11
1
Cookies
CGI/Perl Programming
By Diane Zak
11
2
Objectives
• In this chapter, you will:
• Learn the difference between temporary and persistent cookies
• Create a cookie• Send a cookie to a web browser• Access the information stored in a
cookie
11
3
Introduction
• Misconceptions about cookies:– Contain viruses– Gain access to private information
stored on a computer
• Truth about cookies:– Cookie are just pieces of text
• Since they are not programs, they cannot pass a virus or read a hard disk
11
4
Introduction– Cookies only contain information
that has been disclosed on the cookie’s website
– A web site can only access information stored in its cookie•Does not have access to any other
site’s cookie files
11
5
Using a Cookie
• A cookie is a piece of data that a Web server stores in your computer– Stored in RAM
• Random Access Memory
– Store on hard drive– Allows site to remember information about
you• Data entered on a form• Number of times a site has been visited• User preferences
11
6
Using a Cookie
• Every cookie can contain:– Required key and value– Optional information like expiration date
• 2 types of cookies:– Temporary cookie
• Also referred to as a session cookie• Stored in RAM (Random Access Memory)• Only exists while browser is open• Erased from memory when the browser is closed
11
7
Using a Cookie
• 2 types of cookies:– Permanent cookie
• Stored in a text file• Has expiration date telling browser when the cookie
should be deleted• Netscape stores in cookies.txt file
– In Netscape directory
• Internet Explorer stores each cookie in a separate file– Each file name starts with your username– In Cookies directory
11
8
Using a Cookie
• Browser’s responsibilities:– Web browser keeps track of all cookies sent
to it by a particular server– When a URL is typed into a browser, the
browser searches RAM and the hard drive for any cookies belonging to the server
• Contacts server and transmits any cookies and the URL
• CGI.pm module contains functions for creating and retrieving cookies
11
9
Creating a Cookie
• cookie function:
– Syntax:cookie (-name => key,
-value => value, -path => path, -expires => expires);
• The => operator is the “corresponds to” operator.
– Used to associate each argument with a value– Can use comma instead
11
10
Creating a CookieParts Description
key - Required- Name of value listed in –value- Can be string, number, scalar variable
value - Required- Value of the cookie- Can be string, number, scalar variable, array, or hash
path -Optional- Indicates the scripts to which the cookie will be sent- If omitted, sent to all scripts on server
expires - Optional- When the cookie will expire- If omitted, will expire when the browser is closed
11
11
Creating a Cookie
• Expiration Settings:Setting Cookie will expire
+ns in n seconds
+nm in n minutes
+nh in n hours
+nd in n days
now immediately
+nM in n months
+nY in n years
11
12
Creating a Cookie
11
13
Sending a Cookie to the Browser
• header function:– Part of CGI.pm– Sends one or more cookies to a browser– The header function already sends the print
“Content-type: text/html\n\n”; statement• If it is typed into the script before the header
function, the cookies will not be sent to the browser
– Cookies must be sent before the Content-type header line is processed
11
14
Sending Cookiesto a Browser
11
15
Accessing the Information Stored in a Cookie
• When a URL is entered into a browser:– Browser searches RAM and hard drive for
cookies for that server– Browser contacts server and sends cookies,
URL, and any form data– Server sends cookie and form data to script
if the URL is associated with a script
11
16
Accessing the Information Stored in a Cookie
• Syntax:– cookie (key)
• Example:$color = cookie(‘Color’);print “<BODY BGCOLOR=$color>\n”;
• The value of the Color key is assigned to the $color variable
– When the cookie was created, its name was “Color”, and its value will change the background color of a dynamic web page
11
17
• Examples:$custid = cookie(‘Id’);print “Customer id: $custid <BR>\n”
@custrec = split (/ /, cookie(‘Record’));foreach my $rec (@custrec) {
print “$rec<BR>\n”;}• If the value associated with the cookie’s key is an array:• Use split to divide the value associated with the key • Use the foreach loop to go print each element
Accessing the Information Stored in a Cookie
11
18
The Jubilee Book ClubWeb Pages
• If the user has never visited the site, the Name text box should be blank• If the user has visited the site, his/her name should appear in the Name text box
11
19
The Jubilee Book ClubWeb Pages
11
20
Planning and Codingthe book2.cgi Script
– Each time the user visits the web site, the book2.cgi script will create the Name cookie and send it to the user’s browser
– It will overwrite the existing Name cookie (if any)
– The cookie will expire in 6 months
11
21
Planning and Codingthe book1.cgi Script
11
22
Planning and Codingthe book1.cgi Script
11
23
Summary• A cookie is a piece of data that a Web server can
store on your computer (RAM, hard drive) depending on the life span of the cookie.
• A cookie cannot pass a virus or read a hard drive.
• A cookie can contain only as much information as you disclose on the web site that creates the cookie.
• Every cookie has a key and value and can contain optional information like path and expiration date.
11
24
Summary
• A temporary (session) cookie is stored in RAM and erased from memory when the browser is closed.
• A persistent cookie is stored in a text file on the hard drive.– Expiration date telling browser when to delete
• Like form data, cookies are sent with the requested URL.
• The cookie function, defined in CGI.pm, can create a cookie or access data stored in a cookie.
11
25
Summary
• cookie function:– must specify –name and –value functions.– The => operator is called the “corresponds to” operator.– The –path argument determines which scripts receive the cookie.– The –expires argument indicates the expiration period for the
cookie.
• You can use the header function to send one or more cookies to a browser– Defined in cgi.pm– Sends cookie information and the Content-type header line to the
browser• Don’t need to type in the Content-type header line