A290/A590, Fall 2014
09/25/2014

• No office hours today, but I will be available tomorrow, Fri Sep 26, from 12:45pm to
2:15pm in Info West 109 (our regular room)
• Lab 4 extended to tomorrow night
• Lab 5 has been posted

• Allow for information to be passed between a form to CGI script.
• The Submit button must be clicked for the hidden information to be passed.
• The information is not saved on either the client or the server. It is passed from the client
every time the form is submitted.

• Allow for a server script to save data on the
client (the browser).
• When accessing a web page/script, the browser automatically sends the cookies associated with that page (as determined by the Domain and Path fields of the cookie)
• The data is stored on the client, so there is no
need to submit a form to facilitate the data transfer.

• All data related to a browser session is stored on the server in a session file.
– or as we'll learn later, in a database
• How do we know which session file is associated with which browser session?
– The first time a server script is loaded, it can generate a unique
session ID and store it in a cookie on the browser.
– When the script is loaded subsequently, the browser sends it
the session ID cookie, and the server will know which session file to use.
• What is the format of the session file?
– Whatever you make it. A simple text file to keep track of name/value pairs is all that's required.

• Session files are more efficient than cookies, since only the session ID needs to be sent, not all session information.
• Session files are more secure than cookies, since they can't be tampered with on the client.

• You will need to write a small session file management component. It should be able to:
– generate a random session id using uuid.uuid4() if one doesn't already exists
– retrieve the session id from the cookie sent by the browser (you know how to do this already!)
– create a text file with the same name as the session id
– store and retrieve the session information to and from the file

• Remember the forms we wrote before…
<form action="process_options.py" method="post" >
…
…
</form>

• Both are HTTP request methods
• GET requests data from the server
• POST submits data to be processes on the server
• But…
– We can still use a GET request and provide some input to the server through the query string
– e.g.: silo.soic.indiana.edu:10053/cgibin/process_options.py?name1=value1&name2=valu e2

• GET requests…
– can be cached by the browser
– can be bookmarked
– remain in browser history
– have length restrictions
• POST requests…
– can't be cached, bookmarked or kept in the browser history
– don't have length restrictions

• GET requests…
– shouldn't be used when dealing with sensitive data
– should only be used to retrieve data
• POST requests
– should be used when user information (from forms) is submitted to the server

• Relevant to the Starting Page in Lab 5
– You need to be able to display a set of links to different quizes
– The quiz identifier can be submitted through the query string, e.g.
silo.soic.indiana.edu:10053/cgibin/take_quiz.py?quizid=123456789