cookies and sessions - open.michigan//en.wikipedia.org/wiki/http_cookie technically, cookies are...
TRANSCRIPT
![Page 1: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/1.jpg)
![Page 2: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/2.jpg)
Cookies and SessionsCharles Severancewww.dr-chuck.com
![Page 3: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/3.jpg)
BROWSERBROWSER SERVERSERVERHTTPHTTPHyper Text Transfer ProtocolHyper Text Transfer Protocol
How stuff looks How stuff gets made and storedHow stuff gets back and forth...
HTML
CSS
Python
PHPSQL
For each of these aspects of the web, we have many standards and languages and techniques to learn.
![Page 4: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/4.jpg)
www.umich.edu www.yahoo.comwww.facebook.com
The read-only web: hypertext navigation and lots of GETs
(Screenshot) Source: www.facebook.com(Globe) source: http://www.clker.com/clipart-2123.html(Server) source: http://www.clker.com/clipart-server.html
images.yahoo.com29times
![Page 5: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/5.jpg)
ctools.umich.edu
Servers get used by many users at the same time.
(Screenshots) Source: ctools.umich.edu(Globe) source: http://www.clker.com/clipart-2123.html(Server) source: http://www.clker.com/clipart-server.html
![Page 6: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/6.jpg)
ctools.umich.edu
When folks hit a button...everyone POSTs
???(Screenshots) Source: ctools.umich.edu(Globe) source: http://www.clker.com/clipart-2123.html(Server) source: http://www.clker.com/clipart-server.html
![Page 7: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/7.jpg)
??? Server Questions ???
• Who is this user?
• Are they logged in yet?
• What screen did they come from?
• What button did they push?
• Where do we store this data?
• What screen do they want next?
![Page 8: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/8.jpg)
??? Server Questions ???
• Who is this user?
• Are they logged in yet?
• What screen did they come from?
• What button did they push?
• Where do we store this data?
• What screen do they want next?
Over and over and over and over and over and over and over....
same as it ever was
![Page 9: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/9.jpg)
Cookies and SessionsMaintaining State in HTTP
![Page 10: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/10.jpg)
High Level Summary
• The web is “stateless” - the browser does not maintain a connection to the server while you are looking at a page. You may never come back to the same server - or it may be a long time - or it may be one second later
• So we need a way for servers to know “which browser is this?”
• In the browser state is stored in “Cookies”
• In the server state is stored in “Sessions”
![Page 11: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/11.jpg)
Some Web sites always seem to want to know who you are!
Source: https://weblogin.umich.edu/
![Page 12: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/12.jpg)
Other Web sites always seem to know who you are!
Sources: www.twitter.com & www.flickr.com
![Page 13: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/13.jpg)
Browser
Server
GET
WholePage
GET
WholePage
Draw Draw
You watch the YouTube videofor 30 seconds
How you see YouTube...
ClickClick
Source: http://www.youtube.com/watch?v=f90ysF9BenI
![Page 14: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/14.jpg)
Browser
Server
GET
WholePage
GET
WholePage
How YouTube sees you...
Draw DrawClickClick
![Page 15: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/15.jpg)
Multi-User
• When a server is interacting with many different browsers at the same time, the server needs to know *which* browser a particular request came from
• Request / Response initially was stateless - all browsers looked identical - this was really really bad and did not last very long at all.
![Page 16: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/16.jpg)
Web Cookies to the Rescue
http://en.wikipedia.org/wiki/HTTP_cookie
Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser returns them unchanged to the server, introducing a state (memory of previous events) into otherwise stateless HTTP transactions. Without cookies, each retrieval of a Web page or component of a Web page is an isolated event, mostly unrelated to all other views of the pages of the same site.
![Page 17: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/17.jpg)
http://en.wikipedia.org/wiki/HTTP_cookie
![Page 18: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/18.jpg)
Cookies In the Browser
• Cookies are marked as to the web addresses they come from - the browser only sends back cookies that were originally set by the same web server
• Cookies have an expiration date - some last for years - others are short-term and go away as soon as the browser is closed
![Page 19: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/19.jpg)
Playing with Cookies
• Firefox Developer Plugin has a set of cookie features
• Other browsers have a way to view or change cookies
![Page 20: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/20.jpg)
(Screenshots) Source: ctools.umich.edu
![Page 21: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/21.jpg)
Two Kinds of Cookies
• Two kinds of cookies
• Long-lived - who you are - account name last access time - you can close and reopen your browser and it is still there
• Temporary - used to identify your session - it goes away when you close the browser
![Page 22: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/22.jpg)
The Firefox Web Developer Plugin Shows Cookies for the Current Host.
