SLIDE 1
COOKIES Ho w ca n ap ps maintai n use r stat e ? Cookie s ! small - - PowerPoint PPT Presentation
COOKIES Ho w ca n ap ps maintai n use r stat e ? Cookie s ! small - - PowerPoint PPT Presentation
CS 498RK SPRING 2020 COOKIES Ho w ca n ap ps maintai n use r stat e ? Cookie s ! small bits of data downloaded to your computer so that a site can remember you and what you did on subsequent visits Bro w se r Serve r first request
SLIDE 2
SLIDE 3
Cookies!
small bits of data downloaded to your computer so that a site can “remember” you and what you did on subsequent visits
SLIDE 4
Server Browser
http:/ /www.example.org
first request response + request +
SLIDE 5
uniquely assigned to you and your computer can be read only by a Web server in the domain that issued the cookie to you new browser, different computer, delete cookies? 1st time user
HOW THEY WORK
SLIDE 6
cookies are bits of text not sofuware cannot read information, run programs, or install sofuware
ARE THEY SAFE?
SLIDE 7
ePrivacy Directive (‘Cookie Law’) Modify browser settings to block cookies or ask for approval Blocking cookies can interfere with site usability
but what if I don’t like cookies…
SLIDE 8
ePrivacy Directive Requires informed consent Blocking cookies can interfere with site usability
COOKIE LAW
SLIDE 9
Uses
SLIDE 10
SESSION MANAGEMENT
Remember a user as they navigate through site Unique session identifier sent to the server Site database stores user’s personal information Used to remember an authenticated user
SLIDE 11
PERSONALIZATION
experience for visitors who previously browsed shoes experience for visitors in cold weather locations
https://www.optimizely.com/products/personalization/
SLIDE 12
TRACKING
Track user behavior on site what they do, how ofuen they come back, etc. build up server logs for each user
V I S I T
SLIDE 13
Types
SLIDE 14
SESSION COOKIES
exists only in temporary memory while the user navigates the website deleted when user closes the browser (no expiration date)
SLIDE 15
PERSISTENT COOKIES
transmitted to the server every time the user visits the website that it belongs to
- r every time the user views a resource belonging to
that website from another website (tracking) expires at a specific date or afuer a specific length of time
SLIDE 16
THIRD-PARTY COOKIES
Set when retrieving components on a web page that are stored on servers in other domains Allows advertising companies to track users across multiple sites
SLIDE 17
WEB BEACONS
web bug, tracking bug, page tag, tag implemented through embedded image: tracking pixel, pixel tag, 1x1 gif, clear gif phones home (usually used with cookies)
SLIDE 18
Implementation
SLIDE 19
GET /index.html HTTP/1.1 Host: www.example.org …
https://en.wikipedia.org/wiki/HTTP_cookie
Client’s First Request to a Site
SLIDE 20
HTTP/1.0 200 OK Content-type: text/html Set-Cookie: theme=light Set-Cookie: sessionToken=abc123; Expires=Wed, 09 Jun 2021 10:18:14 GMT …
https://en.wikipedia.org/wiki/HTTP_cookie
Server Response
Session Cookie Persistent Cookie
SLIDE 21
GET /spec.html HTTP/1.1 Host: www.example.org Cookie: theme=light; sessionToken=abc123 …
https://en.wikipedia.org/wiki/HTTP_cookie
Client Request to Another Page On Site
SLIDE 22
COOKIES WITH EXPRESS
Use the "cookie-parser" middleware to parse requests
const express = require('express') const cookieParser = require('cookie-parser') const app = express() app.use(cookieParser()) app.get('/', (req, res) => { // Cookies that have not been signed console.log('Cookies: ', req.cookies) // Cookies that have been signed console.log('Signed Cookies: ', req.signedCookies) }) app.listen(8080) https://expressjs.com/en/resources/middleware/cookie-parser.html
SLIDE 23
COOKIES WITH EXPRESS
Use the "res.cookie()" function to set cookies in responses
res.cookie('cart', { items: [1, 2, 3] }) res.cookie('rememberme', '1', { maxAge: 900000, httpOnly: true }) res.cookie('name', 'tobi', { domain: '.example.com', path: '/admin', secure: true }) https://expressjs.com/en/5x/api.html#res.cookie