cookie
DESCRIPTION
TRANSCRIPT
PRESENTED BY: DURLABH GIRIPUNJE AMIT KUMAR SING SAMIT KUMAR KAPAT ASHIF KHAN
Stateless ProtocolHTTP Request & Response Cycle
Cookie, Session
Stateless Protocol
• A protocol which is incapable of remembering
the results and data associated with the
transactions it governs.
• The best - known stateless protocol is the
HYPERTEXT TRANSFER PROTOCOL (HTTP).
Stateful Protocol
• A protocol which is able to remember and
store details of the transactions which it
governs.
• A good example of such a protocol is the FILE
TRANSFER PROTOCOL (FTP) which, for
example, remembers the identity of the client
that is using it to DOWNLOAD files.
Stateless Protocol: Advantage & Disadvantage
Advantage:
The stateless design simplifies the server design
because there is no need to dynamically allocate
storage to deal with conversations in progress.
Disadvantage:
A disadvantage is that it may be necessary to
include additional information in every request
and this extra information will need to be
interpreted by the server.
Working of Stateless Protocol
The most interesting pieces of information contained in the request are:
The IP address of you and/or your HTTP proxyWhich document you requestedWhich version of which browser you're usingWhich page you came from to get here (if you followed a link)Your preferred language(s)
COOKIE
What is Cookie?It is a piece of text stored by a user's web
browser.
Cookie Types By Lifespan
- Session Cookies - Persistent Cookies
Setting a cookie
Host: www.example.org
browser → server
Content-type: text/htmlSet-Cookie: name=value(content of page)
browser ← server
Host: www.example.orgCookie: name=valueAccept: */*
browser → server
Set a cookie
setcookie(name [,value [,expire [,path [,domain [,secure]]]]])
name = cookie namevalue = data to store (string)expire = when the cookie expires. Default is that cookie
expires when browser is closed.path = Path on the serverdomain = Domain at which the cookie is available for.secure = If cookie should be sent over HTTP connection
only. Default false.
Set-Cookie: name=newvalue; expires=date; path=/; domain=.example.org.
Set-Cookie: RMID=732423sdfs73242; expires=Fri, 31-Dec-2010 23:59:59 GMT; path=/; domain=.example.net
Advantage And Disadvantage of Cookies
Advantage Acts as your identification card It maintain the session between the client
and server Page will be displayed quickly
Disadvantage Use as a spyware Storage
Some facts of Cookie…
Each cookie on the user’s computer is connected to a particular domain.
Each cookie be used to store up to 4kB of data.
A maximum of 20 cookies can be stored on a user’s PC per domain.
Browsers are preprogrammed to allow a total of 300 Cookies, after which automatic deletion based on expiry date and usage
SessionIn computer science, in particular networking, a session is a semi-permanent interactive information interchange.
It is also known as:-
Dialogue
Conversation or meeting.
A session is between :-
Two or more communicating devices
A computer and user
A session may be implemented as part of protocols and services at the
Application layer
Ex-HTTP Sessions, TELNET remote login sessions
Session layer
A session initiation protocol based internet phone call
Transport layer
A TCP session which is synonyms of TCP connection or established TCP sockets.
Types of sessionSession implemented using software
TCP sessions are typically implemented in software using multithreading.
A new process or thread is created when the computer establishes or joins a Session.
The advantage with multiple processes or threads is relaxed complexity of the software, since each thread is an instance with its own history and encapsulated variables.
The disadvantage is large overhead in terms of system resources, and that the session may be interrupted if the system is restarted.
Server side web sessions
Server-side sessions are handy and efficient, but can become difficult to handle in conjunction with load-balancing/high-availability systems and are not usable at all in embedded systems with no storage.
The load-balancing problem can be solved by using shared storage.
A method of using server-side sessions in systems without mass-storage is to reserve a portion of RAM for storage of session data.
This method is applicable for servers with a limited number of clients (e.g. router or access point with infrequent or disallowed access to more than one client at a time).
Client side web sessionsClient-side sessions use cookies and cryptographic techniques to maintain state without storing as much data on the server.
When presenting a dynamic web page, the server sends the current state data to the client (web browser) in the form of a cookie.
The client saves the cookie in memory or on disk.
With each successive request, the client sends the cookie back to the server, and the server uses the data to "remember" the state of the application for that specific client and generate an appropriate response.
To improve efficiency and allow for more session data, the server may compress the data before creating the cookie, decompressing it later when the cookie is returned by the client.
HTTP session token
A session token is a unique identifier that is generated and sent from a server to a client to identify the current interaction session.
The client usually stores and sends the token as an HTTP cookie and/or sends it as a parameter in GET or POST queries.
The reason to use session tokens is that the client only has to handle the identifier—all session data is stored on the server (usually in a database, to which the client does not have direct access) linked to that identifier.
Thank You