Lecture 15 CGI Sessions Perl

1
Lecture 15CGI SessionsPerl

• CPE 401 / 601Computer Network Systems

slides are modified from Dave Hollinger and Shwen
Ho
2
Sessions

• Many web sites allow you to establish a session.
• you identify yourself to the system.
• now you can visit lots of pages, add stuff to
  shopping cart, establish preferences, etc.

3
State Information

• Remember that each HTTP request is unrelated to
  any other
• as far as the Web server is concerned
• Each new request to a CGI program starts up a
  brand new copy of the CGI program.
• Providing sessions requires keeping state
  information.

4
Session Conversation
Client
Server
Hi! I'm Joe.
CGI1
Hi Joe (it's him again) Welcome Back...
I wanna buy a cookie.
CGI2
OK Joe, it will be there tomorrow.
5
Hidden Field Usage

• One way to propagate state information is to use
  hidden fields.
• User identifies themselves to a CGI program
• fills out a form
• CGI sends back a form that contains hidden fields
  that identify the user or session.

6
Revised Conversation

• Initial form has field for user name.
• GET /cgi1?namejoe HTTP/1.0
• CGI1 creates order form with hidden field.
• GET/cgi2?namejoeordercookie HTTP/1.0

7
Session Keys

• Many Web based systems use hidden fields that
  identify a session.
• When the first request arrives, the system
  generates a unique session key and stores it in a
  database.
• The session key can be included in all
  forms/links generated by the system
• as a hidden field or embedded in a link

8
Session Key Properties

• Must be unique.
• Should expire after a while.
• Should be difficult to predict.
• typically use a pseudo-random number generator
  seeded carefully.

9
Pizza Server Session Keys

• We define a server to use session keys
• ltINPUT TYPEHIDDEN NAMEsessionkey
  VALUEHungryStudent971890237gt
• A request to order a pizza might look like this
• all on one line
• GET /pizza.cgi?sessionkey HungryStudent971890237
  pizzacheesesizelarge HTTP/1.0

10
HTTP Cookies

• A "cookie' is a name,value pair that a CGI
  program can ask the client to remember.
• The client sends this name,value pair along with
  every request to the CGI.
• We can also use "cookies" to propagate state
  information.

11
Cookies are HTTP

• Cookies are HTTP headers.
• A server (CGI) can give the browser a cookie by
  sending a Set-Cookie header line with the
  response.
• A client can send back a cookie by sending a
  Cookie header line with the request.

12
Set-Cookie Header Options

• The general form of the Set-Cookie header is
• Set-Cookie namevalue options
• The options include
• expires...
• domain...
• path...

13
Setting a cookie

• HTTP/1.0 200 OK
• Content-Type text/html
• Set-Cookie customerid0192825
• Content-Length 12345
• ...

14
expires Option

• This tells the browser how long to hang on to the
  cookie.
• The time/date format is very specific!

expiresFriday 29-Feb-2000 000000 GMT
Weekday, Day-Month-Year HourMinuteSecond GMT
15
Default expiration

• If there is no expires option on the Set-Cookie
  header line,
• the browser does not save the cookie to disk.
• In this case, when the browser is closed it will
  forget about the cookie.

16
domain Option

• domain.unr.edu
• The domain option tells the browser the domain(s)
  to which it should send the cookie.
• Domains as in DNS.
• The domain must start with "." and contain at
  least one additional "."

17
Domain option rules

• The server that sends the Set-Cookie header must
  be in the domain specified.
• If no domain option is in the header, the cookie
  will only be sent to the same server.

Default Behavior
18
path Option

• path/
• or
• path/mgunes/cpe401
• The path option tells the browser what URLs the
  cookie should be sent to.

19
path default

• If no path is specified in the header,
• the cookie is sent to only those URLs that have
  the same path as the URL that set the cookie.
• A path is the leading part of the URL
• does not include the filename

20
Default Path Example

• If the cookie is sent from
• /mgunes/cpe401/pizza/pizza.cgi
• it would also be sent to
• /mgunes/cpe401/pizza/blah.cgi
• but not to
• /mgunes/cpe401/soda/pizza.cgi

21
Set-Cookie Fields

• Many options can be specified.
• Things are separated by ""
• Set-Cookie ablah path/ domain.cse.unrr.edu
  expiresThursday, 21-Feb-2002 124107 2002

All must be on one line!
22
CGI cookie creation

• A CGI program can send back any number of HTTP
  headers.
• can set multiple cookies
• Content-Type is required!
• Blank line ends the headers!

