Internet / Intranet
CIS-536
Class 10
Class 10 Agenda
Milestone#4 - Discussion
Presentations
Cookies
Misc. Topics
Wireless Devices: WAP / WML
Wrap-Up
2
Cookies Revisited
Cookies Are Name Value Pairs
Passed in the HTTP Header
Cookies Have Associated Expiration
Session (Default)
Date / Time
Associated With a URL Path, Not a Page!
Allows Passing Parameters Between Web
Pages
Thus Cookies are Used to Provide State
Information to a Stateless Protocol
3
Cookie Jar
Cookie Storage
Internet Explorer
c:\windows\cookies
Each Has its Own File
Netscape Navigator
cookies.txt (all kept in the file)
Limits
20 Cookies
4K Per Name/Value Pair
4
More Cookies
Cookies are Traditionally Set By Server
Set-Cookie
Browser is Responsible For Maintaining Them
Stored On Client’s Computer
Passed to Server When Web Site is Revisited
HTTP-Cookie
Cookie Attributes
Name – The Name of the Cookie
Subsequent References to Same Name Overwrites
Cookie Attributes
Value – The Value of the Cookie Identified by Name
Expiration – When the Cookie Expires
No Date Specified – Cookie Expires at End of Session
Past Date/Time – Delete the Cookie
Future Date/Time – Delete the Cookie After This Date
Example
5
Cookie Bits
Example Cookie
Set-Cookie:
tollhouse=favorite;expires=Thursday, 16-Mar2000 00:00:00 GMT;path=“”
Note That Date Must Follow This Format:
Weekday, DD-MMM-YYYY HH:MM:SS GMT
RFCs specify GMT as the mechanism for
handling time problems on the Internet
HTTP-Cookie Only Sends Name/Value Pair
6
Cookies - JavaScript
Cookies Can be Set in JavaScript
document.cookie = “ “
Use Date.toGMTString() to set expiration date
E.g.
document.cookie = “version=1.0; ” + “expires=“ +
edate.toGMTString();
To Read a Cookie Value in JavaScript
var allcookies= document.cookie;
var pos = allcookies.indexOf(“version=“);
if (pos != -1) {
var start = pos +8;
var end = allcookies.indexOf(“;”,start);
if (end == -1) end = allcookies.length;
var value = allcookies.substring(start,end);
vervalue = unescape(value);
}
7
Cookie Structure
Path Information
Default is to Send Cookie to Any URL in the Same
Directory or any Subdirectory of the Page Which Set
Cookie
Path Attribute Can Request That Cookie Be Sent to All
URLs in Path (and its Subdirectories)
Only Paths That are a Prefix of Current URL are Allowed
If Cookies Overlap, All are Sent.
Ordered by Most Specific to Least Specific Match
Domain Attribute – Allows Cookies to Be Shared Across
Sites
Must Be Part of Same Domain
E.g. boston.brandeis.edu and lab.brandeis.edu are part
of the same domain but may be different servers
Secure – Only Sends Cookie If Secure Protocol is Used
(e.g. SSL)
8
Security Issues
Protections:
Cookie Can Only Store Information Already Known to
Server
Can’t Access Hard Disk, etc.
Data Only – Not Executed by Client Machine
Data Can’t Be Shared Across Sites
Concerns:
Of Course This Assumes That Browser Follows the Rules
Browser Can Store Sensitive Information
E.g. If Server Doesn’t Set Secure Tag, a Credit Card # May Be
Passed in Clear to Another Page in Same Path
“Invisible” to Users
Paths Are Not Always Obvious
E.g. Multiple Sites Receive Graphics From DoubleClick Server
DoubleClick Can Now Gather “Cross-Site” Information
Zealous privacy folks advocate turning off cookies
9
Performance Tuning / Testing
Performance Improvements
Server Scripting, etc. Degrades Server Performance
Minimize Reliance on Server Scripting
“Compile” Frequently Used Documents
Increase CPU, Disk, Caching, Internet Pipe
Multiple Servers (Basic)
Distribute Pages Across Servers
Multiple Servers (Advanced)
Route Requests to Multiple Servers
Round Robin DNS
DNS Server Returns a Different IP Address Each Time
10
Web Robots
Spiders, Crawlers, and Bots, Oh My!
