cs453: state in web applications (part 1) state in general sessions (esp. in php) prof. tom horton
TRANSCRIPT
![Page 1: CS453: State in Web Applications (Part 1) State in General Sessions (esp. in PHP) Prof. Tom Horton](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56649e885503460f94b8d1be/html5/thumbnails/1.jpg)
CS453: State in Web CS453: State in Web Applications (Part 1)Applications (Part 1)
State in GeneralState in General
Sessions (esp. in PHP)Sessions (esp. in PHP)
Prof. Tom HortonProf. Tom Horton
![Page 2: CS453: State in Web Applications (Part 1) State in General Sessions (esp. in PHP) Prof. Tom Horton](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56649e885503460f94b8d1be/html5/thumbnails/2.jpg)
Readings
• Textbook:– Pages 155-158;
• On the web:
• On-line book:
![Page 3: CS453: State in Web Applications (Part 1) State in General Sessions (esp. in PHP) Prof. Tom Horton](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56649e885503460f94b8d1be/html5/thumbnails/3.jpg)
State, Stateless, HTTP
• We say HTTP is stateless– From one request from client/server to the
next, the server:• Doesn’t remember anything• Can’t associate previous request with current
request
• Advantages: simpler protocol and implementations
• But we need state for real apps
![Page 4: CS453: State in Web Applications (Part 1) State in General Sessions (esp. in PHP) Prof. Tom Horton](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56649e885503460f94b8d1be/html5/thumbnails/4.jpg)
State and Sessions
• State– Variable/info we store and have repeated
access to• “We” is client-side app and server-side app
• Session– A sequence of interactions for which we
remember state
![Page 5: CS453: State in Web Applications (Part 1) State in General Sessions (esp. in PHP) Prof. Tom Horton](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56649e885503460f94b8d1be/html5/thumbnails/5.jpg)
One form of state: Cookies
• You remember cookies?• Clearly an example of state
– Stored on disk on client-side– Readable and writable by JavaScript– Readable and writable by server-side
scripts
• Issues?– Security, nuisance, abuse, expiration,
limitations on number, size, …
![Page 6: CS453: State in Web Applications (Part 1) State in General Sessions (esp. in PHP) Prof. Tom Horton](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56649e885503460f94b8d1be/html5/thumbnails/6.jpg)
Where to Keep State?
• In server-side application– In Apache etc.?
• Why not a good idea?
– In memory in the server-side program?
• On the server’s file-system– In files or DBMS– Now: must have user-id or session-id,
and pass it around (and manage it)
![Page 7: CS453: State in Web Applications (Part 1) State in General Sessions (esp. in PHP) Prof. Tom Horton](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56649e885503460f94b8d1be/html5/thumbnails/7.jpg)
Where to Keep State? (2)
• On the client?– On the file system: Cookies– In memory in the client
• Is this possible?• Advantages: can’t access through JavaScript,
hacking, etc.
• For any of these, passing things back and forth is still needed
![Page 8: CS453: State in Web Applications (Part 1) State in General Sessions (esp. in PHP) Prof. Tom Horton](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56649e885503460f94b8d1be/html5/thumbnails/8.jpg)
Solutions
• Dynamic URLs– Input some information into the URL– Forms, CGI: GET method
• Cookies• Hidden input fields in forms
– Not displayed, but in HTML– Dynamic/changeable with JavaScript
• Java applets– Why does this solve the state issue?
![Page 9: CS453: State in Web Applications (Part 1) State in General Sessions (esp. in PHP) Prof. Tom Horton](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56649e885503460f94b8d1be/html5/thumbnails/9.jpg)
PHP Sessions
• You’ve seen how PHP supports cookies• PHP also support sessions directly without
using cookies• The key ideas:
– Functions to start and end sessions– PHP and browser share a set of variables
“cleanly” with little effort on your part– For a single session
• While the browser is open, and…• Between your PHP calls to start and end session
![Page 10: CS453: State in Web Applications (Part 1) State in General Sessions (esp. in PHP) Prof. Tom Horton](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56649e885503460f94b8d1be/html5/thumbnails/10.jpg)
What’s Shared
• $_SESSION– An associative array (super-global, like for
POST or cookies)
• A session-id– Get it with PHP function session-id() – But you don’t really need it
![Page 11: CS453: State in Web Applications (Part 1) State in General Sessions (esp. in PHP) Prof. Tom Horton](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56649e885503460f94b8d1be/html5/thumbnails/11.jpg)
Starting a Session
• First line in script: start_session();
• Either– Creates a new session– Or “re-loads” current session
• Your browser knows if a session is active
– So pages using sessions should always start with this
![Page 12: CS453: State in Web Applications (Part 1) State in General Sessions (esp. in PHP) Prof. Tom Horton](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56649e885503460f94b8d1be/html5/thumbnails/12.jpg)
Ending a Session
• At some point your know you’re done.So just call:
destroy_session();
• Cleans up $_SESSION and session-id
![Page 13: CS453: State in Web Applications (Part 1) State in General Sessions (esp. in PHP) Prof. Tom Horton](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56649e885503460f94b8d1be/html5/thumbnails/13.jpg)
Session Variables
• Use $_SESSION as any associative array– Re-loaded with persistent values by
start_session()– As usual, not a good idea to use extract().– POST variables can over-write these– Don’t forget isset() function
![Page 14: CS453: State in Web Applications (Part 1) State in General Sessions (esp. in PHP) Prof. Tom Horton](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56649e885503460f94b8d1be/html5/thumbnails/14.jpg)
Example
• Live on-line example
![Page 15: CS453: State in Web Applications (Part 1) State in General Sessions (esp. in PHP) Prof. Tom Horton](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56649e885503460f94b8d1be/html5/thumbnails/15.jpg)
![Page 16: CS453: State in Web Applications (Part 1) State in General Sessions (esp. in PHP) Prof. Tom Horton](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56649e885503460f94b8d1be/html5/thumbnails/16.jpg)
Web sessions
• Textbook: pages 285-286
• Custom URL method– First formhttp://www.com/path/script.cgi?args&sessionID
• The script does the work
– Second form:http:/www.com/path/sessionID/more/path
• The server knows how to handle this
![Page 17: CS453: State in Web Applications (Part 1) State in General Sessions (esp. in PHP) Prof. Tom Horton](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56649e885503460f94b8d1be/html5/thumbnails/17.jpg)
Where to Store Info (Revisited)
• What’s a “three-tier” architecture– client, server, database
• E.g. browser plus PHP and MySQL on server– but other possibilities
• Other possibilities: federated systems– Cooperating distributed systems that handle
certain tasks– Examples: authentication (e.g. MS Passport),
wallets, credit card processing, shippers, etc.