23
C Example

• printf("Content-Type text/html\r\n")
• printf("Set-Cookie prefsnofrms\r\n")
• printf("Set-Cookie Javayes\r\n")
• printf("\r\n")
• now sends document content

24
Getting HTTP Cookies

• The browser sends each cookie as a header
• Cookie prefsnofrms
• Cookie JavaOK
• The Web server gives the cookies to the CGI
  program via an environment variable.

25
Multiple Cookies

• There can be more than one cookie.
• The Web Server puts them all together like this
• prefsnofrms JavaOK
• and puts this string in the environment
  variable HTTP_COOKIE

26
Cookie Limits

• Each cookie can be up to 4k bytes.
• One "site" can store up to 20 cookies on a user's
  machine.

27
Cookie Usage

• Create a session.
• Track user browsing behavior.
• Keep track of user preferences.
• Avoid logins.

28
Cookies and Privacy

• Cookies can't be used to
• send personal information to a web server without
  the user knowing about it.
• be used to send viruses to a browser.
• find out what other web sites a user has
  visited.
• access a user's hard disk
• although they can come pretty close to this one!

29
Some Issues

• Persistent cookies take up space on user's hard
  disk.
• Can be used to track your behavior within a web
  site.
• This information can be sold or shared.
• Cookies can be shared by cooperating sites
• advertising agencies do this.

30
(No Transcript)
31
Perl

• Practical Extration and Reporting Language
• a high-level programming language
• whose semantics are largely based on C
• Designed for text manipulation
• Very fast to implement
• particularly strong at process, file and text
  manipulation
• Runs on many different platform
• Windows, Mac, Unix, Linux, Dos, etc

32
Running Perl

• Perl scripts do not need to be compiled
• interpreted at the point of execution
• do not necessarily have a particular file
  extension
• .pl is used commonly
• Executing it via the command line
• command linegt perl script.pl arg1 arg2 ...
• Or add the line "!/usr/bin/perl" to the start of
  the script if you are using unix/linux
• ./perlscript.pl
• Remember to set the correct file execution
  permissions before running it

33
Beginning Perl

• Every statement end with a semi colon ""
• Comments are prefixed at the start of the line
  with a hash ""
• Variables are assigned a value using the ""
• Variables are not statically typed,
• No need to declare what kind of data you want to
  hold in them.
• Variables are declared the first time you
  initialize them and they can be anywhere in the
  program.

34
Scalar Variables

• Contains single piece of data
• '' character shows that a variable is scalar
• Scalar variables can store
• number
• string
• a chunk of text surrounded by quotes
• name "paul"
• year 1980
• print "name is born in year"

output paul is born in 1980
35
Arrays Variables (List)

• Ordered list of data, separated by commas
• '_at_' character shows that a variable is an array
• Array of numbers
• _at_year_of_birth (1980, 1975, 1999)
• Array of string
• _at_name ("Paul", "Jake", "Tom")
• Array of both string and numbers
• _at_paul_address (14,"Cleveland St","NSW",2030)

36
Retrieving data from Arrays

• Printing Arrays
• _at_name ("Paul", "Jake", "Tom")
• print "_at_name"
• Accessing individual elements in an array
• _at_name ("Paul", "Jake", "Tom")
• print "name1"
• What has changed? _at_name to name
• To access individual elements use the syntax
  arrayindex
• Why did name1 print the second element?
• index 0 represents the first element.

37
Arrays

• _at_name ("Paul", "Jake", "Tom")

38
Basic Arithmetic Operators

• Addition
• - Subtraction
• multiplication
• / division
• adding one to the variable
• -- subtracting one from the variable
• a 2 incrementing variable by 2
• b 3 tripling the value of the variable

39
Relational Operators
40
Control Operators - If

• if ( expression 1)
• ...
• elsif (expression 2)
• ...
• else
• ...

