06-15-2011, 05:27 PM,
(This post was last modified: 06-20-2011, 04:49 PM by kino.)
|
|||||
|
|||||
Persistent Data2:HTTP Cookies
HTTP Cookies are a standard Web mechanism for state management that allows a server to communicate with a client for purposes of:
•Authentication •Security •End user identification •Preserving application state Cookies are a way for a server to send information to a client to store, and for the server to later retrieve its data from that client. Servers send cookies to clients by adding fields to HTTP response headers. Clients return cookies to the server by adding fields to HTTP request headers. The information is stored in text files on the client's machine. In the previous Curl Cue, we discussed the power of storing data on the client machine using Curl's Client-side persistent data. So... Why Would a Curl Applet Need to Use HTTP Cookies? HTTP Cookies are mainly used for storing session information when a Curl applet interacts with a server-side application that requires a cookie. An HTTP cookie contains a session identifier as well as other relevant information about the user -- therefore cookies are necessary when a Curl applet interacts with servers that require a session. Each session has a beginning and an end, can be relatively short-lived, and can be terminated by either the client or the server For example, if a user logs into a Curl application, you may need get session information from a server. A cookie is sent to the Curl applet upon start up. Once the Curl applet has the cookie data stored, the information is sent to the associated URI with each request. Working with HTTP Cookies HTTP Cookies can either be secure or insecure. If you have a secure connection, you can use the HTTPS protocol for communication with the server. For our examples, we will use insecure cookies. In general, HTTP Cookies are: •Stored on a client machine as text •Grouped by URI •Sent to the server when the specific URI is requested This HttpCookie class holds all data associated with an HTTP cookie. The associated HttpCookie fields that store the HTTP cookie information are: •comment: A comment about the cookie variable. •domain: Domain that the hostname in the URL must match for the cookie to be sent along with requests for that URL. •expires: When the cookie should expire. •max-age: How long the cookie should last. •name: Name of the cookie variable. •path: Path that the URL must start with for the cookie to be sent along with requests for that URL. •secure?: Indicates whether this HttpCookie should be sent across "secure" channels such as that provided by HTTPS. •value: Value of the cookie variable. •version: Version of the cookie protocol being used; currently 1 is the only known legal value. Note that When the cookie should expire if expires is null, the cookie is kept only until the current host process exits. Once expires is in the past, the cookie may be deleted. If expires is in the future, the cookie is saved, possibly on disk, until the expiration date. Setting and Getting HTTP Cookies Use set-insecure-http-cookie to create the cookie on the local machine. Code: || Let the cookie expire 1 year from now Once this information is set, then the cookie data is set with future HTTP requests to the given URI. Also note that get-the-applet returns the Url of the running applet. Use get-http-cookies to retrieve cookie data. Code: let jar:{Array-of HttpCookie} = {get-http-cookies You can also use clear-insecure-http-cookie to clear any cookies. In most cases, you will use clear-insecure-http-cookie to remove cookies before the session ends (unless you want the information stored on the local machine for future use). Putting it all together... Ok, let's put everything together. In the following appley we will create a cookie that stores the value of My session that is set to expire 1 year from the creation date. Since cookies require the a browser, the applet must be run over HTTP. Therefore the code has been enclosed in a try expression so that we can catch any HttpExceptions. Code: {curl 6.0, 7.0 applet} Cookies and Security The only cookies an unprivileged applet can set or clear are those that would be sent with the applet's URL or with the applet's URL's parent directory. Keep in mind that unless the cookie has secure?=true and is used with https URLs, it could be seen by third party applications (snooping) on the network. In addition, unless expires=null, the cookie may be stored on disk. |
|||||
« Next Oldest | Next Newest »
|
Possibly Related Threads... | |||||
Thread | Author | Replies | Views | Last Post | |
Persistent Data1:Client-side Persistent Data | kino | 0 | 6,565 |
06-15-2011, 05:24 PM Last Post: kino |
|
Forms3:HTTP Forms | kino | 0 | 5,036 |
06-15-2011, 05:02 PM Last Post: kino |
|
Files over HTTP1:Files over HTTP | kino | 0 | 4,689 |
06-15-2011, 04:30 PM Last Post: kino |
Users browsing this thread:
2 Guest(s)
2 Guest(s)