1 Copyright © 2002 Pearson Education, Inc.. 2 Chapter 8 Managing End-User Sessions.

1 Copyright © 2002 Pearson Education, Inc.


Chapter 8Managing End-User Sessions


Objectives Discover how to use hidden fields to build

multiple-screen end-user sessions Understand the complexities involved in

creating Web applications with multiple-screen sessions

Recognize the advantages and limitations of browser cookies

Learn how to use browser cookies to track data about the end user


The Details of orderproduct2.cgi

Will examine the programming code for orderproduct2.cgi in three pieces:

» The main portion of the program decides which subroutine to call based CGI variable STATE’s value.

» The askname() subroutine generates a form that asks for a name and billing code.

» The checkname() subroutine generates a form to verify the customer name and customer billing code.


The Main Program Section

First set the FORM ACTION argument to call itself again (Line 4). Next get CGI variables product, quantity, and STATE.

Based on the value of CGI variable STATE: » Generate a form. Called to create a form if $state == GET_INPUT. If so, call askname().

» Verify the form. If called to verify its own form. (12–13). If $state ==VERIFY_INPUT.

» Generate an error message. If STATE’s value is illegal (print a error message).


Main Program Body1. #!/usr/bin/perl2. use CGI ':standard';3. print header, start_html('GetName');4. print '<FORM ACTION="http://perl-pgm.com/cgi-bin/C8/orderproduct2.cgi" METHOD=”POST”>';

5. @Products=('Hammers', 'Hand Saws', 'Wrenches');6. $prod=param('product');7. $number=param('quantity');8. $state=param('STATE');9. if ( $state eq 'GET_INPUT' ) { 10. &askname();11. } elsif ( $state eq 'VERIFY_INPUT' ) { 12. &checkname();13.} else { print "ooops Get help! state=$state"; }


The askname Subroutine

Called when STATE == GET_INPUT. It creates a form that gathers customer name and code.

This subroutine performs two major tasks:

Saving state: Sets hidden fields to save for the product, quantity, and STATE. This enables access to these values the next time it is called.

Generating the visible form fields.Generate the “visible” form fields that ask the end user for a name and billing code.


The askname Subroutine15. sub askname {16.17. print "You selected product=$prod and quantity=$number";18. print br, "<INPUT TYPE=\"hidden\" NAME=\"product\" VALUE=\"$prod\"> ";19. print "<INPUT TYPE=\"hidden\" NAME=\"quantity\" VALUE=\"$number\">";20. print '<INPUT TYPE="hidden" NAME="STATE" VALUE="VERIFY_INPUT"> ';21.22. print 'Please enter your name';23. print '<INPUT TEXT TYPE="text" SIZE="15" MAXLENGTH="20" NAME="name">';24.25. print ' and Billing Code: (5 digits)';26. print '<INPUT TEXT TYPE="text" SIZE="5" MAXLENGTH="5" NAME="code">';27.28. print br, '<INPUT TYPE=SUBMIT VALUE="Process Order">';29. print '<INPUT TYPE=RESET VALUE="Erase and Restart">';30.31. print end_form, end_html;32.}


The checkname Subroutine

Verifies the name and code fields. It assumes it has already been run and made name and code available to it.

It takes two different actions:

» Invalid input: After getting name and code, uses a regular expression to tell if 5 digits entered. If not, output error message and called askname().

» Valid input: If valid input, then output a message indicating valid input and exit.


checkname() program Code

33. sub checkname {34.35. $code=param('code');36. $name=param('name');37. if ( $code !~ /^\d\d\d\d\d$/ ) {38. print '<FONT COLOR="RED" SIZE=4> Sorry billing number must be all digits</FONT>', br;39. &askname();40. }41. else {42. print '<FONT COLOR="BLUE"> Thanks for ordering</FONT>', br;

43. print "Got Product =$prod Number= $number";44. print " Also, got name=$name, code=$code";45. }46. }


Building More Sophisticated Apps

Consider an application with four forms that gathers survey information.

Each form displays its initial fields and then calls itself to verify its own fields.

Each form could use a different CGI/Perl program that uses a hidden variable to set a “state.”


A Multi-form Application

Please enteryour

Name, ageand

educationlevel

Remember userinformation Ask questions1-3

Remember product and

quntity & billing information

Ask questions4-6

InitialScreen

If make mistakelet them know and

ask again

Say goodbyePerhaps

summarizeresults.

Thank theend-user

If make mistakestill remember

user info and 1-3answers


info aboutuser


Beyond Hidden Fields Will describe 3 additional techniques:

» Using files for storing state information. Can be used with hidden fields to store and retain session data.

» Using files and databases for storing initial data and form results. Could include initial input to applications and stored survey results or product orders.

» Sending e-mail from forms. Can cause e-mail to be sent to a transaction-handling e-mail account or back to the customer to confirm the order.