Programmatically Visit and “Analyze” Web Sites
Gather Information From The Site
Typically as Data For Search Engines
Validate Links For Currency
Follow Links
Robot Protocol (Voluntary)
robots.txt – In top-level Directory of a Site
User-Agent: Names of Robots or *
Disallow: Parts of Hierarchy to Disallow or /
<META Name=“Robots” Content=“NoIndex, NoFollow”>
Or Index, Follow – Tells Robot Whether or Not to Index Site,
Follow Links
User-Agent Typically Identifies Robot
Accesses to robot.txt
11
Building Web Robots
Issues When Building a Robot
Follow Web Exclusion Rules
Parsing
Ability to Parse HTML For Target Info. Identify Links.
Iteration
Search Strategies:
Breadth First
Depth First
Avoid Endless Loops
Don’t Revisit Links Already Visited
Don’t Follow Outside Links?
Termination
Depth, Sites Visited, Time, High Proportion of Duplicate Links
Tools For Bulding Robots
JavaScript
VB 6 – Internet Transfer Control and Web Browser Control
Others
12
Trends toward smaller devices
Moore’s law
History of Computers
trend toward smaller devices
trend toward cheaper devices
processors in more and more devices
TCP/IP can expand well beyond PCs
5 year time frame ( Gartner Group )
a billion mobile phones ( US lags behind
Europe and Asia )
over half of Internet access through non-PCs
M-Commerce replaces E-Commerce
13
Wireless Internet
HDML - 1995
Handheld Device Markup Language
subset of HTML
I-mode - Japan
uses a tag language based on HTML
cHTML
7 million users
WAP/ WML
currently at 1.3 ( 1.1 widely supported )
protocol extends Internet to Phones
specialized for smaller screens
GPRS general packet radio switching
14
Wireless ‘Non-Internet’
continued investment - limited commercial
success
Bluetooth
develop a wireless standard for all devices
low earth orbit satellites
must be in low orbit
big time failures (Iridium, Globalstar) Teledisic ?? ( Bill Gates and Craig McCaw )
Many premature predictions about wireless
1993 was supposed to be the year of wireless
issues of latency, reliability, security,
processing power
15
WAP Application Architecture
WAP Gateways
connect Wireless Messages with Internet
Leverage the Internet plumbing
Wireless requested converted to HTTP
16
WAP Gateways
Implement WAP protocol stack layers
account for security and sessions
convert WSP -> HTTP
Encodes HTTP heads as binary tokens
Domain Name Resolution
HTML to WML conversion
limited success so far
encode WML content
Security
Cache frequently accessed content
17
WAP Gateways
offered by all major vendors
Noika
Motorola
Ericsson
Kannel ( Open-Source WAP Gateway )
18
WAP Protocol Stack
derived from the OSI Reference Model
Application Layer ( WAE )
Session Layer ( WSP )
Transaction Layer ( WTP )
Security Layer ( WTLS )
Transport Layer ( WDP )
Bearers (SMS, CSD, USSD, CDMA, CDPD ..
Others )
19
Phone emulators
Simulate phone usage ( see example )
not perfect approximation
used to develop wireless applications
Noika WAP Toolkit
image support
Phone.Com ( UP.Simulator )
Ericson
Motorola
VoxML ( precedes VoiceXML )
host of other tools
Microsoft Mobile Explorer
provide a useful tool for test/debug cycles
still at the early stages
20
WAP Devices
limited processing power
limited RAM
embedded Browsers
do not behave the same
cache requests
emulators simulate ( do not forget to clear )
lots of latency
currently 9600 bits per second
versus 56 kilo bits per second wired
Deja-vu for programmers
back to 64K barriers
machine code
21
Configuring Servers for Wireless
add MIME types (.htaccess in Apache, IIS
Registry)
wml - text/vnd.wap.wml
wlmc - application/vnd.wap.wmlc.
wmls - text/vnd.wap.wmlscript
wmlsc - application/vnd.wap.wmlscriptc
wbmp - image/vnd.wap.wbmp
Shore.net Apache server supports wml
Call server scripts within documents same as
before
support for CGI/Perl
Cold Fusion
JSP/ASP
22
WML
designed for small displays
deck of cards metaphor
replaces <BODY> concept
XML
all docs need an XML declaration and DTD
all documents must be well formed
Text Formating
used for all text
breaks text
support for styles
Bold <b></b>
Italitic <I></I>
23
WML
anchor tags wrap links same as HTML
<go> tag indicates action when link is
selected
# used to select other cards in the deck
WML Input
<input name =“var” > tag
variables then displayed with ‘$’ delimiter
24
More WML
tag sends the user back to the
previous document
<do> associates an action with a given
element
<do type=“prev” label=“Previous”>
</do>
Creates a Previous operation for a softkey
<select> element
25