INT21CN Computer Networks

Tutorial #19

1. What is a shopping cart application?

2. What is meant by state maintenance in the context of a shopping cart application? What are the two major technologies which can be used to implement state maintenance?

3. Typically, what information do you think would be contained within a hidden field or cookie? There are a couple of ways you can think about this question, depending on how much of the "state information" is maintained at the server, and how much on the client side (browser) software.

4. What are some of the advantages of cookies over hidden fields? What disadvantages do they have?

5. Under what conditions is a cookie stored on a client system's local disk between "browser sessions"?

6. Discuss the security implications of cookies. In particular, if someone asked you whether it's safe to accept cookies from Web servers, what would you tell them, and why?

7. On many Web Commerce sites (for example, Amazon.com and CDnow.com), cookies are used to authenticate repeated visits to the site. For example, if you have "shopped" at either of the above businesses, they will set a cookie so that you can subsequently "one-click" (or somesuch) to order. It's obviously important that no one else can generate your cookie, or they could impersonate you. How could this be implemented?

8. (Hard) What controls do the domain and path specifiers impose on when your browser sends a cookie to a server? In other words, how are the domain and path specifiers interpreted in the browser?

9. (Research question) Sites such as Amazon.com maintain a session identifier in URL Extra Path Information. Discover how this works, and explain its advantages over other systems. Why would they do this if they can achieve exactly the same effect using cookies?

10. (Discussion question) There's obviously lots of potential for using Java and/or Javascript to build a shopping cart application which runs on the client (browser) instead of using FORMS and CGIs. Is this a good idea? Why, or why not?