Using Files for Saving State

Using files to store session states increases session complexity. E.g, need to generate session IDs and keep them secure.

Some advantages of for session management: » Revisiting states. Can provide a consistent way to o

“remember” session data, even when two screens do not normally call each other.

» Remembering data between sessions. Can remember end user data even after the end user leaves your site. E.g., on-line shopping cart.


Sample Screen Flow

1. Browseproducts (Showcatalog ofproducts).

Wants to order a product

2. Orderproduct.(Get quantityand productnumber.)

Remember product

and

quntity.

3. Get billinginformation.(Nameand address.)

InitialScreen

4. ConfirmOrder.(Billinginformation andquantity andproductnumber.)

Remeber product and

quntity and billing info.


user info and 1-3answers


info aboutuser

Readproduct

informationfrom file or

DB

Browse instead

No, want to change

5. Thank User.

Send email orsave to DB when confirm

Browse instead

Want to browse some more.


Storing Orders in Files Use a field delimiter such as a comma, tab, or

vertical bar (“|”), to ensure that the fields can be identified and retrieved easily. (E.g, split)

Files work well when traffic is moderate in volume and the amount of data to be saved is relatively small.

» They are simple to use, can be edited with text editors (to add fields or records or fix a damaged line), and can be implemented quickly.


Using Databases Databases can provide faster access, higher

security, and greater data integrity than do files.

» Perl supports a special DBI module for working with a variety of databases, including most major databases (such as Oracle, Informix, and Access) and some free ones (Mysql).


Sending email Sometimes useful to send e-mail providing

survey results or confirming order information.

The sendmail program is a popular way to send email from a UNIX Web server. (Available on UNIX systems since the 1980s)

» It comes as a preinstalled utility on most UNIX servers. You can use it to send e-mail via programs or interactively when logged into the Web server.


Where is sendmail? Need to know the directory path to the file where

this program is stored.

» On a UNIX system, it is usually stored in /usr/lib/sendmail.

– Either ask your ISP or check out this location for yourself.

– If you can Telnet to your Web server, on many UNIX systems you can execute the whereis command to identify the location of sendmail. For example,

whereis sendmail


Using sendmail Need to connect to sendmail using open().

» MAIL - connection name for sendmail. » sendmail path - the full directory path. The vertical bar (“|”) is

used when establishing an open connection to an external program. -t instructs sendmail to get the destination e-mail address and subject lines from the “To:” and “Subject:” data that we will send to it.

open ( MAIL, "|/usr/lib/sendmail -t" ) || die "Cannot start sendmail: $!";

The veritcal bar ("|") indicates toopen an external program(in this case the sendmail program).

Use the nameMAIL likea FILEHANDLE tooutput to the sendmailprogram.

Use the -t sendmail option.


Basic Code For Using sendmail()

.open ( MAIL, "|/usr/lib/sendmail -t" ) || die "Cannot start sendmail: $!";

. $email='[email protected]';

. print MAIL "To: $email \n";

. print MAIL "Subject: New Order\n";

. print MAIL "Product =$prod Number= $number\n";

close (MAIL);


Modification to checkname()

1.sub checkname {2.3. $code=param('code');4. $name=param('name');5. if ( $code !~ /^\d\d\d\d\d/ ) {6. print '<FONT COLOR="RED" SIZE=4> Sorry billing number must be all digits</FONT>';7. &askname();8. }9. else {10. print '<FONT COLOR="BLUE"> Thanks for ordering</FONT>', "$name", br;11. open ( MAIL, "|/usr/lib/sendmail -t" ) || die "Cannot start sendmail: $!";12.13. $email='[email protected]';14. print MAIL "To: $email \n";15. print MAIL "Subject: New Order\n";16. print MAIL "Got Product =$prod Number= $number\n";17. print MAIL " Also, got name=$name, email=$email, code=$code \n";18. close (MAIL);19. print '<FONT COLOR="BLUE"> Just sent email to </FONT>', "$email";20.21. }22. }


Would Output The Following ...


Email Received ...


Using Cookies to Save Information Browser cookies a method for Web sites to

“remember” visitor information.» They are small pieces of data that can be saved by a Web

site application when an end user visits the Web site.» They are stored on the visitor’s hard drive in a special

“cookie” file.» When the visitor returns, program reads browser cookie

data (it previously stored) and use it to “remember” something about the visitor.

– E.g., book site remember you prefer mysteries


Cookie Limitations Cookies can be easily disabled. Both IE and Netscape

enable users to disable cookies and refuse to allow sites to set them. (In Netscape click Edit, Preferences, Advanced.)


Cookie Limitations People move around. Make less sense on

computers with multiple users (such as a library or computer lab).

Not all browsers support cookies. Not all browsers support cookies. Your site might exclude people with older browsers or people who disable cookies.

Cookies can be easily deleted. Cookie data can be accidentally or intentionally deleted.


