Comp1503 Introduction to E

Download Report

Transcript Comp1503 Introduction to E 

Comp2513
Forms and CGI Server
Applications
Daniel L. Silver, Ph.D.
Objectives
To discuss HTML Forms and CGI Scripts
 To introduce the concept of server
applications and discuss their use as a part
of an E-Commerce infrastructure
 References: Ch. 2 Sharma (p.38-41),
DDEA p.115-124

2002
Daniel L. Silver
2
Outline
HTML Forms
 HTTP GET and POST Methods
 CGI ServerApplications
 Drawbacks of CGI
 Forms and Javascript
 Cookies

2002
Daniel L. Silver
3
HTML Forms

Forms are part of an HTML document
<FORM ACTION =‘someApplication’>
.. input elements like text fields, radio buttons, etc ..
.. one or more submit buttons ..
</FORM>





2002
Simple form example: greet_shell2.html
User enters data, selects options
User sends request by clicking on a submit button
Data is processed by Javascript or sent back to client
for processing using a CGI script
The results returned to the browser as HTML
Daniel L. Silver
4
CGI – Common Gateway Interface

CGI is a standard for HTTP client to server
application communications that defines:
– How a client can request to run an application
on a server and use specified input data
– How the data is passed to the server application
– How the server application can pass the
response back to the client

CGI is NOT a programming langauge
2002
Daniel L. Silver
5
Forms and CGI: Examples



A barebones CGI request for execution of a sever
application: Hello_time.html
Passing parameters to a program on a server via
the CGI protocol: greet_shell.html
Combining forms and CGI: greet_shell2.html
2002
Daniel L. Silver
6
How is User Data Passed
to the Server?
Either GET or POST HTTP method is used
 See the forms tutorial
 The default and the one used in the previous
example is GET
 Recall … the HTTP Request Header

GET /demo/Hello.html HTTP 1.0
Accept: text/plain
Accept: text/html
User-Agent: Mozilla/2.0
<CR/LF>
2002
Daniel L. Silver
7
How is User Data Passed
to the Server?

With the GET method, the browser
appends a “?” to the URL followed by the
user entered FORM data. So you see:
http://eagle.acadiau.ca/demo/cgi-bin/greet_shell.cgi?name=Danny
The server reads the data following the “?”
and makes it available in the form of
environment variable, QUERY_STRING
 The CGI application on the server must read
and parse this environment variable

2002
Daniel L. Silver
8
How is User Data Passed
to the Server?




With the POST method, the browser creates a
message containing the user entered FORM data.
The message is sent to the server and forwards it
on to the requested application in the form of an
“input stream”
The CGI application on the server must read and
parse the input stream
An example: RequestParamExample.html,
RequestParamExample.java
2002
Daniel L. Silver
9
POST versus Get Methods
Advisable to use POST
 GET is limited to 1024 characters (restricted
by the environment variable size limits)
 POST provides a first order level of security

– Why?
2002
Daniel L. Silver
10
Other Data Available at Server

The server application that reads the FORM
data can also access other information
provided by the CGI standard:
– REMOTE_ADDR – the IP address of the client
– REMOTE_HOST – fully qualified URL of host
– CONTENT_LENGTH – length of FORM data
– Checkout “Request Info” and “Request Headers” :
http://eagle.acadiau.ca:8080/examples/servlets/
2002
Daniel L. Silver
11
CGI Server Applications

A CGI Script can be any program that can
execute on the server
– Shell script, Perl script, C, C++
– Perl Example: perl_greeting.html
– Perl code: perl_greeting.cgi
» NOTE: to see Perl code open in source view
2002
Daniel L. Silver
12
Drawbacks of CGI
Each time a CGI application is requested by
an HTML page the server is requested to
start a separate process
 This is true even if it is a Java program

doThis.cgi :

#!/bin/sh
java doThis.class
A new JVM is started each time
– Takes time to set up and take down
– Uses memory resources on the server
2002
Daniel L. Silver
13
Forms and Javascript





Javascript was introduced by NetScape
A client-side language
Provides program logic embedded in HTML for
generation of dynamic webpages and minor
computation
Manipulation of objects in HTML page including
the creation and movement of browser windows
Most importantly allows validation of entered
FORM data: calculator, greet_javascript
2002
Daniel L. Silver
14
Cookies
Recall the problem of web sessions being
connectionless
 TCP/IP is connection oriented but each
HTTP request/response uses one such
connection and then terminates
 State is not maintained from page to page
 Each item you order is a separate request
 So how does a E-Comm site know how to
accumulate orders for you?

2002
Daniel L. Silver
15
What’s a Cookie

A Cookie is a small piece of data placed on a
client system that is used by the server to identify
the client
– Client, about to make a request to a server, checks to
see if it has an associated cookie
» If cookie, then send it with the request
– Server checks for cookie in request
» If cookie, then pass it to any applications called
– Server may create a new cookie and return it with the
response to the client
– Client receives response and checks for new cookie
» If cookie, then it saves it for this server URL
2002
Daniel L. Silver
16
Cookies are not programs …
Contain 4K of text or less
 There limits stored by a browser (default:
20 per site, 300 in total, oldest are deleted)
 Only the originating domain can ever use
the contents of their cookies
 Written with or without an expiry date
 Turn on your browser’s cookie warnings to
observe how frequent they are used

2002
Daniel L. Silver
17
Break down of a Cookie






C:\Program Files\Netscape\ Users\defaultuser\cookies.txt
www.goto.com FALSE / FALSE1293231196 UserID
7481BA1DC3F68F71
First Boolean value (FALSE) indicates whether the cookie
is available throughout the domain, the second denotes
whether the cookie data should be transmitted only over
secure channels
1293231196 is the expiry date = milliseconds since 1970
UserID is the cookie name
7481BA1DC3F68F71 is the cookie data
2002
Daniel L. Silver
18
Cookies are Useful






Saving user preferences and profile
Remembering pages visited and when
Greeting people by name
Notifying visitor of changes since last visit
Retaining data from one page (or frame) to
another
Using server side code cookie data can be used
track user visits and movement patterns
2002
Daniel L. Silver
19
Cookie Examples
Javascript (client controlled) example:
Samplecookie1.htm
 Java servlet (server controled) example:
Servercookies.html

2002
Daniel L. Silver
20
Web References






http://www.jmarshall.com/easy/cgi/
http://www.library.uq.edu.au/quik-it/pub_adv.html#forms
http://www.nlc-bnc.ca/pubs/netnotes/notes19.htm
http://hoohoo.ncsa.uiuc.edu/cgi/
http://www.cgidir.com/
http://cgi.resourceindex.com/
2002
Daniel L. Silver
21
THE END
[email protected]