Embed Size (px)
Citation preview
Lecture 15
CGI SessionsPerl
CPE 401 / 601Computer Network Systems
slides are modified from Dave Hollinger and Shwen Ho
Sessions
Many web sites allow you to establish a session.
you identify yourself to the system.
now you can visit lots of pages, add stuff to shopping cart, establish preferences, etc.
CGI Sessions 2
State Information
Remember that each HTTP request is unrelated to any other as far as the Web server is concerned
Each new request to a CGI program starts up a brand new copy of the CGI program.
Providing sessions requires keeping state information.
CGI Sessions 3
Session Conversation
CGI Sessions 4
Client
Client
Hi! I'm Joe.Hi! I'm Joe. Server
Server
Hi Joe (it's him again)Welcome Back...Hi Joe (it's him again)Welcome Back...
I wanna buy a cookie.I wanna buy a cookie.
OK Joe, it will be there tomorrow.OK Joe, it will be there tomorrow.
CGI1
CGI2
Hidden Field Usage
One way to propagate state information is to use hidden fields.
User identifies themselves to a CGI program fills out a form
CGI sends back a form that contains hidden fields that identify the user or session.
CGI Sessions 5
Revised Conversation
Initial form has field for user name.
GET /cgi1?name=joe HTTP/1.0
CGI1 creates order form with hidden field.
GET/cgi2?name=joe&order=cookie HTTP/1.0
CGI Sessions 6
Session Keys
Many Web based systems use hidden fields that identify a session.
When the first request arrives, the system generates a unique session key and stores it in a database.
The session key can be included in all forms/links generated by the system as a hidden field or embedded in a link
CGI Sessions 7
Session Key Properties
Must be unique.
Should expire after a while.
Should be difficult to predict. typically use a pseudo-random number
generator seeded carefully.
CGI Sessions 8
Pizza Server Session Keys
We define a server to use session keys: <INPUT TYPE=HIDDEN NAME=sessionkey VALUE=HungryStudent971890237>
A request to order a pizza might look like this all on one line
GET /pizza.cgi?sessionkey= HungryStudent971890237&pizza=cheese&size=large HTTP/1.0
CGI Sessions 9
HTTP Cookies
A "cookie' is a name,value pair that a CGI program can ask the client to remember.
The client sends this name,value pair along with every request to the CGI.
We can also use "cookies" to propagate state information.
CGI Sessions 10
Cookies are HTTP
Cookies are HTTP headers.
A server (CGI) can give the browser a cookie by sending a Set-Cookie header line with the response.
A client can send back a cookie by sending a Cookie header line with the request.
CGI Sessions 11
Set-Cookie Header Options
The general form of the Set-Cookie header is:
Set-Cookie: name=value; options
The options include:expires=...
domain=...
path=...
CGI Sessions 12
Setting a cookie
HTTP/1.0 200 OK
Content-Type: text/html
Set-Cookie: customerid=0192825
Content-Length: 12345
...
CGI Sessions 13
expires Option
This tells the browser how long to hang on to the cookie.
The time/date format is very specific!
CGI Sessions 14
expires=Friday 29-Feb-2000 00:00:00 GMT
Weekday, Day-Month-Year Hour:Minute:Second GMT
Default expiration
If there is no expires option on the Set-Cookie header line, the browser does not save the cookie to
disk.
In this case, when the browser is closed it will forget about the cookie.
CGI Sessions 15
domain Option
domain=.unr.edu
The domain option tells the browser the domain(s) to which it should send the cookie.
Domains as in DNS.
The domain must start with "." and contain at least one additional "."
CGI Sessions 16
Domain option rules
The server that sends the Set-Cookie header must be in the domain specified.
If no domain option is in the header, the cookie will only be sent to the same server.
: CGI Sessions 17
Default Behavior
path Option
path=/
or path=/~mgunes/cpe401
The path option tells the browser what URLs the cookie should be sent to.
CGI Sessions 18
path default
If no path is specified in the header, the cookie is sent to only those URLs that
have the same path as the URL that set the cookie.
A path is the leading part of the URL does not include the filename
CGI Sessions 19
Default Path Example
If the cookie is sent from:
/~mgunes/cpe401/pizza/pizza.cgi
it would also be sent to
/~mgunes/cpe401/pizza/blah.cgi
but not to
/~mgunes/cpe401/soda/pizza.cgi
CGI Sessions 20
Set-Cookie Fields
Many options can be specified. Things are separated by ";"
Set-Cookie: a=blah; path=/; domain=.cse.unrr.edu; expires=Thursday, 21-Feb-2002 12:41:07 2002
CGI Sessions 21
All must b
e on one li
ne!
