Lecture 15
CGI Sessions
Perl
CPE 401 / 601
Computer Network Systems
slides are modified from Dave Hollinger and Shwen Ho
Sessions
 Many web sites allow you to establish a
session.


you identify yourself to the system.
now you can visit lots of pages, add stuff to
shopping cart, establish preferences, etc.
CGI Sessions
2
State Information
 Remember that each HTTP request is
unrelated to any other

as far as the Web server is concerned
 Each new request to a CGI program starts
up a brand new copy of the CGI program.
 Providing
sessions requires keeping state
information.
CGI Sessions
3
Session Conversation
Client
Hi! I'm Joe.
Hi Joe (it's him again)
Welcome Back...
Server
CGI1
I wanna buy a cookie.
CGI2
OK Joe, it will be
there tomorrow.
CGI Sessions
4
Hidden Field Usage
 One way to propagate state information is to
use hidden fields.
 User identifies themselves to a CGI program

fills out a form
 CGI sends back a form that contains hidden
fields that identify the user or session.
CGI Sessions
5
Revised Conversation
Initial form has field for user name.
GET /cgi1?name=joe HTTP/1.0
CGI1 creates order form with hidden field.
GET/cgi2?name=joe&order=cookie HTTP/1.0
CGI Sessions
6
Session Keys
 Many Web based systems use hidden fields
that identify a session.
 When the first request arrives, the system
generates a unique session key and stores
it in a database.
 The session key can be included in all
forms/links generated by the system

as a hidden field or embedded in a link
CGI Sessions
7
Session Key Properties
 Must be unique.
 Should
expire after a while.
 Should be difficult to predict.
 typically use a pseudo-random number generator
seeded carefully.
CGI Sessions
8
Pizza Server Session Keys
 We define a server to use session keys:
<INPUT TYPE=HIDDEN NAME=sessionkey
VALUE=HungryStudent971890237>
 A request to order a pizza might look like this
 all on one line
GET /pizza.cgi?sessionkey=
HungryStudent971890237&pizza=cheese
&size=large HTTP/1.0
CGI Sessions
9
HTTP Cookies
 A "cookie' is a
name,value pair that a CGI
program can ask the client to remember.
 The client sends this name,value pair along
with every request to the CGI.
 We can also use "cookies" to propagate
state information.
CGI Sessions
10
Cookies are HTTP
 Cookies are HTTP headers.
 A server (CGI) can
give the browser a
cookie by sending a Set-Cookie header line
with the response.
 A client can send back a cookie by sending a
Cookie header line with the request.
CGI Sessions
11
Set-Cookie Header Options
The general form of the Set-Cookie header is:
Set-Cookie: name=value; options
The options include:
expires=...
domain=...
path=...
CGI Sessions
12
Setting a cookie
HTTP/1.0 200 OK
Content-Type: text/html
Set-Cookie: customerid=0192825
Content-Length: 12345
...
CGI Sessions
13
expires Option
 This tells the browser how long to hang on to the
cookie.
expires=Friday 29-Feb-2000 00:00:00 GMT
 The time/date format is very specific!
Weekday, Day-Month-Year Hour:Minute:Second GMT
CGI Sessions
14
Default expiration
 If there is no expires option on the Set-
Cookie header line,

the browser does not save the cookie to disk.
 In this case, when the browser is closed
it will forget about the cookie.
CGI Sessions
15
domain Option
domain=.unr.edu
 The domain option tells the browser the
domain(s) to which it should send the cookie.
 Domains as in DNS.
 The domain must start with "." and contain
at least one additional "."
CGI Sessions
16
Domain option rules
 The server that sends the Set-Cookie
header must be in the domain specified.
 If no domain option is in the header, the
cookie will only be sent to the same server.
: CGI Sessions
17
path Option
path=/
or
path=/~mgunes/cpe401
 The path option tells the browser what
URLs the cookie should be sent to.
CGI Sessions
18
path default
 If no path is specified in the header,

A

the cookie is sent to only those URLs that have
the same path as the URL that set the cookie.
path is the leading part of the URL
does not include the filename
CGI Sessions
19
Default Path Example
If the cookie is sent from:
/~mgunes/cpe401/pizza/pizza.cgi
it would also be sent to
/~mgunes/cpe401/pizza/blah.cgi
but not to
/~mgunes/cpe401/soda/pizza.cgi
CGI Sessions
20
Set-Cookie Fields
 Many options can be specified.
 Things are separated by ";"
Set-Cookie: a=blah; path=/;
domain=.cse.unrr.edu;
expires=Thursday, 21-Feb-2002
12:41:07 2002
CGI Sessions
21
CGI cookie creation
 A CGI program can send back any number
of HTTP headers.