Why Some People Don’t Like Cookies

Anonymity. Some prefer to browse anonymously without allowing Web sites to track their preferences and movements at any given site.

– For example, might set a cookie with a unique ID on it, then on a server record when that ID logs in, which pages it visits, and even which page that ID was viewing just before coming to the site.

Potential use in market research. Some marketing research companies use cookie data to develop profiles of Web usage patterns. (Then sell the data).


Setting a Cookie Can request that a browser cookie be saved in memory

(deleted when user exits browser)or onto disk (retained until an expiration date).

Syntax of an in memory cookie:

Must output before the MIME Content-type line.

print "Set-Cookie: cust_name=Dave\n";

The cookie's name and value

Directs the browser toestablish a cookie


Setting Cookie Expiration Date

When need to retain a cookie between browser sessions, need to set expiration date

Again this line must be output before the MIME Content-type line

print "Set-Cookie: cust_name=Dave; expires=04-Jul-2003 00:00:0 GMT\n";

The cookie's name and value

Directs the browser toestablish a cookie

The date and time thedata should be removed


A Sample Program That Sets A Cookie

1. #!/usr/bin/perl2. use CGI ':standard';3. $name=param('name');4. $prefers=param('prefers');5. print "Set-Cookie: cust_name=$name; expires=04-Jul-2003 00:00:0 GMT\n";6. print "Set-Cookie: cust_prefer=$prefers; expires=04-Jul-2003 00:00:0 GMT\n";7.8. print header, start_html('set cookie');9. print br, "Thanks $name Lets now look at $prefers . . . ";

10.11. print end_html;




Its Worth Noting ...1. Unless the end user explicitly sets browser settings to be

notified when a site sets a cookie, the end user probably won’t realize that a cookie was set.

2. If the end user disables cookies, the program will not know it. It is possible for CGI/Perl applications to detect whether cookies are enabled, but they must set a cookie and then try to read that cookie again to make this determination.

3. While you are testing the use of cookies, it is helpful to set your browser setting to “Warn me before accepting a cookie.”


Example Cookie Warning Pop-up


Reading Cookies

Use the CGI.pm function called cookie() to read cookie data.

Can also use %ENV hash variable called HTTP_COOKIE. (Returns a list of semicolon-separated name/value pairs of cookies.

» For example, $cookies=$ENV(‘HTTP_COOKIE’);

$uprefer = cookie('prefer');

The value of the cookiereturned this variable.

The name of thecookie previously set.


Example Cookie Reading Program

1. #!/usr/bin/perl2. use CGI ':standard';3. print header, start_html("Welcome ");4. $cust_name=cookie( 'cust_name');5. $prefers=cookie('cust_prefer');6. print '<FONT COLOR="BLUE">';7. if ($cust_name) {8. print "Welcome back $cust_name to our humble hardware site.";9. } else {10. print '<FONT COLOR="RED"> ';11. print 'Welcome to our humble hardware site.</FONT>';12. }13. if ( $prefers eq "hand tools" ) {14. print br,'We have hammers on sale for 5 dollars!';15. } elsif ( $prefers eq "power tools" ){16. print br, 'We have power drills on sale for 25 dollars!';17. } else {18. print br, '<FONT COLOR="RED">';19. print ' We have drills and hammers on special today!</FONT>';20. }21. print "</FONT>", end_html;




Some Advanced Cookie Options

Sometimes may want to read the cookie from a different file system directory than where it was set. » You must specify the path option.

» For example, you might set the cookie in http://perl-pgm.com/cgi-bin/C7 and then read it from a program in http://perl-pgm.com/cgi-bin/C8.

» print "Set-Cookie: cust_name=$name;

expires=04-Jul-2003 00:00:0 GMT;

path=/\n”;


Some More Advanced Options

May want to enable any server within your domain to be able to read the cookie. » Perhaps one server sets the cookie while taking the

order and another server reads it while processing the order.

» You use the domain option of the Set-Cookie

» print "Set-Cookie: cust_name=$name;

expires=04-Jul-2003 00:00:0 GMT;

domain=.mysite.com\n”;


Summary Hidden fields are HTML form fields that you can use

to set name/value CGI variables without displaying them on a form.

Hidden fields provide a method to manage user sessions by maintaining the state of each session. » Hidden fields are not a secure method to keep data.

You can create sophisticated multiple-screen applications, such as shopping carts and surveys, by using hidden fields.


Summary Cookies provide a way for Web server applications

to store small pieces of data on the end user’s machine.

Cookies can be easily refused by the end user and therefore cannot be relied upon to always be available to the CGI/Perl program.

Data set by cookies can be available for long periods of time, even when the end user leaves the site and comes back months later.

1 Copyright © 2002 Pearson Education, Inc.. 2 Chapter 8 Managing End-User Sessions.

Documents

pearson education

illegal print

print ooops

code fields

end user slide

visible form fields

form results

multiform application