CGI cookie creation
A CGI program can send back any number of HTTP headers. can set multiple cookies
Content-Type is required!
Blank line ends the headers!
CGI Sessions 22
C Example
printf("Content-Type: text/html\r\n");
printf("Set-Cookie: prefs=nofrms\r\n");
printf("Set-Cookie: Java=yes\r\n");
printf("\r\n");
… now sends document content
CGI Sessions 23
Getting HTTP Cookies
The browser sends each cookie as a header:
Cookie: prefs=nofrms
Cookie: Java=OK
The Web server gives the cookies to the CGI program via an environment variable.
CGI Sessions 24
Multiple Cookies
There can be more than one cookie. The Web Server puts them all together
like this:prefs=nofrms; Java=OK
and puts this string in the environment variable: HTTP_COOKIE
CGI Sessions 25
Cookie Limits
Each cookie can be up to 4k bytes.
One "site" can store up to 20 cookies on a user's machine.
CGI Sessions 26
Cookie Usage
Create a session.
Track user browsing behavior.
Keep track of user preferences.
Avoid logins.
CGI Sessions 27
Cookies and Privacy
Cookies can't be used to: send personal information to a web server
without the user knowing about it.
be used to send viruses to a browser.
find out what other web sites a user has visited.*
access a user's hard disk
* although they can come pretty close to this one!
CGI Sessions 28
Some Issues
Persistent cookies take up space on user's hard disk.
Can be used to track your behavior within a web site. This information can be sold or shared.
Cookies can be shared by cooperating sites advertising agencies do this.
CGI Sessions 29
PerlPractical Extration and Reporting Language a high-level programming language
• whose semantics are largely based on C
Designed for text manipulation Very fast to implement particularly strong at process, file and text
manipulation
Runs on many different platform Windows, Mac, Unix, Linux, Dos, etc
Perl 31
Running Perl Perl scripts do not need to be compiled
interpreted at the point of execution do not necessarily have a particular file
extension • “.pl” is used commonly
Executing it via the command line command line> perl script.pl arg1 arg2 ... Or add the line "#!/usr/bin/perl" to the start
of the script if you are using unix/linux./perlscript.pl
• Remember to set the correct file execution permissions before running it
Perl 32
Beginning Perl Every statement end with a semi colon ";"
Comments are prefixed at the start of the line with a hash "#"
Variables are assigned a value using the "="
Variables are not statically typed, No need to declare what kind of data you want to hold
in them.
Variables are declared the first time you initialize them and they can be anywhere in the program.
Perl 33
Scalar Variables Contains single piece of data '$' character shows that a variable is
scalar Scalar variables can store
number string
• a chunk of text surrounded by quotes
$name = "paul"; $year = 1980;print "$name is born in $year";
output: paul is born in 1980Perl 34
Arrays Variables (List) Ordered list of data, separated by commas '@' character shows that a variable is an
array
Array of numbers@year_of_birth = (1980, 1975, 1999);
Array of string@name = ("Paul", "Jake", "Tom");
Array of both string and numbers@paul_address = (14,"Cleveland St","NSW",2030);
Perl 35
Retrieving data from Arrays Printing Arrays
@name = ("Paul", "Jake", "Tom");print "@name";
Accessing individual elements in an array@name = ("Paul", "Jake", "Tom");print "$name[1]";
What has changed? @name to $name To access individual elements use the syntax $array[index]
Why did $name[1] print the second element? index 0 represents the first element.
