Oracle Web Toolkit

							Oracle Web Toolkit

    OWA_COOKIE PACKAGE
               “COOKIE”
• Derived from “magic cookie,” a well-known
  concept in Unix computing which inspired
  both the idea and the name of HTTP
  cookie.
• Main purpose of cookies is to identify users
  and possibly prepare customized Web
  pages for them.
          HTTP COOKIES
• Sometimes known as web cookies
• Parcels of text sent by server to web
  browser
• Sent back unchanged by browser at each
  time server is accessed
• Used for authenticating, tracking and
  maintaining specific information about
  users (e.g. contents of their electronic
  shopping carts)
   COOKIES AND INTERNET
         PRIVACY
• Subject to legislation in various countries
  such as United States and in the European
  Union
• Cookies do not always provide accurate
  identification of users
• Cookies could be used for network attacks
• Most modern browsers allow users to
  decide whether to accepts cookies, but
  rejection makes websites unusable.
         COOKIE MYTHS
• Like worms or viruses – can erase data
  from user‟s hard drive
• Forms of spyware – read personal
  information stored on user‟s computer
• Generate pop-ups
• Used for spamming
• Only used for advertising
      WHAT ARE COOKIES
• Only data – not program code.
• Cannot erase or read information from the
  user‟s computer.
• Cookies do allow for detecting the Web
  pages view by user
• Collected in a profile for user
• Profiles are anonymous
• Larger percentage of users do not know
  how to delete cookies.
           COOKIE THEFT
• Cookie specifications constrain cookies to
  be sent back only to servers in the same
  domain as the server from which they
  originated.
• The value of cookies can be sent to other
  servers using means different from the
  Cookie header such as Javascript.
• Difficult to detect on the user side
• Responsibility of administrators to disallow
  posting of malicious cookie code.
       COOKIE VISIBILITY
• Not visible to client-side programs such as
  JavaScript if they have been sent with the
  HttpOnly flag.
Example:
Set_Cookie:
  RMID=732423sdfs73242;expires=Fri, 31-
  Dec-2010 23:59:59 GMT;
  path=/;domain=.example.net; HttpOnly
  HOW DOES ONE USE HTTP
        COOKIES?
• Cookies allow any site to store information
  on a WEB Browser‟s hard disk(cookie.txt
  file). This information is sent back to the
  originating site whenever you access it
  again.
Example:
owa_util.mime_header („text/html‟,FALSE);
owa_cookie.send(cuid,xsession_id,sysdate+1);
owa_util.http_header_close;
    OWA_COOKIE PACKAGE
• Contains subprograms that enable you to send
  HTTP cookies to and get them from the client's
  browser.
• Cookies are opaque strings sent to the browser
  to maintain state between HTTP calls.
• State can be maintained throughout the client's
  session, or longer if an expiration date is
  included.
• Your system date is calculated with reference to
  the information specified in the owa_custom
  package
Summary of OWA_COOKIE
subprograms

Subprogram          Description
GET Function        Gets the value of the specified
                    cookie
GET_ALL Procedure   Gets all cookie name-value pairs
REMOVE Procedure    Removes the specified cookie

SEND procedure      Generates a "Set-Cookie" line in
                    the HTTP header
       PARTS OF A COOKIE
• This type contains cookie name-value
  pairs.
Example:
TYPE vc_arr IS TABLE OF VARCHAR2(4000) INDEX BY
  BINARY_INTEGER.
TYPE COOKIE IS RECORD (
name         VARCHAR2(4000),
 vals        vc_arr,
num_vals     INTEGER);
                   GET Function
• This function returns the values associated with the specified
  cookie. The values are returned in a OWA_COOKIE.COOKIE
  DATA TYPE.

Syntax
OWA_COOKIE.GET( name IN VARCHAR2)
RETURN COOKIE

   Parameter                    Description

   name                         The name of the cookie.

 Return Values
 OWA_COOKIE.COOKIE DATA TYPE.
        GET_ALL Procedure
• This procedure returns all cookie names and their
  values from the client‟s browser.
• The values appear in the order in which they
  were sent from the browser.
Syntax:
OWA_COOKIE.GET_ALL(
names    OUT    vc_arr,
vals     OUT    vc_arr,
num_vals    OUT    INTEGER);
          REMOVE Procedure

• This procedure forces a cookie to expire immediately by
  setting the "expires" field of a Set-Cookie line in the HTTP
  header to "01-Jan-1990". This procedure must be called
  within the context of an HTTP header.
Syntax
OWA_COOKIE.REMOVE(
name       IN    VARCHAR2,
val        IN    VARCHAR2,
path       IN    VARCHAR2 DEFAULT NULL);
          SEND procedure
• This procedure generates a Set-Cookie
  line, which transmits a cookie to the client.
  This procedure must occur in the context of
  an HTTP header.
Syntax
OWA_COOKIE.SEND(
 name     in  varchar2,
 value   in   varchar2,
 expires in   date DEFAULT NULL,
 path    in   varchar2 DEFAULT NULL,
 domain  in   varchar2 DEFAULT NULL,
secure    in   varchar2 DEFAULT NULL);
              SEND procedure
• This creates a cookie on the client browser
  machine. The expires date should be specified or
  the cookie only exists during the life of the session.
      Example:
      begin
           owa_util.mime_header('text/html', FALSE);
           owa_cookie.send(
            name=>'EASY_COOKIE',
            value=>lower(:P2100_COOKIE_SOURCE),
            expires => sysdate + 365);
       -- Set the cookie and redirect to another page
           owa_util.redirect_url(
        'f?p=&APP_ID.:2101:&SESSION.' );
        exception
           when others then
            null;
        end;
                 SAMPLE CODE
CREATE OR REPLACE PROCEDURE set_cookie
   ( p_cookie_name IN VARCHAR2,
     p_cookie_value IN VARCHAR2,
     p_expires IN DATE DEFAULT NULL)
IS
BEGIN
    OWA_UTIL.mime_header(bclose_header=>FALSE);

  OWA_COOKIE.SEND(p_cookie_name,
                  p_cookie_value,
                  p_expires);

   OWA_UTIL.http_header_close;
 END;