Embed Size (px)
DESCRIPTION
HTTP Cookies. Many major Web sites use cookies Four components: 1) cookie header line of HTTP response message 2) cookie header line in HTTP request message 3) cookie file kept on user’s host, managed by user’s browser 4) back-end database at Web site. Example: - PowerPoint PPT Presentation
Citation preview
HTTP Cookies
CPSC 441 - Application Layer 2
User-server state: cookies
Many major Web sites use cookies
Four components:1) cookie header line of
HTTP response message
2) cookie header line in HTTP request message
3) cookie file kept on user’s host, managed by user’s browser
4) back-end database at Web site
Example: Susan always access
Internet always from PC visits specific e-
commerce site for first time
when initial HTTP requests arrives at site, site creates: unique ID entry in backend
database for ID
CPSC 441 - Application Layer 3
Cookies: keeping “state” (cont.)
client server
usual http response msg
usual http response msg
cookie file
one week later:
usual http request msg
cookie: 1678cookie-specificaction
access
ebay 8734usual http request
msgAmazon server
creates ID1678 for usercreate
entry
usual http response Set-cookie: 1678
ebay 8734amazon 1678
usual http request msg
cookie: 1678cookie-spectificaction
accessebay 8734amazon 1678
backenddatabase
CPSC 441 - Application Layer 4
Cookies (continued)
What cookies can bring: authorization shopping carts recommendations user session state
(Web e-mail)
Cookies and privacy: cookies permit sites
to learn a lot about you
you may supply name and e-mail to sites
aside
How to keep “state”: protocol endpoints: maintain
state at sender/receiver over multiple transactions
cookies: http messages carry state
The Telnet Protocol
CPSC 441 - Application Layer 5
Telnet
Developed in 1969 (RFC 15), later extended in RFC 854
A generic method for remotely accessing machines
Client-server paradigm, bi-directional communication
Connection oriented (TCP based) Telnet service (telnetd) uses port 23
CPSC 441 - Application Layer 6
The Telnet protocol
Exchanges of 8 bit bytes MSB 0 signifies next 7 bits is ASCII MSB 1 used to indicate special protocol
character
CPSC 441 - Application Layer 7
Telnet Communication Model
Client process captures user input, sent over network to server
Server receives remote input, sends to operating system
Operating system response captured by server, sent over network to client
Client receives remote response, outputs to user
Every character is sent as a standalone packet!
CPSC 441 - Application Layer 8
Telnet Security Problems
Telnet sends everything in plaintext No authentication mechanism Telnet server has many vulnerabilities
and exploits Telnet has since been superseded by
the SSH protocol Secure Shell (SSH) provides both
Encryption authentication
CPSC 441 - Application Layer 9
Telnet applications
Telnet is a generic TCP client. Sends user input directly to the TCP socket. Outputs anything received from the TCP
socket. Can be used to troubleshoot and “talk”
directly to network “ASCII based” services
E.g. can be used to communicate with Web servers SMTP servers
CPSC 441 - Application Layer 10
CPSC 441 - Application Layer 11
Trying out HTTP (client side) for yourself
1. Telnet to your favorite Web server:
Opens TCP connection to port 80(default HTTP server port) at cis.poly.edu.Anything typed in sent to port 80 at cis.poly.edu
telnet cis.poly.edu 80
2. Type in a GET HTTP request:
GET /~ross/ HTTP/1.1Host: cis.poly.edu
By typing this in (hit carriagereturn twice), you sendthis minimal (but complete) GET request to HTTP server
3. Look at response message sent by HTTP server!
CPSC 441 - Application Layer 12
Try SMTP interaction for yourself:
telnet servername 25 see 220 reply from server enter HELO, MAIL FROM, RCPT TO, DATA, QUIT
commands above lets you send email without using email
client (reader)