41
Iteration Structures

• while (CONDITION) BLOCK
• until (CONDITION) BLOCK
• do BLOCK while (CONDITION)
• for (INITIALIZATION CONDITION
  Re-INITIALIZATION) BLOCK
• foreach VAR (LIST) BLOCK
• for VAR (LIST) BLOCK

42
Iteration Structures

• i 1
• while(i lt 5)
• print "i\n"
• i
• for(x1 x lt5 x)
• print "x\n"
• _at_array 1,2,3,4,5
• foreach number (_at_array)
• print "number\n"

43
String Operations

• Strings can be concatenated with the dot operator
• lastname "Harrison"
• firstname "Paul"
• name firstname . lastname
• name "firstnamelastname"
• Comparison can be done with the relational
  operator
• string1 "hello"
• string2 "hello"
• if (string1 eq string2)
• print "they are equal"
• else print "they are different"

44
String comparison using patterns

• The operator return true if the pattern
  within the / quotes are found.
• string1 "HELLO"
• string2 "Hi there"
• test if the string contains the pattern EL
• if (string1 /EL/)
• print "This string contains the pattern"
  
• else print "No pattern found"

45
Functions in Perl

• No strict variable type restriction during
  function call
• Perl has provided lots of useful functions
• chop - remove the first character of a string
• chomp - remove the carriage return character
  from the end of a string
• push - append one or more element into an array
• pop - remove the last element of an array and
  return it
• shift - remove the first element of an array and
  return it
• s - replace a pattern with a string

46
Functions in Perl

• The "split" function breaks a given string into
  individual segments given a delimiter
• split( /pattern/, string) returns a list
• _at_output split (/\s/, string)
• breaks the sentence into words
• _at_output split (//, string)
• breaks the sentence into single characters
• _at_output split (/,/, string)
• breaks the sentence into chunks separated by a
  comma.
• join ( /delimiter/, array) returns a string

47
Functions in Perl

• A simple perl function
• sub sayHello
• print "Hello!!\n"
• sayHello()

48
Executing functions in Perl

• Function arguments are stored automatically in a
  temporary array called _at__
• sub sayHelloto
• _at_name _at__
• count _at__
• foreach person (_at_name)
• print "Hello person\n"
• return count
• _at_array ("Paul", "Jake", "Tom")
• sayHelloto(_at_array)
• sayHelloto("Mary", "Jane", "Tylor", 1, 2, 3)

49
Input / Output

• Perl allows you to read in any input that is
  automatically sent to your program via standard
  input by using the handle ltSTDINgt.
• Other I/O topics include reading and writing to
  files, Standard Error (STDERR) and Standard
  Output (STDOUT).
• One way of handling inputs via ltSTDINgt is to use
  a loop to process every line of input

50
Input / Output

• Count the number of lines from standard input and
  
• print the line number together with the 1st word
  of each line.
• count 1
• foreach line (ltSTDINgt)
• _at_array split(/\s/, line)
• print "count array0\n"
• count

51
Regular Expression

• Regular expression is a set of characters that
  specify a pattern.
• Used for locating piece of text in a file.
• Regular expression syntax allows the user to do a
  "wildcard" type search without necessarily
  specifying the character literally
• Available across OS platform and programming
  language.

52
Simple Regular Expression

• A simple regular expression contains the exact
  string to match
• string "aaaabbbbccc"
• if(string /bc/)
• print "found pattern\n"

output found pattern
53
Simple Regular Expression

• The variable is automatically set to the
  matched pattern
• string "aaaabbbbccc"
• if(string /bc/)
• print "found pattern \n"

output found pattern bc
54
Simple Regular Expression

• What happen when you want to match a generalised
  pattern
• like an "a" followed by some "b"s and a single
  "c"
• string "aaaabbbbccc"
• if(string /abbc/)
• print "found pattern \n"
• else print "nothing found\n"

output nothing found
55
Regular Expression - Quantifiers

• We can specify the number of times we want to see
  a specific character in a regular expression by
  adding operators behind the character.
• (asterisk)
• matches zero or more copies of a specific
  character
• (plus)
• matches one or more copies of a specific character

56
Regular Expression - Quantifiers

• _at_array "ac", "abc", "abbc", "abbbc",
• "abb", "bbc", "bcf", "abbb", "c"
• foreach string (_at_array)
• if(string /abc/)
• print "string "

output ac abc abbc abbbc
57
Regular Expression - Quantifiers

• _at_array "ac", "abc", "abbc", "abbbc",
• "abb", "bbc", "bcf", "abbb", "c"

