia technology Fanis Tsandilas April 3, 2007.
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.

Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.
Chapter 5 Java Servlets. Objectives Explain the nature of a servlet and its operation Use the appropriate servlet methods in a web application Code the.

Chapter 5 Java Servlets. Objectives Explain the nature of a servlet and its operation Use the appropriate servlet methods in a web application Code the.
CS320 Web and Internet Programming Handling HTTP Requests Chengyu Sun California State University, Los Angeles.

CS320 Web and Internet Programming Handling HTTP Requests Chengyu Sun California State University, Los Angeles.
Chapter 8 Cookies And Security JavaScript, Third Edition.

Chapter 8 Cookies And Security JavaScript, Third Edition.
Session tracking There are a number of problems that arise from the fact that HTTP is a stateless protocol. In particular, when you are doing on- line.

Session tracking There are a number of problems that arise from the fact that HTTP is a "stateless" protocol. In particular, when you are doing on- line.
Session Tracking - 2 Lec 32. Last Lecture Review  Session Tracking – why?  Need to store state – typical solutions Cookies – already learned URL Rewriting.

Session Tracking - 2 Lec 32. Last Lecture Review  Session Tracking – why?  Need to store state – typical solutions Cookies – already learned URL Rewriting.
Web Application Development * These slides have been adapted and modified from CoreServlets course material (Marty Hall) and LUMS cs391 (Umair Javed).

Web Application Development * These slides have been adapted and modified from CoreServlets course material (Marty Hall) and LUMS cs391 (Umair Javed).
Chapter 6 Server-side Programming: Java Servlets

Chapter 6 Server-side Programming: Java Servlets
® IBM Software Group © 2007 IBM Corporation Best Practices for Session Management 4.1.0.3.

® IBM Software Group © 2007 IBM Corporation Best Practices for Session Management
Web Database Programming Week 7 Session Management & Authentication.

Web Database Programming Week 7 Session Management & Authentication.
CSCI 6962: Server-side Design and Programming Java Server Faces Scoping and Session Handling.

CSCI 6962: Server-side Design and Programming Java Server Faces Scoping and Session Handling.
Saving State on the WWW. The Issue  Connections on the WWW are stateless  Every time a link is followed is like the first time to the server — it has.

Saving State on the WWW. The Issue  Connections on the WWW are stateless  Every time a link is followed is like the first time to the server — it has.

Similar presentations

Ads by Google