can set multiple cookies
 Content-Type is required!
 Blank line ends the headers!
CGI Sessions
22
C Example
printf("Content-Type: text/html\r\n");
printf("Set-Cookie: prefs=nofrms\r\n");
printf("Set-Cookie: Java=yes\r\n");
printf("\r\n");
… now sends document content
CGI Sessions
23
Getting HTTP Cookies
 The browser sends each cookie as a header:
Cookie: prefs=nofrms
Cookie: Java=OK
 The Web server gives the cookies to the CGI
program via an environment variable.
CGI Sessions
24
Multiple Cookies
 There can be more than one cookie.
 The Web Server puts them all together
like this:
prefs=nofrms; Java=OK
and puts this string in the environment
variable: HTTP_COOKIE
CGI Sessions
25
Cookie Limits
 Each cookie can be up to 4k bytes.
 One "site" can store up to 20 cookies on a
user's machine.
CGI Sessions
26
Cookie Usage
 Create a
session.
 Track user browsing behavior.
 Keep track of user preferences.
 Avoid logins.
CGI Sessions
27
Cookies and Privacy
 Cookies can't be used to:

send personal information to a web server without
the user knowing about it.

be used to send viruses to a browser.

find out what other web sites a user has visited.*

access a user's hard disk
* although they can come pretty close to this one!
CGI Sessions
28
Some Issues
 Persistent cookies take up space on user's
hard disk.
 Can be used to track your behavior within a
web site.

This information can be sold or shared.
 Cookies can be shared by cooperating sites
 advertising agencies do this.
CGI Sessions
29
Perl
 Practical Extration and Reporting Language

a high-level programming language
• whose semantics are largely based on C
 Designed for text manipulation
 Very fast to implement
 particularly strong at process, file and text
manipulation
 Runs on many different platform
 Windows, Mac, Unix, Linux, Dos, etc
Perl
31
Running Perl
 Perl scripts do not need to be compiled
 interpreted at the point of execution
 do not necessarily have a particular file extension
• “.pl” is used commonly
 Executing it via the command line
command line> perl script.pl arg1 arg2 ...
 Or add the line "#!/usr/bin/perl" to the start
of the script if you are using unix/linux
./perlscript.pl
• Remember to set the correct file execution permissions
before running it
Perl
32
Beginning Perl
 Every statement end with a semi colon ";"
 Comments are prefixed at the start of the line
with a hash "#"
 Variables are assigned a value using the "="
 Variables are not

statically typed,
No need to declare what kind of data you want to hold in
them.
 Variables are declared the first time you initialize
them and they can be anywhere in the program.
Perl
33
Scalar Variables
 Contains single piece of data
 '$' character shows that a variable is scalar
 Scalar variables can store
 number
 string
• a chunk of text surrounded by quotes
$name = "paul";
$year = 1980;
print "$name is born in $year";
output: paul is born in 1980
Perl
34
Arrays Variables (List)
 Ordered list of data, separated by commas
 '@' character shows that a variable is an
array
Array of numbers
@year_of_birth = (1980, 1975, 1999);
Array of string
@name = ("Paul", "Jake", "Tom");
Array of both string and numbers
@paul_address = (14,"Cleveland St","NSW",2030);
Perl
35
Retrieving data from Arrays
 Printing Arrays
@name = ("Paul", "Jake", "Tom");
print "@name";
 Accessing individual elements in an array
@name = ("Paul", "Jake", "Tom");
print "$name[1]";
 What has changed?

@name to $name
To access individual elements use the syntax
$array[index]
 Why did $name[1] print the second element?

index 0 represents the first element.
Perl
36
Arrays …
@name = ("Paul", "Jake", "Tom");
print "@name";
Paul Jake Tom
print @name;
PaulJakeTom
[email protected];
$count = 3
@nameR=reverse(@name); @nameR=("Tom","Jake","Paul")
@nameS=sort(@name);
@nameS=("Jake","Paul","Tom")
Perl
37
Basic Arithmetic Operators
+
*
/
++
-$a += 2
$b *= 3
Addition
Subtraction
multiplication
division
adding one to the variable
subtracting one from the variable
incrementing variable by 2
tripling the value of the variable
Perl
38
Relational Operators
Comparison
Equals
Not equal
Less than
Greater than
Less than or equal
Greater than or equal
Comparison
Numeric
String
==
!=
<
>
<=
>=
<=>
eq
ne
lt
gt
le
gt
cmp
Perl
39
Control Operators - If
if ( expression 1) {
...
}
elsif (expression 2) {
...
}
else {
...
}
Perl
40
Iteration Structures
 while (CONDITION) { BLOCK }
 until (CONDITION) {BLOCK}
 do {BLOCK} while (CONDITION)
 for (INITIALIZATION ; CONDITION ;
Re-INITIALIZATION) {BLOCK}
 foreach VAR (LIST) {BLOCK}

