Presentation is loading. Please wait.

Presentation is loading. Please wait.

Saving State on the WWW. The Issue  Connections on the WWW are stateless  Every time a link is followed is like the first time to the server — it has.

Published bySilas Shields Modified over 8 years ago

Similar presentations

Presentation on theme: "Saving State on the WWW. The Issue  Connections on the WWW are stateless  Every time a link is followed is like the first time to the server — it has."— Presentation transcript:

1 Saving State on the WWW

2 The Issue  Connections on the WWW are stateless  Every time a link is followed is like the first time to the server — it has no memory for connections

3 Why Bother To Fix This? By saving state we can… Save configuration information between sessions Save configuration information between sessions Make adaptive websites (change themselves to suit user’s behaviour) Make adaptive websites (change themselves to suit user’s behaviour) Enable e-commerce applications (shopping carts) Enable e-commerce applications (shopping carts) Violate users’ privacy by tracking which websites and webpages they visit Violate users’ privacy by tracking which websites and webpages they visit

4 Saving State In General

5 Methods of Saving State  Cookies  Session-level authentication  form s  URL Rewriting

6 Method 1: Cookies  Basic idea Client stores data for the server Client stores data for the server Client sends data to server with each request Client sends data to server with each request  Details (Version 0) Required fields: name=value Required fields: name=value Optional fields: domain, path, secure, expires Optional fields: domain, path, secure, expires Size: maximum 4 kilobytes Size: maximum 4 kilobytes Number: maximum 1024 cookies Number: maximum 1024 cookies

7 Aside: Cookie Concept  Cookie is a computing term from long ago.  According to The New Hacker’s Dictionary: Something passed between subroutines or programs that enables the receiver to do something useful Something passed between subroutines or programs that enables the receiver to do something useful The thing being passed is opaque to the sender (e.g. time_t type C libraries use) The thing being passed is opaque to the sender (e.g. time_t type C libraries use) Cookies are also small Cookies are also small  ‘The phrase “it hands you a magic cookie” means it returns a result whose contents are not defined but which can be passed back to the same or some other program later.’ [source for quote at end]

8 Cookie Examples Examples at course website Examples at course website time1.cgi vs. time2.cgi time1.cgi vs. time2.cgi Compare form method with cookie method cookie-colour cookie-colour One program to write cookies One program to write cookies One program to read cookies One program to read cookies Use env.cgi to see cookies in headers Use env.cgi to see cookies in headers

9 Method 2: Session-level Authentication  See §12.2 (Basic Authentication) in HTTP: The Definitive Guide by David Gourley & Brian Totty, © 2002 by O'Reilly & Associates, Inc. (ISBN: 1- 56592-509-2) Basic AuthenticationBasic Authentication  Session (from ISO Reference Model) Logical communication between two network end points Logical communication between two network end points Sessions are composed of requests and responses that occur between applications in different network hosts. Sessions are composed of requests and responses that occur between applications in different network hosts. In browser terms a session is the longevity of the O/S process In browser terms a session is the longevity of the O/S process

10 The Steps of Basic Authentication 1. Browser requests resource from server application  usually with GET protocol 2. Server replies with code 401 (authorization required) 3. Browser prompts user  for name & password 4. Browser resends request including the name & password (in the network header) H Every time the browser makes a request for that resource it will send the name & password, until the end of the session H The name & password are like a cookie that is stored in RAM H Because they are in RAM they will be forgotten when the browser quits (i.e., at the end of the session)

11 Method 3: form s with hidden fields  We usually pull webpages in from a server  Forms are for pushing data to the server  To use forms we need to use CGI protocol CGI = common gateway interface CGI = common gateway interface An application layer protocol that allows client to send data to the server An application layer protocol that allows client to send data to the server

12 Two form Methods method=“get”method=“post”  Data is part of URL  Data is not part of URL  Only used for simple requests (e.g. search engine queries)  Can be used for file upload  Conceptually: a query of a database  Conceptually: an alteration to a database See form examples online form examples form examples

13 Saving State With form s  Hidden post & simple get Hidden post & simple get Hidden post & simple get  Did you see the hidden field?  Did you see the hidden data?  That’s one way of saving state:  Placing the data in a form so that every time the form is submitted (sent to the server) the data is sent too Examples using CGI program to generate a form Examples using CGI program to generate a form  Loan.cgi and multi-page.cgi Loan.cgi and multi-page.cgi Loan.cgi and multi-page.cgi

14 Essence of State Saving Using forms Browser CGI program(s) form in HTML file State info. State info.

15 Essence of State Saving Using form s  There must be an uninterrupted sequence of request/responses pairs from the browser to a CGI program (or programs)  The state must be represented in the form, and represented in the form, and recognized by the CGI program(s) recognized by the CGI program(s)  The CGI program(s) must encode the state in the form

16 Essence of State Saving Using forms

17 This diagram is for a single CGI program and a single form, but the same thing could be done with multiple programs & forms

18 Method 4: Servlets & URL Rewriting  Recall that method=“get” form s pass their data in the URL  These URLS are designed to be cached You don’t need a browser that can understand form s to use them You don’t need a browser that can understand form s to use them You can just type them in like any other web address You can just type them in like any other web address

19 URL Rewriting Explained  So why not put the state information from method=“get” form s in the href of every anchor Instead of <a href="foo.html" >click here do ?session=… <a href="foo.html?session=…" >click here

20 Servlets (1 of 2)  Many users dislike long URLs — they are hard to mail to friends & look ugly  Some browser software don’t support cookies — and many users have such support disabled  Wouldn’t it be great if your server would use cookies when the client supported them, and URL rewriting when it didn’t?

