Slides from today

Session Management
A290/A590, Fall 2014
• No office hours today, but I will be available
tomorrow, Fri Sep 26, from 12:45pm to
2:15pm in Info West 109 (our regular room)
• Lab 4 extended to tomorrow night
• Lab 5 has been posted
Hidden Fields
• Allow for information to be passed between a
form to CGI script.
• The Submit button must be clicked for the
hidden information to be passed.
• The information is not saved on either the
client or the server. It is passed from the client
every time the form is submitted.
Browser Cookies
• Allow for a server script to save data on the
client (the browser).
• When accessing a web page/script, the
browser automatically sends the cookies
associated with that page (as determined by
the Domain and Path fields of the cookie)
• The data is stored on the client, so there is no
need to submit a form to facilitate the data
Session Files
• All data related to a browser session is stored on the server
in a session file.
– or as we'll learn later, in a database
• How do we know which session file is associated with
which browser session?
– The first time a server script is loaded, it can generate a unique
session ID and store it in a cookie on the browser.
– When the script is loaded subsequently, the browser sends it
the session ID cookie, and the server will know which session
file to use.
• What is the format of the session file?
– Whatever you make it. A simple text file to keep track of
name/value pairs is all that's required.
Session Files
• Session files are more efficient than cookies,
since only the session ID needs to be sent, not
all session information.
• Session files are more secure than cookies,
since they can't be tampered with on the
Session Files in Lab 4
• You will need to write a small session file
management component. It should be able to:
– generate a random session id using uuid.uuid4() if
one doesn't already exists
– retrieve the session id from the cookie sent by the
browser (you know how to do this already!)
– create a text file with the same name as the
session id
– store and retrieve the session information to and
from the file
• Remember the forms we wrote before…
<form action="" method="post">
Both are HTTP request methods
GET requests data from the server
POST submits data to be processes on the server
– We can still use a GET request and provide some input
to the server through the query string
– e.g.:
• GET requests…
– can be cached by the browser
– can be bookmarked
– remain in browser history
– have length restrictions
• POST requests…
– can't be cached, bookmarked or kept in the
browser history
– don't have length restrictions
• GET requests…
– shouldn't be used when dealing with sensitive
– should only be used to retrieve data
• POST requests
– should be used when user information (from
forms) is submitted to the server
GET vs POST and Lab 5
• Relevant to the Starting Page in Lab 5
– You need to be able to display a set of links to
different quizes
– The quiz identifier can be submitted through the
query string, e.g.

similar documents