Creating Databases for Web Applications

1
Creating Databases for Web Applications

• cookie examples
• lab time favorites
• cookies Sessions
• class time for group work/questions on projects
• Next class presentations

2
cookies

• are entries into a file called cookies.txt on the
  client computer
• can be placed there by client-side or server-side
  code. Server side code uses the HTTP header to
  set the cookie.
• used for things such as IDs and preferences. Used
  to compensate for HTTP being 'stateless'
• alternatives are storing information in
• databases
• so-called session variables held on the server
  (one per client)
• the URL call (like methodget form data)

3
Samples

• php set cookie, no expiration. This means
  cookie goes away when the browser is closed.
• php set cookie, 5 minute expiration
• asp/JavaScript set cookie, no expiration.
• asp/JavaScript set cookie, 5 minute expiration

4
on sharon.ns.purchase.edu/jeanine

• cookie.php
• cookie5min.php
• cookie.asp
• cookie5min.php
• Question does the cookie know if it is asp or
  php?

5
before anything else sent to browser
lt?php if (_at_(submitted)) setcookie("ccname",c
name) setcookie("ctype",type) ?gt lthtmlgtlthead
gtlttitlegtUse cookie lt/titlegtlt/headgt ltbodygt lth1gt
Welcome lt? print ("cname! lt/h1gt\n") print
("ltbrgtYou like type cookies.")
?gt lt/bodygt lt/htmlgt lt?
6
else ?gt lthtmlgtltheadgtlttitlegtForm for cookies
lt/titlegtlt/headgt ltbodygt ltform action"cookies.php"
methodpostgt Your name ltinput typetext
name'cname' value' lt? print (_at_ccname)
?gt 'gt ltbrgt Your favorite cookie ltinput
typetext name'type' value' lt? print
(_at_ctype) ?gt 'gt ltbrgt ltinput typehidden
name'submitted' valueTRUEgt ltinput
typesubmit value'send info'gt ltinput
typereset value'reset'gt lt/formgt lt/bodygt lt/htm
lgt lt? ?gt
7
lt?php if (_at_(submitted)) setcookie("ccname",c
name,time()560) setcookie("ctype",type,
time()560) ?gt lthtmlgtltheadgtlttitlegtUse
cookie lt/titlegtlt/headgt ltbodygt lth1gt
Welcome lt? print ("cname! lt/h1gt\n") print
("ltbrgtYou like type cookies.")
print("ltbrgtThe time in seconds is ")
print(time()) ?gt lt/bodygt lt/htmlgt lt?
8
else ?gt lthtmlgtltheadgtlttitlegtForm for cookies
lt/titlegtlt/headgt ltbodygt ltform action"cookies5min.
php" methodpostgt Your name ltinput typetext
name'cname' value' lt? print (_at_ccname)
?gt 'gt ltbrgt Your favorite cookie ltinput
typetext name'type' value' lt? print
(_at_ctype) ?gt 'gt ltbrgt ltinput typehidden
name'submitted' valueTRUEgt ltinput typesubmit
value'send info'gt ltinput typereset
value'reset'gt lt/formgt lt/bodygt lt/htmlgt lt?
?gt
9
lt_at_ LanguageJavaScript gt lt var
submittedString(Request.Form("submitted")) if
(submitted !"undefined")
snameString(Request("cname"))
stypeString(Request("type")) Response.Cookies("
ccname") sname Response.Cookies("ctype")
stype gt lthtmlgtltheadgtlttitlegtUse cookie
lt/titlegtlt/headgt ltbodygt lth1gt Welcome lt
Response.Write (sname "lt/h1gt\n")
Response.Write ("ltbrgtYou like " stype "
cookies.") gt lt/bodygt lt/htmlgt lt
10
else gt lthtmlgtltheadgtlttitlegtForm for cookies
lt/titlegtlt/headgt ltbodygt ltform action"cookies.asp"
methodpostgt Your name ltinput typetext
name'cname' value' lt fromcookienameRequest.Co
okies("ccname") Response.Write(fromcooki
ename)gt 'gt ltbrgt Your favorite cookie ltinput
typetext name'type' value' lt
fromcookietypeRequest.Cookies("ctype")
Response.Write(fromcookietype) gt 'gt
ltbrgt ltinput typehidden name'submitted'
valueTRUEgt ltinput typesubmit value'send
info'gt ltinput typereset
value'reset'gt lt/formgt lt/bodygt lt/htmlgt lt gt
11
ASP

• The time expiration needs to be an asp datatype
  called variant.
• Need to convert the JavaScript date object to
  that type
• var laternew Date() //get now
• later.setMinutes(later.getMinutes()5 ) // add 5
• Response.Cookies("ccname").expires
  later.getVarDate()