![Page 18: CS453: State in Web Applications (Part 1) State in General Sessions (esp. in PHP) Prof. Tom Horton](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56649e885503460f94b8d1be/html5/thumbnails/18.jpg)
Some Rules of Thumb
• Considering storing on the client when: – It’s info where security is crucial– Where OK if info not available when a
different machine is used– Where info used by more than one
application or page
![Page 19: CS453: State in Web Applications (Part 1) State in General Sessions (esp. in PHP) Prof. Tom Horton](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56649e885503460f94b8d1be/html5/thumbnails/19.jpg)
Custom client application
• We think of web browser as the client application
• But businesses could supply a custom SW application
• Advantages/Disadvantages– Can keep more user-info secure– But: user must install/update client app– Can't use it anywhere on any system
![Page 20: CS453: State in Web Applications (Part 1) State in General Sessions (esp. in PHP) Prof. Tom Horton](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56649e885503460f94b8d1be/html5/thumbnails/20.jpg)
Shopping Carts
• Textbook, Chap 16
![Page 21: CS453: State in Web Applications (Part 1) State in General Sessions (esp. in PHP) Prof. Tom Horton](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56649e885503460f94b8d1be/html5/thumbnails/21.jpg)
Shopping Cart Basics
• What’s the metaphor here?– Just a “trolley” in a physical store?
![Page 22: CS453: State in Web Applications (Part 1) State in General Sessions (esp. in PHP) Prof. Tom Horton](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56649e885503460f94b8d1be/html5/thumbnails/22.jpg)
Shopping Cart Basics
• To the business, cart eventually is like a sales order or purchase order– The latter is an accepted sales order
• Header data– Info on buyer, shipping, payment, etc.
• Line-item data– Item, SKU, quantity, price, etc.
![Page 23: CS453: State in Web Applications (Part 1) State in General Sessions (esp. in PHP) Prof. Tom Horton](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56649e885503460f94b8d1be/html5/thumbnails/23.jpg)
Server-Side Shopping Carts
• Can be more complex in the real-world than you expect. Possible that:– Catalog stored/served separately than
Cart Storage– Order system separate– Orders (carts?) sent to other systems
(federated systems)
![Page 24: CS453: State in Web Applications (Part 1) State in General Sessions (esp. in PHP) Prof. Tom Horton](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56649e885503460f94b8d1be/html5/thumbnails/24.jpg)
Persistence Issues
• How many carts?• By user:
– Wish-list, registry, etc. vs. “real” cart
• In system: Textbook example:– Session cart for anonymous user; session cart for
authenticated user; cart on catalog server
• Other saved carts– Company systems where a third-party approves
orders
![Page 25: CS453: State in Web Applications (Part 1) State in General Sessions (esp. in PHP) Prof. Tom Horton](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56649e885503460f94b8d1be/html5/thumbnails/25.jpg)
Possible Features, Issues
• Quick orders– E.g Amazon one-click
• Configurators– E.g. ordering a computer at dell.com
• Order processing– To or by third-party organization
• Don’t forget: integrates with Catalog, Inventory
![Page 26: CS453: State in Web Applications (Part 1) State in General Sessions (esp. in PHP) Prof. Tom Horton](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56649e885503460f94b8d1be/html5/thumbnails/26.jpg)
What Processing Is Done
• What do you remember?
![Page 27: CS453: State in Web Applications (Part 1) State in General Sessions (esp. in PHP) Prof. Tom Horton](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56649e885503460f94b8d1be/html5/thumbnails/27.jpg)
What Processing Is Done?
• Shop, Add items
• “Edit” or update cart
• Checkout– Get shipping info– Get payment info and approve– Confirm order
• Send on to Purchasing
![Page 28: CS453: State in Web Applications (Part 1) State in General Sessions (esp. in PHP) Prof. Tom Horton](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56649e885503460f94b8d1be/html5/thumbnails/28.jpg)
More Processing Done
• See text, pages 325f.• Note that these steps part of recognized
industry “pipelines” built into commercial e-commerce components/servers– Steps for verfication– Price adjustments; order (sub)totals– Taxes (!)– Shipping: Multiple shipments?– Validity of order?
![Page 29: CS453: State in Web Applications (Part 1) State in General Sessions (esp. in PHP) Prof. Tom Horton](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56649e885503460f94b8d1be/html5/thumbnails/29.jpg)
Look and Feel
• What’s good? What’s not?
• Features you like?