Perl 36
Arrays …
@name = ("Paul", "Jake", "Tom");
print "@name"; Paul Jake Tom
print @name; PaulJakeTom
$count=@name; $count = 3
@nameR=reverse(@name); @nameR=("Tom","Jake","Paul")
@nameS=sort(@name); @nameS=("Jake","Paul","Tom")
Perl 37
Basic Arithmetic Operators
+ Addition - Subtraction * multiplication / division ++ adding one to the variable -- subtracting one from the
variable$a += 2 incrementing variable by 2$b *= 3 tripling the value of the
variablePerl 38
Relational Operators
Comparison NumericString
Equals == eqNot equal != neLess than < lt
Greater than > gtLess than or equal <= le
Greater than or equal >= gtComparison <=> cmp
Perl 39
Control Operators - If
if ( expression 1) { ...}elsif (expression 2) { ...}else { ...}
Perl 40
Iteration Structures
while (CONDITION) { BLOCK }
until (CONDITION) {BLOCK}
do {BLOCK} while (CONDITION)
for (INITIALIZATION ; CONDITION ;
Re-INITIALIZATION) {BLOCK}
foreach VAR (LIST) {BLOCK}
for VAR (LIST) {BLOCK}
Perl 41
Iteration Structures
$i = 1;while($i <= 5){ print "$i\n"; $i++;}
for($x=1; $x <=5; $x++) { print "$x\n";}
@array = [1,2,3,4,5];foreach $number (@array){ print "$number\n";}
Perl 42
String Operations Strings can be concatenated with the dot operator$lastname = "Harrison";$firstname = "Paul";$name = $firstname . $lastname;$name = "$firstname$lastname";
Comparison can be done with the relational operator
$string1 = "hello";$string2 = "hello";if ($string1 eq $string2) { print "they are equal"; }else { print "they are different"; } Perl 43
String comparison using patterns The ‘=~ ’ operator return true if the pattern
within the ‘/’ quotes are found. $string1 = "HELLO";$string2 = "Hi there";# test if the string contains the pattern EL
if ($string1 =~ /EL/) { print "This string contains the pattern"; }else { print "No pattern found"; }
Perl 44
Functions in Perl No strict variable type restriction during
function call Perl has provided lots of useful functions
chop - remove the first character of a string chomp - remove the carriage return
character from the end of a string push - append one or more element into an
array pop - remove the last element of an array and
return it shift - remove the first element of an array and
return it s - replace a pattern with a string Perl 45
Functions in Perl The "split" function breaks a given
string into individual segments given a delimiter
split( /pattern/, string) returns a list
@output = split (/\s/, $string); # breaks the sentence into words
@output = split (//, $string); # breaks the sentence into single characters
@output = split (/,/, $string); # breaks the sentence into chunks separated by a
comma.
join ( /delimiter/, array) returns a stringPerl 46
Functions in Perl
A simple perl function
sub sayHello { print "Hello!!\n";}
sayHello();
Perl 47
Executing functions in Perl Function arguments are stored automatically in
a temporary array called @_
sub sayHelloto { @name = @_; $count = @_; foreach $person (@name){ print "Hello $person\n"; } return $count;}@array = ("Paul", "Jake", "Tom");sayHelloto(@array);sayHelloto("Mary", "Jane", "Tylor", 1, 2, 3);
Perl 48
Input / Output
Perl allows you to read in any input that is automatically sent to your program via standard input by using the handle <STDIN>.
Other I/O topics include reading and writing to files, Standard Error (STDERR) and Standard Output (STDOUT).
One way of handling inputs via <STDIN> is to use a loop to process every line of input
Perl 49
Input / Output Count the number of lines from standard
input and print the line number together with the 1st
word of each line.
$count = 1;foreach $line (<STDIN>){ @array = split(/\s/, $line); print "$count $array[0]\n"; $count++;}
Perl 50
Regular Expression
Regular expression is a set of characters that specify a pattern.
Used for locating piece of text in a file.
Regular expression syntax allows the user to do a "wildcard" type search without necessarily specifying the character literally
Available across OS platform and programming language.
Perl 51
A simple regular expression contains the exact string to match
$string = "aaaabbbbccc";if($string =~ /bc/){ print "found pattern\n";}
output: found pattern
Simple Regular Expression
Perl 52
Simple Regular Expression
The variable ‘$& ’ is automatically set to the matched pattern
$string = "aaaabbbbccc";if($string =~ /bc/){ print "found pattern : $&\n"; }
output: found pattern bc
Perl 53
Simple Regular Expression
What happen when you want to match a generalised pattern like an "a" followed by some "b"s and a single "c"
$string = "aaaabbbbccc";if($string =~ /abbc/){ print "found pattern : $&\n"; }else {print "nothing found\n"; }
output: nothing found
Perl 54
Regular Expression - Quantifiers We can specify the number of times we want
to see a specific character in a regular expression by adding operators behind the character.
‘ * ’ (asterisk) matches zero or more copies of a specific character
‘ + ’ (plus) matches one or more copies of a specific character
Perl 55
Regular Expression - Quantifiers@array = ["ac", "abc", "abbc", "abbbc", "abb", "bbc", "bcf", "abbb", "c"];
foreach $string (@array){ if($string =~ /ab*c/){ print "$string "; }}
output: ac abc abbc abbbc
Perl 56
Regular Expression - Quantifiers
Regular Exp
Matched pattern
abc abc
ab*c ac abc abbc abbbc
ab+c abc abbc abbbc
@array = ["ac", "abc", "abbc", "abbbc", "abb", "bbc", "bcf", "abbb", "c"];
Perl 57
Regular Expression - Anchors
Anchor restrictions preceding and behind the pattern specify where along the string to match to.
