Web Systems
Nov. 21, 2017
Web State Management Techniques
· Cookies
· Sessions
o Local Web Storage
o Session Storage
HTML Web Storage, W3C Recommendation, 2016/4/19, http://www.w3.org/TR/webstorage/
· The API
o The Storage Interface
§ The sessionStorage attribute
§ The localStorage attribute
§ The storage event
o Threads
· Disk Space
· Privacy
o User tracking
o Sensitivity of data
· Security
o DNS spoofing attacks
o Cross-directory attacks
o Implementation risks
Web Storage Concepts and Usage, https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API
· window.sessionStorage
· window.localStoarge
Windo.sessionStorage, https://developer.mozilla.org/en-US/docs/Web/API/Window/sessionStorage
// Save data to sessionStorage
sessionStorage.setItem('key', 'value');
// Get saved data from
sessionStorage
var data = sessionStorage.getItem('key');
// Remove saved data
from sessionStorage
sessionStorage.removeItem('key');
// Remove all saved
data from sessionStorage
sessionStorage.clear();
LocalStorage, https://developer.mozilla.org/en-US/docs/Web/API/Storage/LocalStorage
// Save data to the
current local store
localStorage.setItem("username", "John");
// Access some stored
data
alert( "username = " + localStorage.getItem("username"));
HTML Web Storage, State Management
· HTML5 5.4 Session History and Navigation, http://www.w3.org/TR/2011/WD-html5-20110113/history.html
· Identifying Application State, Dec. 1, 2011, http://www.w3.org/2001/tag/doc/IdentifyingApplicationState
· History objects
interface History {
readonly attribute long length;
void go(in optional long
delta);
void back();
void forward();
void pushState(in
any data, in DOMString title, in optional DOMString url);
void replaceState(in
any data, in DOMString title, in optional DOMString url);
};
interface Location {
stringifier attribute DOMString href;
void assign(in
DOMString url);
void replace(in
DOMString url);
void reload();
//
URL decomposition IDL attributes
attribute DOMString protocol;
attribute DOMString host;
attribute DOMString hostname;
attribute DOMString port;
attribute DOMString pathname;
attribute DOMString search;
attribute DOMString hash;
//
resolving relative URLs
DOMString resolveURL(in
DOMString url);
};
PHP Cookies and Sessions
· $_COOKIES, http://php.net/manual/en/reserved.variables.cookies.php
· $_SESSION
o Basic Usage, http://php.net/manual/en/session.examples.basic.php
· bool session_start([array $option =[])), http://php.net/manual/en/function.session-start.php
· References http://php.net/manual/en/reserved.variables.session.php
Example # 1 Registering a
variable with $_SESSION
<?php
session_start
();
if (!isset(
$_SESSION
[
'count'
])) {
$_SESSION
[
'count'
] =
0
;
} else {
$_SESSION
[
'count'
]++;
}
?>
Example #2 Unregistering a
variable with $_SESSION
<?php
session_start
();
unset(
$_SESSION
[
'count'
]);
?>
<?php
Example page1.php
http://php.net/manual/en/function.session-start.php
// page1.php
session_start
();
echo
'Welcome to page #1'
;
$_SESSION
[
'favcolor'
] =
'green'
;
$_SESSION
[
'animal'
] =
'cat'
;
$_SESSION
[
'time'
] =
time
();
// Works if session cookie was accepted
echo
'<br /><a href="page2.php">page 2</a>'
;
// Or maybe pass along the session id, if needed
echo
'<br /><a href="page2.php?'
.
SID
.
'">page 2</a>'
;
?>
How to use Storage and Session Variables across pages? https://stackoverflow.com/questions/5489365/how-to-use-store-and-use-session-variables-across-pages