Scribd Logo
Upload

Welcome to Scribd!

  • 24 views

    Managing States

    Uploaded by

    Richmond Chua
    HTTP is a stateless protocol that does not remember past requests and responses. There are four traditional techniques to manage and introduce state into HTTP: 1) Login pages use URL rewriting or hidden fields to pass credentials. URL rewriting only works for GET requests while hidden fields are used for POST. 2) Cookies store name-value pairs on the client computer and are used to remember information like session IDs. However, cookies present security risks like session hijacking if logged into sensitive sites on public networks. 3) HTTP session objects store name-value pairs on the server instead of the client computer, avoiding security issues of cookies. The session data is tied to the client using a session ID.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    Managing States

    Uploaded by

    Richmond Chua
    24 views1 page
    HTTP is a stateless protocol that does not remember past requests and responses. There are four traditional techniques to manage and introduce state into HTTP: 1) Login pages use URL rewriting or hidden fields to pass credentials. URL rewriting only works for GET requests while hidden fields are used for POST. 2) Cookies store name-value pairs on the client computer and are used to remember information like session IDs. However, cookies present security risks like session hijacking if logged into sensitive sites on public networks. 3) HTTP session objects store name-value pairs on the server instead of the client computer, avoiding security issues of cookies. The session data is tied to the client using a session ID.

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    HTTP is a stateless protocol that does not remember past requests and responses. There are four traditional techniques to manage and introduce state into HTTP: 1) Login pages use URL rewriting or hidden fields to pass credentials. URL rewriting only works for GET requests while hidden fields are used for POST. 2) Cookies store name-value pairs on the client computer and are used to remember information like session IDs. However, cookies present security risks like session hijacking if logged into sensitive sites on public networks. 3) HTTP session objects store name-value pairs on the server instead of the client computer, avoiding security issues of cookies. The session data is tied to the client using a session ID.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    24 views1 page

    Managing States

    Uploaded by

    Richmond Chua
    HTTP is a stateless protocol that does not remember past requests and responses. There are four traditional techniques to manage and introduce state into HTTP: 1) Login pages use URL rewriting or hidden fields to pass credentials. URL rewriting only works for GET requests while hidden fields are used for POST. 2) Cookies store name-value pairs on the client computer and are used to remember information like session IDs. However, cookies present security risks like session hijacking if logged into sensitive sites on public networks. 3) HTTP session objects store name-value pairs on the server instead of the client computer, avoiding security issues of cookies. The session data is tied to the client using a session ID.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    of 1

    Managing States

    HTTP

    - Way of clients and server speaks


    - Messenger of web in short
    - Stateless – no memory like finding dory, it doesn’t remember the clients
    request and response

    Because HTTP is stateless there are 4 traditional techniques to manage states


    and let HTTP become stateful.

    - Login Pages
    o URL Rewriting – use when you want to link urls or links
     Only applicable on GET method, not applicable for POST due
    to:
     Lengthy data
     Security issues
     Placed in <a href=”place URL here of GET”>Some Text</a>
     Data acquired through getParameter() with ServletRequest
     URL have limited symbols that you can use because other
    symbols are used on HTML code
    o Hidden Fields – used when you want to pass passwords
     Use on post method because password is hidden
     Data acquired through getParameter() with ServletRequest
    o Cookies
     Server -> Client (Request, Response)
     request.getCookie() to remember the cookie that the
    client requested
     The name and value pairs are saved in the clients computer
     J Session ID – Lets say you login to chinabank every time
    you input a username and password the server throws a
    response which is “cookie” the cookie tries to remember your
    username and password that creates a name and values pair
    which is the J session ID
     Now if you connect to a public wifi and access your
    bank account there is a high possibility of “Session
    Hijacking” – a “sniffer” is used to pretend a web
    action on the URL’s J session ID
     In short summary do not log in to banking sites on a
    closed or public network
     Session id (name) – stored in your computer’s harddrive or
    clients computer
    o HTTPSession Objects
     The name and value pairs are saved in the server
     Session data (value) stored on the server
     You don’t instantiate HTTPSession object because it a
    interface instead you run it through the request method.

    You might also like

    pFad - Phonifier reborn

    Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

    Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


    Alternative Proxies:

    Alternative Proxy

    pFad Proxy

    pFad v3 Proxy

    pFad v4 Proxy