Page 264 - DCAP408_WEB

Page 264 - DCAP408_WEB_PROGRAMMING

P. 264

Web Programming

Notes When searching the cookie list for valid cookies, a comparison of the domain attributes of the
cookie is made with the Internet domain name of the host from which the URL will be fetched.
If there is a tail match, then the cookie will go through path matching to see if it should be sent.
“Tail matching” means that domain attribute is matched against the tail of the fully qualified
domain name of the host. A domain attribute of “acme.com” would match host names
“anvil.acme.com” as well as “shipping.crate.acme.com”.
Only hosts within the specified domain can set a cookie for a domain and domains must have at
least two (2) or three (3) periods in them to prevent domains of the form: “.com”, “.edu”, and
“va.us”. Any domain that fails within one of the seven special top level domains listed below
only require two periods. Any other domain requires at least three. The seven special top level
domains are: “COM”, “EDU”, “NET”, “ORG”, “GOV”, “MIL”, and “INT”.

The default value of domain is the host name of the server which generated the cookie response.
path=PATH
The path attribute is used to specify the subset of URLs in a domain for which the cookie is valid.
If a cookie has already passed domain matching, then the pathname component of the URL is
compared with the path attribute, and if there is a match, the cookie is considered valid and is
sent along with the URL request. The path “/foo” would match “/foobar” and “/foo/bar.html”.
The path “/” is the most general path.
If the path is not specified, it as assumed to be the same path as the document being described by
the header which contains the cookie.
Secure

If a cookie is marked secure, it will only be transmitted if the communications channel with the
host is a secure one. Currently this means that secure cookies will only be sent to HTTPS (HTTP
over SSL) servers.
If secure is not specified, a cookie is considered safe to be sent in the clear over unsecured channels.

Syntax of the Cookie HTTP Request Header

When requesting a URL from an HTTP server, the browser will match the URL against all
cookies and if any of them match, a line containing the name/value pairs of all matching
cookies will be included in the HTTP request. Here is the format of that line:
Cookie: NAME1=OPAQUE_STRING1; NAME2=OPAQUE_STRING2 ...

11.3.1 Practical Uses for Cookies

Cookies were created to maintain user information and to customize web sites. In many cases,
they make it easier to navigate and use the Internet.

Example: Upon are first visit to a site the user are often asked to register by giving name
and a password for access to that site. The site will then place a cookie on the user’s hard drive,
which contains that information. When the user return to that site, the cookie is retrieved and
read and the web site “recognizes” the user as an authorized guest. This means that the user only
have to register once, instead of having to enter information every time the user access the site.

Because cookies allow a site to know who you are, they can customize information for you. It’s like
going into a store where the salesperson knows you personally and knows your preferences so he
or she is able to present you with customized merchandise in order to make your shopping easier.

258 LOVELY PROFESSIONAL UNIVERSITY

259 260 261 262 263 264 265 266 267 268 269