‘^’ indicates a beginning of a line restriction
‘$’ indicates an end of line restriction
Perl 58
Regular Expression - Anchors
Regular Exp
Matched pattern
^bc bc
^b*c bbc bcf c
^b*c$ bbc c
b*c$ ac abc abbc abbbc bbc c
@array = ["ac", "abc", "abbc", "abbbc", "abb", "bbc", "bcf", "abbb", "c"];
Perl 59
Regular Expression - Range […] is used to identify the exact characters
you are searching for
[0123456789] will match a single numeric character
[0-9] will also match a single numeric character
[A-Za-z] will match a single alphabet of any case
Perl 60
Regular Expression - Range Search for a word that
starts with the uppercase T second letter is a lowercase alphabet third letter is a lower case vowel is 3 letters long followed by a space
Regular expression : "^T[a-z][aeiou] "
Note : [z-a] is backwards and does not work Note : [A-z] does match upper and lowercase but
also 6 additional characters between the upper and lower case letters in the ASCII chart: [ \ ] ^ _ `
Perl 61
Regular Expression - Others Match a single character (non specific) with "." (dot)
a.c matches any string with "a" follow by one character
and followed by "c"
Specifying number of repetition sets with "\{" and "\}“ [a-z]\{4,6\}
match four, five or six lower case alphabet
Remembering Patterns with "\(,\)" and "\1" Regular Exp allows you to remember and recall patterns
Perl 62
RegExp problem and strategies You tend to match more lines than desired.
A.*B matches AAB as well as AAAAAAACCCAABBBBAABBB
Knowing what you want to match Knowing what you don’t want to match
Writing a pattern out to describe that you want to match
Testing the pattern
Perl 63
Web Servers & CGI
Most web server are capable of running CGI programs.
The server must be able to determine whether a URI refers to: Document
• just send it back CGI program
• run it and send back the result.
CGI … 65
CGI recognition Some servers insist that CGI programs be
in a special place typically the URL path is one of:
/CGI-BIN /cgi-bin /CGI /cgibin
Some servers look at the filename: filename ends with .cgi
Some servers are given a list of URLS that are CGIs
66CGI …
User files and Web Servers
On Unix based web servers, the URL/~username
is typically mapped to the directory~username/public.html
-or-~username/public_html
67CGI …
www.cse.unr.edu
On the CSE web server you should put your files in ~/public.html
The URI http://www.cse.unr.edu/~you
is your home page where you is your CSE username.
68CGI …
Directories
Most web servers do the following when a URL maps to a directory:
if there is a file named index.html in the directory
• it is sent back.
if there is no index.html, • an HTML formatted directory listing is sent back.
69CGI …
Debugging
It's hard to debug a CGI program!
Debugging print statements should generate HTML.
You can run the program from the Unix command line you just need to set the environment variables
right (use GET for this).
70CGI …
CGI script example
Perl 71
<HTML>
<HEAD>
<TITLE>cgi-test</TITLE>
</HEAD>
<BODY>
<p> This is a sample page to read
two data items from the web page:
<form action="cgi-bin/xaction" method=get>
<p>First name=<input type=text name=xfirst size=10>
<br>Last name=<input type=text name=xlast size=20>
<br> <input type=submit value=SEND>
<input type=reset value=RESET>
</form>
</BODY>
</HTML>
Parameters passed as arguments xfirst and xlast
HTML for Forms
Perl 72
Perl - CGI script#!/usr/bin/perl
print “Content-Type: text/html\n\n”;
print “<html><head>\n”;
print “<title>Sample PERL script</title>\n”;
print “</head><body>\n”;
print “<p>Query_string is $ENV{'QUERY_STRING'}\n”;
foreach ( split( /&/, $ENV{'QUERY_STRING'}) )
{ ( $key, $val ) = split( /=/, $_, 2 );
$tmp{$key} = $val; }
print “<p>First name is <b>$tmp{'xfirst'}</b>\n”;
print “<p>Last name is <b>$tmp{'xlast'}</b>\n”;
print “</body></html>\n”
Perl 73
• Perl program first reads parameters as xfirst&zlast from $ENV (environment) into QUERY_STRING• Output of Perl is the syntax of an HTML page that is displayed
