How to maintain state in a stateless web

1
How to maintain state in a stateless web

• Shirley Cohen
• scohen_at_tacc.utexas.edu

2
What is meant by state?

• To maintain state means the ability to retain
  values of variables and to keep track of users
  who are logged into the system.

3
Methods for maintaining state

• Cookies
• Sessions
• Passing hidden variables

4
What is a cookie?

• Cookies are simple text strings of the form of
  namevalue which are stored persistently on the
  clients machine.
• A URL is stored with each cookie and it is used
  by the browser to determine whether it should
  send the cookie to the web server.

5
Cookie Example

• lt?php
• count
• setCookie(count, count)
• ?gt
• Welcome! Youve seen this site
• lt?php print(count . (count 1 ? time!
  times!)) ?gt

6
Common Pitfalls

• Cant call setCookie() after output has been sent
  to the browser
• Cant have more than 20 cookies/server
• Cookies ONLY persist until the browser closes
  UNLESS you specify an expiry date
• set Cookie(name, value, time() 3600)

7
Sessions

• Sessions are just like cookies, except they
  store the users data on the web server. Every
  request has a unique session id.
• Sessions are said to be 30 more reliable than
  cookies.

8
Session Example

• ?php
• // start the session session_start()
  print "ltstronggtStep 2 - Register Session
  lt/stronggtltbr /gt" // Get the user's input from
  the form name  _POST'name' // Register
  session key with the value _SESSION'name'  n
  ame // Display the session information
• ?gt Welcome to my website ltstronggtlt? print
  _SESSION'name' ?gtlt/stronggt!ltbr /gt Let's see
  what happens on the lta href"page3.php"gtnext
  page.lt/agtltbr /gtltbr /gt

9
Destroying a Session

• lt?php
• // start the session session_start()
  _SESSION  array() session_destroy()
• print "ltstronggtStep 5 - Destroy This Session
  lt/stronggtltbr /gt"
• if(_SESSION'name')
•     print "The session is still active"  
• else 
•     echo "Ok, the session is no longer
  active! ltbr /gt"     
• ?gt

10
Session Tutorial Site

• http//www.phpfreaks.com/tutorials/41/0.php

11
Passing Variables

• ltform method"POST" action"main.php"gt lt?php
  courseurldecode(HTTP_GET_VARS'course')
  student_idurldecode(HTTP_GET_VARS'student_id'
  ) ?gt
• ltinput type"hidden" namecourse" valueprint
  course"gt ltinput type"hidden" name"student_id"
  valueprint student_id"gt
• lt/formgt

12
EID Topic

• EID module authenticates a user using a valid
  EID and password which are sent to the UT
  directory server using SSL. The UT directory
  server returns a cookie to the requestor and the
  requestor can then retrieve the relevant
  information about the user.

13
Web Central Users

• Use an .htaccess file on the directory they want
  to protect
• Examples
• .htaccess file to allow access for any valid UT
  EID     SSLRequireSSL     AuthType
  Anything     AuthName Anything     EID_Required
  on     require valid-eid
• .htaccess file to allow restricted access for a
  small group     SSLRequireSSL     AuthType
  Anything     AuthName Anything     EID_Required
  on     require eid UniqueID1 UniqueID2

14
Web Central EID Tutorial

• http//www.utexas.edu/learn/restrict/index.html

15
Non-Web Central Users

• PHP EID Module David Cook
• (not stable at the moment)
• ColdFusion EID Module Lisa Barden
• (now stable according to Eng.)
• Request ITS authorization from
• James M Ferrero

16
Questions

• ???