21 Servlets (2 of 2)  Servlets (and other server-side software) do that!  Servlets are server-side programs written in Java  Other server-side technologies work the same way but are implemented in other languages See also Servlets lecture See also Servlets lecture

22 What Data Do We Pass?  But isn’t that a lot of state information to send back and forth?  Not really, because we don’t have to pass all of the data back and forth  We can pass a user or session ID and  the server will maintain a database keyed by those IDs

23 Resources  Cookie resources at course website Cookie resources Cookie resources  HTTP: The Definitive Guide in the e-book collection the e-book collectionthe e-book collection  Cookie examples at course website Cookie examples Cookie examples  SessionTrack servlet example at course website SessionTrack servlet example SessionTrack servlet example  Note that servlets are not always running at FCS

24 Bibliography 1.CS4173 Resource List 2.Web Protocols and Practice Balachander Krishnamurthy & Jennifer Rexford Addison-Wesley May 2001 © 2001 by AT&T Corp. (ISBN 0-201-71088-9) 3.HTTP: The Definitive Guide David Gourley & Brian Totty, with others David Gourley & Brian Totty, with others O'Reilly & Assoc. Sept. 2001 O'Reilly & Assoc. Sept. 2001 (ISBN 1-56592-509-2) (ISBN 1-56592-509-2) 4.The New Hacker’s Dictionary Eric S. Raymond (editor) Eric S. Raymond (editor) Online version used at Online version used at http://www.logophilia.com/jargon/jargon_28.html#TAG1093

25 Next…  CGI Programming

Download ppt "Saving State on the WWW. The Issue  Connections on the WWW are stateless  Every time a link is followed is like the first time to the server — it has."

Similar presentations

DT228/3 Web Development WWW and Client server model.

DT228/3 Web Development WWW and Client server model.
Copyright 2004 Monash University IMS5401 Web-based Systems Development Topic 2: Elements of the Web (g) Interactivity.

Copyright 2004 Monash University IMS5401 Web-based Systems Development Topic 2: Elements of the Web (g) Interactivity.
Browsers and Servers CGI Processing Model ( Common Gateway Interface ) © Norman White, 2013.

Browsers and Servers CGI Processing Model ( Common Gateway Interface ) © Norman White, 2013.
6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?

6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?
Servlets and a little bit of Web Services Russell Beale.

Servlets and a little bit of Web Services Russell Beale.
How the web works: HTTP and CGI explained

How the web works: HTTP and CGI explained
1 CS6320 – Why Servlets? L. Grewe 2 What is a Servlet? Servlets are Java programs that can be run dynamically from a Web Server Servlets are Java programs.

1 CS6320 – Why Servlets? L. Grewe 2 What is a Servlet? Servlets are Java programs that can be run dynamically from a Web Server Servlets are Java programs.
Definitions, Definitions, Definitions Lead to Understanding.

Definitions, Definitions, Definitions Lead to Understanding.
Session Management A290/A590, Fall 2014 09/25/2014.

Session Management A290/A590, Fall /25/2014.
Application Layer  We will learn about protocols by examining popular application-level protocols  HTTP  FTP  SMTP / POP3 / IMAP  Focus on client-server.

Application Layer  We will learn about protocols by examining popular application-level protocols  HTTP  FTP  SMTP / POP3 / IMAP  Focus on client-server.
1 The World Wide Web. 2  Web Fundamentals  Pages are defined by the Hypertext Markup Language (HTML) and contain text, graphics, audio, video and software.

1 The World Wide Web. 2  Web Fundamentals  Pages are defined by the Hypertext Markup Language (HTML) and contain text, graphics, audio, video and software.
2/9/2004 Web and HTTP February 9, 2004. 2/9/2004 Assignments Due – Reading and Warmup Work on Message of the Day.

2/9/2004 Web and HTTP February 9, /9/2004 Assignments Due – Reading and Warmup Work on Message of the Day.
Hypertext Transport Protocol CS - 328 Dick Steflik.

Hypertext Transport Protocol CS Dick Steflik.
CGI Programming: Part 1. What is CGI? CGI = Common Gateway Interface Provides a standardized way for web browsers to: –Call programs on a server. –Pass.

CGI Programming: Part 1. What is CGI? CGI = Common Gateway Interface Provides a standardized way for web browsers to: –Call programs on a server. –Pass.
SE-2840 Dr. Mark L. Hornick1 Java Servlet-based web apps Servlet Architecture.

SE-2840 Dr. Mark L. Hornick1 Java Servlet-based web apps Servlet Architecture.
Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.

Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.
Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.

Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.
 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.

 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.
Sys Prog & Scripting - HW Univ1 Systems Programming & Scripting Lecture 15: PHP Introduction.

Sys Prog & Scripting - HW Univ1 Systems Programming & Scripting Lecture 15: PHP Introduction.
1 ‘Dynamic’ Web Pages So far, we have developed ‘static’ web-pages, e.g., cv.html, repair.html and order.html. There is often a requirement to produce.

1 ‘Dynamic’ Web Pages So far, we have developed ‘static’ web-pages, e.g., cv.html, repair.html and order.html. There is often a requirement to produce.

Similar presentations

Ads by Google