12
lt_at_ LanguageJavaScript gt lt var
submittedString(Request.Form("submitted")) if
(submitted !"undefined") snameString(Request
("cname")) stypeString(Request("type"))
var laternew Date() //get now
later.setMinutes(later.getMinutes()5 ) // add
5 Response.Cookies("ccname") sname Response.Coo
kies("ccname").expires later.getVarDate() Respo
nse.Cookies("ctype") stype Response.Cookies("
ctype").expires later.getVarDate() gt lthtmlgtlthe
adgtlttitlegtUse cookie lt/titlegtlt/headgtltbodygt lth1gt
Welcome lt Response.Write (sname
"lt/h1gt\n") Response.Write ("ltbrgtYou like "
stype " cookies.") Response.Write("ltbrgt Later
is " later) gt lt/bodygt lt/htmlgt lt
13
lthtmlgtltheadgtlttitlegtForm for cookies
lt/titlegtlt/headgt ltbodygt ltform action"cookies5min.
asp" methodpostgt Your name ltinput typetext
name'cname' value' lt fromcookienameRequest.Co
okies("currentclientname")
Response.Write(fromcookiename)gt
'gt ltbrgt Your favorite cookie ltinput typetext
name'type' value' lt fromcookietypeRequest.Coo
kies("ctype") Response.Write(fromcookiet
ype) gt 'gt ltbrgt ltinput typehidden
name'submitted' valueTRUEgt ltinput typesubmit
value'send info'gtltinput typereset
value'reset'gt lt/formgt lt/bodygt lt/htmlgt lt gt
14
Experiment

• do one of the cookies.php or cookies.asp
• go to another site, and go back to this script.
• exit the browser.
• try cookies5min
• exit the browser, but re-invoke browser and go
  the script.
• exit the browser and right 5 minutes and then
  re-invoke the browser and go to the script.

15
Explore

• Find the cookies.txt file on your lab computer
  and your home or office computer
• On my home computer, it was on
• c\Program Files\Netscape\users\jeanine

16
in the cookies.txt file

• sharon.ns.purchase.edu FALSE / FALSE 1004721406 ct
  ype chocolatechip
• sharon.ns.purchase.edu FALSE / FALSE 1004721406 cu
  rrentclientname Mommy

17
Cookies

• name value
• can also be a collection (complex cookie) name,
  keys and values
• Optionally, set
• domain (purchase.edu would mean that
  sharon.ns.purchase.edu, rachel.ns.purchase.edu,
  etc. could use the cookie)
• path (restriction to folders within domain)
• secure True or False (only set if browser using
  secure connection)
• Limits each cookie lt 4kB (Netscape), number of
  cookies also limited (oldest deleted to make room
  for newest) limit sent per domain (20) and limit
  overall (300)

18
cookie parameters

• php
• setcookie(string name, string value, int expire,
  string path, string domain, int secure)
• asp
• Response.Cookies(name).Domain domainstring
• Response.Cookies(name).Path pathString
• Response.Cookies(name).Secure True

19
deleting cookies

• set same name cookie to no value
  setcookie("cclient","")
• php If you have specified a domain or path, you
  need to mention those attributes again in the
  setcookie call.
• Response.Cookies("cclient")""
• set same name cookie to have past expiration time
• setcookie("cclient","", time()-60)
• Response.Cookies("client").Expires"1/1/1980"

20
Caution

• Cookies are browser dependent
• Look at the Cookies folder in Windows for the IE
  cookies
• Cookies are not dependent on asp or php that is,
  
• php reads cookies set by asp and
• asp reads cookies set by php

21
Sessions

• A session is the time a client spends on a site.
  
• A session id is stored (as a cookie) on the
  client OR passed along via the URLs (using php
  only). The id is a key to session information
  stored on the server for each client.
• Php sessions will work even if cookies have been
  disabled by the person using the browser
• Session information is stored on the server.

22
Sessions php

• session_start() called at each script using the
  session variables
• total .
• cart"pencils" qty
• cartproductname productqty
• session_register("total")
• session_register("cart")
• in another script, can use cart and total.
• result session_is_registered("total")
• session_unregister("total")
• session_destroy()

23
Sessions asp

• Session(sessionvariablename) .
• Session(sessionvariablename)
• Session(cust_name) custname
• Again, session variables can be scalar (simple)
  or complex, such as arrays or associative arrays
  (aka hashes or collections).

24
Authentication (briefly)

• Sessions
• In forms, use method post ltinput typepassword
  gt
• 'over the shoulder' security
• Re-direction invoking another script
• must be before anything else sent to browser
• php header("Location otherpage.php") exit
• asp Response.Redirect("otherpage.asp")
• In re-direction and links, can add parameters
  header("Locationpage2.php?userusername")
• php crypt(), md5()
• asp/JavaScript use on-line sources. May need to
  code your own or purchase plugin.

25
Homework

• Keep working on enhancement projects
• First presentation due class after break (3/23)
• Present requirements (yours and your 'system
  owner' and 'system user'
• Final presentation (of enhanced projects) due
  following week (3/30)
• Your proposal for your own original project due
  week after. (4/6)