Web Systems
Nov. 21, 2017
Web State Management Techniques
· Cookies
· Sessions
o Local Web Storage
o Session Storage
HTML Web Storage, W3C Recommendation, 2016/4/19, http://www.w3.org/TR/webstorage/
· The API
o The Storage Interface
§ The sessionStorage attribute
§ The localStorage attribute
§ The storage event
o Threads
· Disk Space
· Privacy
o User tracking
o Sensitivity of data
· Security
o DNS spoofing attacks
o Cross-directory attacks
o Implementation risks
Web Storage Concepts and Usage, https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API
· window.sessionStorage
· window.localStoarge
Windo.sessionStorage, https://developer.mozilla.org/en-US/docs/Web/API/Window/sessionStorage
// Save data to sessionStorage
sessionStorage.setItem('key', 'value');
// Get saved data from
sessionStorage
var data = sessionStorage.getItem('key');
// Remove saved data
from sessionStorage
sessionStorage.removeItem('key');
// Remove all saved
data from sessionStorage
sessionStorage.clear();
LocalStorage, https://developer.mozilla.org/en-US/docs/Web/API/Storage/LocalStorage
// Save data to the
current local store
localStorage.setItem("username", "John");
// Access some stored
data
alert( "username = " + localStorage.getItem("username"));
HTML Web Storage, State Management
· HTML5 5.4 Session History and Navigation, http://www.w3.org/TR/2011/WD-html5-20110113/history.html
· Identifying Application State, Dec. 1, 2011, http://www.w3.org/2001/tag/doc/IdentifyingApplicationState
· History objects
interface History {
readonly attribute long length;
void go(in optional long
delta);
void back();
void forward();
void pushState(in
any data, in DOMString title, in optional DOMString url);
void replaceState(in
any data, in DOMString title, in optional DOMString url);
};
interface Location {
stringifier attribute DOMString href;
void assign(in
DOMString url);
void replace(in
DOMString url);
void reload();
//
URL decomposition IDL attributes
attribute DOMString protocol;
attribute DOMString host;
attribute DOMString hostname;
attribute DOMString port;
attribute DOMString pathname;
attribute DOMString search;
attribute DOMString hash;
//
resolving relative URLs
DOMString resolveURL(in
DOMString url);
};
PHP Cookies and Sessions
· $_COOKIES, http://php.net/manual/en/reserved.variables.cookies.php
· $_SESSION
o Basic Usage, http://php.net/manual/en/session.examples.basic.php
· bool session_start([array $option =[])), http://php.net/manual/en/function.session-start.php
· References http://php.net/manual/en/reserved.variables.session.php
Example # 1 Registering a
variable with $_SESSION
<?php
session_start();
if (!isset($_SESSION['count'])) {
$_SESSION['count'] = 0;
} else {
$_SESSION['count']++;
}
?>
Example #2 Unregistering a
variable with $_SESSION
<?php
session_start();
unset($_SESSION['count']);
?>
<?php
Example page1.php
http://php.net/manual/en/function.session-start.php
// page1.php
session_start();
echo 'Welcome to page #1';
$_SESSION['favcolor'] = 'green';
$_SESSION['animal'] = 'cat';
$_SESSION['time'] = time();
// Works if session cookie was accepted
echo '<br /><a href="page2.php">page 2</a>';
// Or maybe pass along the session id, if needed
echo '<br /><a href="page2.php?' . SID . '">page 2</a>';
?>
How to use Storage and Session Variables across pages? https://stackoverflow.com/questions/5489365/how-to-use-store-and-use-session-variables-across-pages