for VAR (LIST) {BLOCK}
Perl
41
Iteration Structures
$i = 1;
while($i <= 5){
print "$i\n";
$i++;
}
for($x=1; $x <=5; $x++) {
print "$x\n";
}
@array = [1,2,3,4,5];
foreach $number (@array){
print "$number\n";
}
Perl
42
String Operations
 Strings can be concatenated with the dot operator
$lastname = "Harrison";
$firstname = "Paul";
$name = $firstname . $lastname;
$name = "$firstname$lastname";
 Comparison can be done with the relational operator
$string1 = "hello";
$string2 = "hello";
if ($string1 eq $string2)
{ print "they are equal"; }
else { print "they are different"; }
Perl
43
String comparison using patterns
 The ‘=~ ’ operator return true if the pattern within
the ‘/’ quotes are found.
$string1 = "HELLO";
$string2 = "Hi there";
# test if the string contains the pattern EL
if ($string1 =~ /EL/)
{ print "This string contains the pattern"; }
else { print "No pattern found"; }
Perl
44
Functions in Perl
 No strict variable type restriction during
function call
 Perl has provided lots of useful functions
chop - remove the first character of a string
 chomp - remove the carriage return character
from the end of a string
 push
- append one or more element into an array
 pop
- remove the last element of an array and
return it
 shift
- remove the first element of an array and
return it
s
- replace a pattern with a string

Perl
45
Functions in Perl
 The "split" function breaks a given string
into individual segments given a delimiter
 split( /pattern/, string) returns a list
@output = split (/\s/, $string);
# breaks the sentence into words
@output = split (//, $string);
# breaks the sentence into single characters
@output = split (/,/, $string);
# breaks the sentence into chunks separated by a
comma.

join ( /delimiter/, array) returns a string
Perl
46
Functions in Perl
A simple perl function
sub sayHello {
print "Hello!!\n";
}
sayHello();
Perl
47
Executing functions in Perl
 Function arguments are stored automatically in a
temporary array called @_
sub sayHelloto {
@name = @_;
$count = @_;
foreach $person (@name){
print "Hello $person\n";
}
return $count;
}
@array = ("Paul", "Jake", "Tom");
sayHelloto(@array);
sayHelloto("Mary", "Jane", "Tylor", 1, 2, 3);
Perl
48
Input / Output
 Perl allows you to read in any input that is
automatically sent to your program via
standard input by using the handle <STDIN>.
 Other I/O topics include reading and
writing to files, Standard Error (STDERR)
and Standard Output (STDOUT).
 One way of handling inputs via <STDIN> is to
use a loop to process every line of input
Perl
49
Input / Output
 Count the number of lines from standard
input and
 print the line number together with the 1st
word of each line.
$count = 1;
foreach $line (<STDIN>){
@array = split(/\s/, $line);
print "$count $array[0]\n";
$count++;
}
Perl
50
Regular Expression
 Regular expression is a set of characters
that specify a pattern.
 Used for locating piece of text in a file.
 Regular expression syntax allows the user to
do a "wildcard" type search without
necessarily specifying the character literally
 Available across OS platform and
programming language.
Perl
51
Simple Regular Expression
 A simple regular expression contains the
exact string to match
$string = "aaaabbbbccc";
if($string =~ /bc/){
print "found pattern\n";
}
output: found pattern
Perl
52
Simple Regular Expression
 The variable ‘$& ’ is automatically set to the
matched pattern
$string = "aaaabbbbccc";
if($string =~ /bc/){
print "found pattern : $&\n";
}
output: found pattern bc
Perl
53
Simple Regular Expression
 What happen when you want to match a
generalised pattern