58
Regular Expression - Anchors

• Anchor restrictions preceding and behind the
  pattern specify where along the string to match
  to.
• indicates a beginning of a line restriction
• indicates an end of line restriction

59
Regular Expression - Anchors

• _at_array "ac", "abc", "abbc", "abbbc",
• "abb", "bbc", "bcf", "abbb", "c"

60
Regular Expression - Range

• is used to identify the exact characters you
  are searching for
• 0123456789 will match a single numeric
  character
• 0-9 will also match a single numeric character
• A-Za-z will match a single alphabet of any case

61
Regular Expression - Range

• Search for a word that
• starts with the uppercase T
• second letter is a lowercase alphabet
• third letter is a lower case vowel
• is 3 letters long followed by a space
• Regular expression "Ta-zaeiou "
• Note z-a is backwards and does not work
• Note A-z does match upper and lowercase but
  also 6 additional characters between the upper
  and lower case letters in the ASCII chart \
  _

62
Regular Expression - Others

• Match a single character (non specific) with "."
  (dot)
• a.c
• matches any string with "a" follow by one
  character and followed by "c"
• Specifying number of repetition sets with "\"
  and "\
• a-z\4,6\
• match four, five or six lower case alphabet
• Remembering Patterns with "\(,\)" and "\1"
• Regular Exp allows you to remember and recall
  patterns

63
RegExp problem and strategies

• You tend to match more lines than desired.
• A.B matches AAB as well as AAAAAAACCCAABBBBAABBB
• Knowing what you want to match
• Knowing what you dont want to match
• Writing a pattern out to describe that you want
  to match
• Testing the pattern

64
(No Transcript)
65
Web Servers CGI

• Most web server are capable of running CGI
  programs.
• The server must be able to determine whether a
  URI refers to
• Document
• just send it back
• CGI program
• run it and send back the result.

66
CGI recognition

• Some servers insist that CGI programs be in a
  special place
• typically the URL path is one of
• /CGI-BIN /cgi-bin /CGI /cgibin
• Some servers look at the filename
• filename ends with .cgi
• Some servers are given a list of URLS that are
  CGIs

67
User files and Web Servers

• On Unix based web servers, the URL
• /username
• is typically mapped to the directory
• username/public.html
• -or-
• username/public_html

68
www.cse.unr.edu

• On the CSE web server you should put your files
  in /public.html
• The URI
• http//www.cse.unr.edu/you
• is your home page where you is your CSE username.

69
Directories

• Most web servers do the following when a URL maps
  to a directory
• if there is a file named index.html in the
  directory
• it is sent back.
• if there is no index.html,
• an HTML formatted directory listing is sent back.

70
Debugging

• It's hard to debug a CGI program!
• Debugging print statements should generate HTML.
• You can run the program from the Unix command
  line
• you just need to set the environment variables
  right (use GET for this).

71
CGI script example
72
HTML for Forms

• ltHTMLgt
• ltHEADgt
• ltTITLEgtcgi-testlt/TITLEgt
• lt/HEADgt
• ltBODYgt
• ltpgt This is a sample page to read
• two data items from the web page
• ltform action"cgi-bin/xaction" methodgetgt
• ltpgtFirst nameltinput typetext namexfirst
  size10gt
• ltbrgtLast nameltinput typetext namexlast
  size20gt
• ltbrgt ltinput typesubmit valueSENDgt
• ltinput typereset valueRESETgt
• lt/formgt
• lt/BODYgt
• lt/HTMLgt

Parameters passed as arguments xfirst and xlast
73
Perl - CGI script

• !/usr/bin/perl
• print Content-Type text/html\n\n
• print lthtmlgtltheadgt\n
• print lttitlegtSample PERL scriptlt/titlegt\n
• print lt/headgtltbodygt\n
• print ltpgtQuery_string is ENV'QUERY_STRING'\n
  
• foreach ( split( //, ENV'QUERY_STRING') )
• ( key, val ) split( //, _, 2 )
• tmpkey val
• print ltpgtFirst name is ltbgttmp'xfirst'lt/bgt\n
• print ltpgtLast name is ltbgttmp'xlast'lt/bgt\n
• print lt/bodygtlt/htmlgt\n

• Perl program first reads parameters as
  xfirstzlast from ENV (environment) into
  QUERY_STRING
• Output of Perl is the syntax of an HTML page
  that is displayed