Computer Networks
Tutorial #23
- What is a shopping cart application?
- What is meant by state maintenance in the context of
a shopping cart application? What are the two technologies
which can be used to implement state maintenance?
- Typically, what information do you think would be contained within
a hidden field or cookie? There are a couple of ways you can think about
this question, depending on how much of the "state information" is
maintained at the server, and how much on the client side (browser)
software.
- What are some of the advantages of cookies over hidden fields?
What disadvantages do they have?
- Under what conditions is a cookie stored on a client system's local disk
between "browser sessions"?
- Discuss the security implications of cookies. In particular, if someone
asked you whether it's safe to accept cookies from Web servers, what would
you tell them, and why?
- On many Web Commerce sites (for example,
Amazon.com and
CDNow.com), cookies are used to
"authenticate" repeated visits to the site. For example, if you have
"shopped" at either of the above sites, they will set a cookie
so that you can subsequently "one-click" (or somesuch) to order. It's
obviously important that no one else can generate your
cookie, and this probably involves some use of encryption.
How could this be implemented?
- (Hard) What controls do the
domain
and path
specifiers impose on when your browser sends a cookie to a server?
In other words, how are the domain
and path
specifiers interpreted in the browser?
- (Discussion question) There's obviously lots of potential for using
Java and/or Javascript to build a shopping cart application which runs
on the client (browser) instead of using FORMS and CGIs. Is this a good
idea? Why, or why not?
Practical exercises:
- Web browsers (usually) store persistent cookies in a text file somewhere on
your system, typically with a revealing name like
cookies.txt
,
which should make it easy to find. Check out this file using a text file
viewer. What cookies are stored there, and what information do they
contain? In particular, find the persistent cookie used by the "solutions
server" for this subject, and identify the information which it contains.
If you're feeling brave (and after first quitting from your browser), edit
the cookies file, remove the BITCNE solutions cookie, and then later try
and fetch a tute solution.
- Visit some commercial Web sites, pretend you're going to buy
something (maybe even actually buy something!) and discover
whether they're using hidden fields or cookies to maintain state.
- Turn on the "Notify Me About Cookies" option (or whatever it is in your
particular browser) and be amazed at the cookies that are being sent
to you!
- Use the small segments of Perl code given in the lecture to
set and read cookies. Now inspect the code for the "solutions server",
which makes use of cookies -- it's publically readable in directory
/usr/local/www/subjects/bitcne/cgi on our Unix systems. Can you understand
what it's doing?
[Previous Tutorial]
[Tutorial Index]
[Next Tutorial]
[Suggested Solutions]
Phil
Scott