Keeping Track

Document Sample
Keeping Track Powered By Docstoc
					Keeping Track
What are you connected to?

 You are not connected to a web server when
  a page is on the screen
 Only connected to server while page is
 Click on link = new connection
 In HTTP there is no relationship between
  page requests to the same server
HTTP Protocol

 HTTP is a stateless protocol
 Particular issue for forms
  – Avoid repeated logins
  – Form variables are only available on the next page
 Need a mechanism to recognise follow-on
  requests from the same user

 Possible to store information on browser
 Limit of 4k text file
 Browser automatically sends cookie back to
  server whenever a new page requested
 May encounter client-side issues as Cookies
  can be deleted or disabled
Issues with Cookies

 3rd party cookies
  – Any page element such as a banner ad can leave
    cookies on your browser
  – Can be used to track your interest from site to
 Local storage
  – Can cookies be altered?

 Most web languages support sessions
 Allocate memory on the server to store
  variables or objects related to a user
 A tracking ID is associated with the web user
  – Cookie/URL Rewrite/Hidden Field
 Only last limited time – typically 20 mins
PHP Objects
Key arrays

 Form variables available in $_POST or $_GET
 Cookies are stored in the $_COOKIE array
  – setcookie(“name”, “value”);
  – print “$_COOKIE[‘user’]”;
 Note when you set a cookie, it isn’t part of
  the $_COOKIE array until the next page load
 Cookies set this way expire when the
  browser is closed
More on the setcookie( ) command

 Can use setcookie( ) with more arguments
  $expire = time( ) + 60 * 60 * 24 * 30;
  setcookie(“name”, “value”, $expire);
 Delete cookie
  setcookie(“name”, “value”, $time() – 3600);
 Can also specify server path and domain
  setcookie(name, value, expire, path, domain);
PHP and Sessions

 Have to initialise session on every page
  session_start( );
 Able to store data in session using
  $_SESSION[‘name’] = “value”;
 Can kill session before it expires
  session_destroy( );
Pros and Cons

 Sessions use server memory
  – Busy server may have resource implications
  – Long session times may leave security weakness
 Cookies are stored client-side
  – Better scalability as less server resources
  – May be tampered with
  – Can be read maliciously

Shared By: