CS 498RK SPRING 2020 COOKIES
Ho w ca n ap ps maintai n use r stat e ?
Cookie s ! small bits of data downloaded to your computer so that a site can “remember” you and what you did on subsequent visits
Bro w se r Serve r first request http:/ /www.example.org response + request +
HOW THEY WORK uniquely assigned to you and your computer can be read only by a Web server in the domain that issued the cookie to you new browser, di ff erent computer, delete cookies? 1st time user
ARE THEY SAFE? cookies are bits of text not so fu ware cannot read information, run programs, or install so fu ware
but what if I don’t like cookies… ePrivacy Directive (‘Cookie Law’) Modify browser settings to block cookies or ask for approval Blocking cookies can interfere with site usability
COOKIE LAW ePrivacy Directive Requires informed consent Blocking cookies can interfere with site usability
Use s
SESSION MANAGEMENT Remember a user as they navigate through site Unique session identifier sent to the server Site database stores user’s personal information Used to remember an authenticated user
PERSONALIZATION experience for visitors who experience for visitors in previously browsed shoes cold weather locations https://www.optimizely.com/products/personalization/
TRACKING Track user behavior on site what they do, how o fu en they come back, etc. V I S I T build up server logs for each user
Type s
SESSION COOKIES exists only in temporary memory while the user navigates the website deleted when user closes the browser (no expiration date)
PERSISTENT COOKIES transmitted to the server every time the user visits the website that it belongs to or every time the user views a resource belonging to that website from another website (tracking) expires at a specific date or a fu er a specific length of time
THIRD-PARTY COOKIES Set when retrieving components on a web page that are stored on servers in other domains Allows advertising companies to track users across multiple sites
WEB BEACONS web bug, tracking bug, page tag, tag implemented through embedded image: tracking pixel, pixel tag, 1x1 gif, clear gif phones home (usually used with cookies)
Implementatio n
Client’s First Request to a Site GET /index.html HTTP/1.1 Host: www.example.org … https://en.wikipedia.org/wiki/HTTP_cookie
Server Response HTTP/1.0 200 OK Sessio n Cooki e Content-type: text/html Set-Cookie: theme=light Set-Cookie: sessionToken=abc123; Expires=Wed, 09 Jun 2021 10:18:14 GMT … Pe r sisten t Cooki e https://en.wikipedia.org/wiki/HTTP_cookie
Client Request to Another Page On Site GET /spec.html HTTP/1.1 Host: www.example.org Cookie: theme=light; sessionToken=abc123 … https://en.wikipedia.org/wiki/HTTP_cookie
COOKIES WITH EXPRESS Use the "cookie-parser" middleware to parse requests const express = require('express') const cookieParser = require('cookie-parser') const app = express() app.use(cookieParser()) app.get('/', (req, res) => { // Cookies that have not been signed console.log('Cookies: ', req.cookies) // Cookies that have been signed console.log('Signed Cookies: ', req.signedCookies) }) app.listen(8080) https://expressjs.com/en/resources/middleware/cookie-parser.html
COOKIES WITH EXPRESS Use the "res. cookie() " function to set cookies in responses res.cookie('cart', { items: [1, 2, 3] }) res.cookie('rememberme', '1', { maxAge: 900000, httpOnly: true }) res.cookie('name', 'tobi', { domain: '.example.com', path: '/admin', secure: true }) https://expressjs.com/en/5x/api.html#res.cookie
Recommend
More recommend