Subjects -> Computer Networks -> Lectures -> Tute #8

INT21CN Computer Networks

Tutorial #8

  1. The basis of Web commerce is dynamically-generated Web pages. What does this mean?

  2. What is a shopping cart application?

  3. What is meant by session management in the context of a shopping cart application? What information must be stored on the server to enable a session-managed system?

  4. In the lecture, the statement was made that the session ID is typically: a (very) large random number and/or text string possibly combined with a (hashed) combination of other client information.... Why do think it's important that the session ID be (a)large, and (b) apparently random?

  5. If you have used a session-managed Web system such as "Internet Banking", you will probably be aware that such systems implement a "time out" of inactive sessions. How do you imagine the server does this?

  6. Thinking question: HTTP/1.1 introduced the concept of "keep-alive" persistent connections between the browser and the Web server. Why aren't these used for session management instead of the techniques discussed in the lecture? Discuss.

  7. List one advantage and one disadvantage of each of hidden fields, cookies and URL-embedded information for the transfer of session ID information.

  8. Under what conditions is a cookie stored on a client system's local disk between "browser sessions"?

  9. Discuss the security implications of cookies. In particular, if someone asked you whether it's safe to accept cookies from Web servers, what would you tell them, and why?

  10. On many Web Commerce sites (for example, Amazon.com and The New York Times), cookies are used to authenticate repeated visits to the site. For example, if you have "shopped" at either of the above businesses, they will set a cookie so that you can subsequently "one-click" (or somesuch) to order. It's obviously important that no one else can generate your cookie, or they could impersonate you. How could this be implemented?

  11. (Thinking question) In the lecture, we didn't discuss the vital issue of security -- in particular, we didn't talk about secure sites. Why not? Are issues of security othorgonal (ie, unrelated) to session management? Why, or why not? Discuss.

  12. (Hard) What controls do the domain and path specifiers impose on when your browser sends a cookie to a server? In other words, how are the domain and path specifiers interpreted in the browser, and under what conditions are they invalid?

  13. (Discussion question) There's obviously lots of potential for using Java and/or Javascript to build a shopping cart application which runs on the client (browser) instead of using FORMS and server-side code. Is this a good idea? Why, or why not?

These tutorial exercises accompany Lecture #8.
See Prac #8 for the practical exercises accompanying this tutorial.
La Trobe Uni Logo [Previous Tutorial] [Index] [Next Tutorial]
Copyright © 2005 by Philip Scott, La Trobe University.
Valid HTML 3.2!