like an "a" followed by some "b"s and a single "c"
$string = "aaaabbbbccc";
if($string =~ /abbc/){
print "found pattern : $&\n";
}
else {print "nothing found\n"; }
output: nothing found
Perl
54
Regular Expression - Quantifiers
 We can specify the number of times we want
to see a specific character in a regular
expression by adding operators behind the
character.
 ‘ * ’ (asterisk)
 matches zero or more copies of a specific character
 ‘ + ’ (plus)
 matches one or more copies of a specific character
Perl
55
Regular Expression - Quantifiers
@array = ["ac", "abc", "abbc", "abbbc",
"abb", "bbc", "bcf", "abbb", "c"];
foreach $string (@array){
if($string =~ /ab*c/){
print "$string ";
}
}
output:
ac abc abbc abbbc
Perl
56
Regular Expression - Quantifiers
@array = ["ac", "abc", "abbc", "abbbc",
"abb", "bbc", "bcf", "abbb", "c"];
Regular Exp Matched pattern
abc
abc
ab*c
ac abc abbc abbbc
ab+c
abc abbc abbbc
Perl
57
Regular Expression - Anchors
 Anchor restrictions preceding and behind the
pattern specify where along the string to
match to.
 ‘^’ indicates a beginning of a line restriction
 ‘$’ indicates an end of line restriction
Perl
58
Regular Expression - Anchors
@array = ["ac", "abc", "abbc", "abbbc",
"abb", "bbc", "bcf", "abbb", "c"];
Regular Exp Matched pattern
^bc
bc
^b*c
bbc bcf c
^b*c$
bbc c
b*c$
ac abc abbc abbbc bbc c
Perl
59
Regular Expression - Range
 […] is used to identify the exact characters
you are searching for
 [0123456789] will match a single numeric
character
 [0-9] will also match a single numeric
character
 [A-Za-z] will match a single alphabet of any
case
Perl
60
Regular Expression - Range
 Search for a word that
 starts with the uppercase T
 second letter is a lowercase alphabet
 third letter is a lower case vowel
 is 3 letters long followed by a space
 Regular expression : "^T[a-z][aeiou] "
 Note : [z-a] is backwards and does not work
 Note : [A-z] does match upper and lowercase but
also 6 additional characters between the upper and
lower case letters in the ASCII chart: [ \ ] ^ _ `
Perl
61
Regular Expression - Others
 Match a single character (non specific) with "." (dot)
a.c
matches any string with "a" follow by one character
and followed by "c"
 Specifying number of repetition sets with "\{" and "\}“
[a-z]\{4,6\}
match four, five or six lower case alphabet
 Remembering Patterns with "\(,\)" and "\1"
 Regular Exp allows you to remember and recall patterns
Perl
62
RegExp problem and strategies
 You tend to match more lines than desired.
A.*B matches AAB as well as
AAAAAAACCCAABBBBAABBB
 Knowing what you want to match
 Knowing what you don’t want to match
 Writing a pattern out to describe that you
want to match
 Testing the pattern
Perl
63
Web Servers & CGI
 Most web server are capable of running CGI
programs.
 The server must be able to determine
whether a URI refers to:

Document
• just send it back

CGI program
• run it and send back the result.
CGI …
65
CGI recognition
 Some servers insist that CGI programs be in
a special place

typically the URL path is one of:
/CGI-BIN /cgi-bin /CGI /cgibin
 Some servers look at the filename:
 filename ends with .cgi
 Some servers are given a list of URLS that
are CGIs
CGI …
66
User files and Web Servers
On Unix based web servers, the URL
/~username
is typically mapped to the directory
~username/public.html
-or~username/public_html
CGI …
67
www.cse.unr.edu
 On the CSE web server you should put your
files in ~/public.html
The URI
http://www.cse.unr.edu/~you
is your home page where you is your CSE
username.
CGI …
68
Directories
 Most web servers do the following when a
URL maps to a directory:

if there is a file named index.html in the directory
• it is sent back.

if there is no index.html,
• an HTML formatted directory listing is sent back.
CGI …
69
Debugging
 It's hard to debug a CGI program!
 Debugging print statements should generate
HTML.
 You can run the program from the Unix
command line

you just need to set the environment variables
right (use GET for this).
CGI …
70
CGI script example
Perl
71
HTML for Forms
<HTML>
<HEAD>
<TITLE>cgi-test</TITLE>
</HEAD>
<BODY>
<p> This is a sample page to read
two data items from the web page:
<form action="cgi-bin/xaction" method=get>
<p>First name=<input type=text name=xfirst size=10>
<br>Last name=<input type=text name=xlast size=20>
<br> <input type=submit value=SEND>
<input type=reset value=RESET>
</form>
Parameters passed as arguments
</BODY>
xfirst and xlast
</HTML>
Perl
72
Perl - CGI script
#!/usr/bin/perl
print “Content-Type: text/html\n\n”;
print “<html><head>\n”;
print “<title>Sample PERL script</title>\n”;
print “</head><body>\n”;
print “<p>Query_string is $ENV{'QUERY_STRING'}\n”;
foreach ( split( /&/, $ENV{'QUERY_STRING'}) )
{ ( $key, $val ) = split( /=/, $_, 2 );
$tmp{$key} = $val; }
print “<p>First name is <b>$tmp{'xfirst'}</b>\n”;
print “<p>Last name is <b>$tmp{'xlast'}</b>\n”;
print “</body></html>\n”
• Perl program first reads parameters as xfirst&zlast from $ENV
(environment) into QUERY_STRING
• Output of Perl is the syntax of an HTML page that is displayed
Perl
73
Descargar

Lecture 1 Internet