![Page 23: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/23.jpg)
Google Analytics Cookies
![Page 24: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/24.jpg)
Request Response Again!This time with cookies...
![Page 25: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/25.jpg)
HTTP Request / Response Cycle
http://www.oreilly.com/openbook/cgi/ch04_02.html
Browser
Web Server
HTTPRequest
HTTPResponse
Internet Explorer, FireFox, Safari, etc.
(Review)
(Screenshot) Source: www.dr-chuck.com
![Page 26: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/26.jpg)
HTTP Request / Response Cycle
GET /index.html HTTP/1.1Accept: www/sourceAccept: text/htmlUser-Agent: Lynx/2.4
http://www.oreilly.com/openbook/cgi/ch04_02.html
Browser
Web Server
HTTPRequest
We do or initialGET to a server. The server checks to see if we have a cookie with a particular name set.Since this our first interaction, we do not have cookies set for this host.
![Page 27: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/27.jpg)
HTTP Request / Response Cycle
http://www.oreilly.com/openbook/cgi/ch04_02.html
Browser
Web Server
HTTPResponse
HTTP/1.1 200 OKContent-type: text/htmlSet-Cookie: sessid=123
<head> .. </head><body><h1>Welcome ....
host: sessid=123
Along with the rest of the response, the server sets a cookie with some name (sessid) and sends it back along with the rest of the response.
![Page 28: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/28.jpg)
HTTP Request / Response Cycle
GET /index.html HTTP/1.1Accept: www/sourceAccept: text/html
Cookie: sessid=123User-Agent: Lynx/2.4
http://www.oreilly.com/openbook/cgi/ch04_02.html
Browser
Web Server
HTTPRequest
host: sessid=123
From that point forward, each time we send a GET or POST to the server, we include any cookies which were set by that host.
![Page 29: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/29.jpg)
HTTP Request / Response Cycle
http://www.oreilly.com/openbook/cgi/ch04_02.html
Browser
Web Server
HTTPResponse
HTTP/1.1 200 OKContent-type: text/htmlSet-Cookie: name=chuck
<head> .. </head><body><h1>Welcome ....
host: sessid=123host:name=chuck
On each response, the server can change a cookie value or add another cookie.
![Page 30: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/30.jpg)
HTTP Request / Response Cycle
GET /index.html HTTP/1.1Accept: www/sourceAccept: text/htmlCookie: sessid=123,name=chuckUser-Agent: Lynx/2.4
http://www.oreilly.com/openbook/cgi/ch04_02.html
Browser
Web Server
HTTPRequest
From that point forward, each time we send a GET or POST to the server, we include all the cookies which were set by that host.
host: sessid=123host:name=chuck
![Page 31: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/31.jpg)
Browser
Server
GET
Page
GET POST
Cookies
Cookies
Cookies
Cookies
Coo
kies
Coo
kies
Remember that cookies are only sent back to the host that set the cookie.
Page Page
![Page 32: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/32.jpg)
Security
• We ony send cookies back to the host that originally set the cookie
• The browser has *lots* of cookies for lots of hosts
• To ses all Cookies: Firefox -> Preferences -> Privacy -> Show Cookies
![Page 33: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/33.jpg)
Using Cookies to Support Sessions and Login / Logout
![Page 34: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/34.jpg)
Some Web sites always seem to want to know who you are!
Source: https://weblogin.umich.edu/
![Page 35: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/35.jpg)
In The Server - Sessions
• In most server applications, as soon as we meet a new browser - we create a session
• We set a session cookie to be stored in the browser which indicates the session id in use
• The creation and destruction of sessions is generally handled by a web framework or some utility code that we just use to manage the sessions
![Page 36: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/36.jpg)
Session Identifer• A large, random number that we place in a browser cookie the frst
time we encounter a browser.
• This number is used to pick from the many sessions that the server has active at any one time.
• Server software stores data in the session which it wants to have from one request to another from the same browser.
• Shopping cart or login information is stored in the session in the server
![Page 37: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/37.jpg)
ServerServer
Browser CBrowser C
![Page 38: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/38.jpg)
ServerServer
Browser CBrowser C
Request
![Page 39: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/39.jpg)
ServerServer
Session 97Session 97
Browser CBrowser C
cook=97cook=97
Request
Response
index:index:
““PleasePleaselog in”log in”cook=97
CreateSession
![Page 40: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/40.jpg)
ServerServer
Session 97Session 97
Browser CBrowser C
cook=97cook=97
Typing
We now have a session establishedbut are not yet logged in.
Source: https://weblogin.umich.edu/
![Page 41: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/41.jpg)
Login / Logout
• Having a session is not the same as being logged in.
• Generally you have a session the instant you connect to a web site
• The Session ID cookie is set when the frst page is delivered
• Login puts user information in the session (stored in the server)
• Logout removes user information from the session
![Page 42: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/42.jpg)
ServerServer
Session 97Session 97
Browser CBrowser C
cook=97cook=97
Request
login:login:
if good:if good:set userset user
Click
cook=97cook=97
![Page 43: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/43.jpg)
ServerServer
Session 97Session 97
user=philuser=phil
Browser CBrowser C
cook=97cook=97
Request
login:login:
if good:if good:set userset user
Click
Response
cook=97cook=97
![Page 44: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/44.jpg)
ServerServer
Session 97Session 97
user=philuser=phil
Browser CBrowser C
cook=97cook=97
![Page 45: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/45.jpg)
Using Sessions for Other Stuff
![Page 46: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/46.jpg)
ServerServerBrowser ABrowser A
cook=10cook=10
Browser BBrowser B
cook=46cook=46
Session 10Session 10
user=chuckuser=chuckbal=$1000bal=$1000
Session 46Session 46
user=januser=janbal=$400bal=$400
![Page 47: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/47.jpg)
ServerServer
Session 10Session 10
user=chuckuser=chuckbal=$1000bal=$1000
Session 46Session 46
user=januser=janbal=$500bal=$500
Browser ABrowser A
cook=10cook=10
Browser BBrowser B
cook=46cook=46
withdraw:withdraw:
bal=bal-100bal=bal-100
![Page 48: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/48.jpg)
ServerServer
Session 10Session 10
user=chuckuser=chuckbal=$1000bal=$1000
Session 46Session 46
user=januser=janbal=$500bal=$500
Browser ABrowser A
cook=10cook=10
Browser BBrowser B
cook=46cook=46
withdraw:withdraw:
bal=bal-100bal=bal-100
Click
![Page 49: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/49.jpg)
ServerServer
Session 10Session 10
user=chuckuser=chuckbal=$1000bal=$1000
Session 46Session 46
user=januser=janbal=$500bal=$500
Browser ABrowser A
cook=10cook=10
Browser BBrowser B
cook=46cook=46
cook=46cook=46
withdraw:withdraw:
bal=bal-100bal=bal-100
![Page 50: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/50.jpg)
ServerServer
Session 10Session 10
user=chuckuser=chuckbal=$1000bal=$1000
Session 46Session 46
user=januser=janbal=$400bal=$400
Browser ABrowser A
cook=10cook=10
Browser BBrowser B
cook=46cook=46
cook=46cook=46
withdraw:withdraw:
bal=bal-100bal=bal-100Response
Request
![Page 51: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/51.jpg)
Review...
![Page 52: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/52.jpg)
High Level Summary
• The web is “stateless” - the browser does not maintain a connection to the server while you are looking at a page. You may never come back to the same server - or it may be a long time - or it may be one second later
• So we need a way for servers to know “which browser is this?”
• In the browser state is stored in “Cookies”
• In the server state is stored in “Sessions”
![Page 53: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/53.jpg)
Browser
Server
GET
WholePage
GET
WholePage
Draw Draw
You watch the YouTube videofor an 30 seconds
How you see YouTube...
ClickClick
Source: http://www.youtube.com/watch?v=f90ysF9BenI
![Page 54: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/54.jpg)
Browser
Server
Draw DrawClickClick
GET
WholePage
GET
WholePage
![Page 55: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/55.jpg)
Browser
Server
Draw DrawClickClick
GET
WholePage
GET
WholePage
Session 42Session 42
cook=42
cook=42
cook=42
cook=42
Session 42Session 42
![Page 56: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/56.jpg)
??? Server Questions ???
• Who is this user?
• Are they logged in yet?
• What screen did they come from?
• What button did they push?
• Where do we store this data?
• What screen do they want next?
![Page 57: Cookies and Sessions - Open.Michigan//en.wikipedia.org/wiki/HTTP_cookie Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser](https://reader034.vdocuments.mx/reader034/viewer/2022051508/5aaa5c2e7f8b9a8b188e0690/html5/thumbnails/57.jpg)
Cookie/Session Summary• Cookies take the stateless web and allow servers to store small
“breadcrumbs” in each browser.
• Session IDs are large random numbers stored in a cookie and used to maintain a session on the server for each of the browsers connecting to the server
• Server software stores sessions *somewhere* - each time a request comes back in, the right session is retrieved based on the cookie
• Server uses the session as a scratch space for little things