1 client identification and cookies herng-yow chen
TRANSCRIPT
1
Client Identification and Cookies
Herng-Yow Chen
2
Outline HTTP headers that carry information
about user identification Client IP addressing tracking User login, using authentication to
identify users Fat URLs, a technique for embedding
identify in URLs Cookies, a technique for maintaining
persistent state
3
HTTP Headers
Header name
Header type Description
Form Request User’s email address
User-Agent Request User’s browser software
Referer Request Page user came from by following link
Authorization Request Username and password(discussed later)
Client-ip Extension(Request)
Client’s IP address(discussed later)
X-Forwarder-For
Extension(Request)
Client’s IP address(discussed later)
Cookie Extension(Request)
Server-generated ID label(discussed later)
4
Client IP Address
serverclientProxy server
56.41.11.4Client-ip:56.41.11.4X-Forwarded-For:209.172.34.56
209.172.34.56
5
User Login(a)
(b)
serverclient
Internet
GET /index.html HTTP/1.0Host: www.joes-hardware.com
serverclient
Internet
HTTP/1.0 401 Login RequiredWWW-authenticate: Basic realm="Plumbing and Fixtures"
6
User Login(c)
(d)
serverclient
Internet
GET /index.html HTTP/1.0Host: www.joes-hardware.comAuthorization: Basic am910jrmdw4=
serverclient
Internet
HTTP/1.0 200 OKContent-length: 4342Content-type: text/html…
7
Cookie Jar: Client-Side State
serverclient
(a)
(b)
(c)
server
server
client
client
Internet
Internet
GET /index.html HTTP/1.0Host: www.ncnu.edu.tw
HTTP/1.0 200 OKSet-cookie: id=“34294”; domain=“www.ncnu.edu.tw”Content-type: text/htmlContent-length: 1903…
Id=34294
Id=34294Internet
Cookie
Set-Cookie
GET /index.html HTTP/1.0Host: www.ncnu.edu.twCookie: id=“34294”
8
Different Cookies for Different Sites
Can open MISE cookies inA text viewer program Name=“session-id-time“
Value=“1068624000”Domain/path=“amazon.com”
Proprietary format forOther attributes
Coookie
Coookie
Each cookie file has cookiesFor a particular site;the cookiesAre stored in text lines,one afterThe other
9
Cookie Ingredients
Title Description Location
Persistent Client State: HTTP Cookies
Original Netscape cookie standard
http://home.netscape.com/newsref/std/cookie_spec.html
RFC2965:HTTP State Management Mechanism
October 2000 cookie standard, obsoletes RFC2109
http://www.ietf.org/rfc/rfc2965.txt
10
Version 0 Set-Cookie header
MAME=VALUE Expires Domain Path Secure
11
Version1(RFC 2965) Set-Cookie2 attributes
NAME=VALUE Version Comment CommentURL Discard Domain Max-Age Path Port Secure
12
Cookies and Caching
server
client
GET / HTTP/1.0Host: www.amazon.com
Http/1.1 302 FoundLocation: http://www.amazon.com:80/exc/obidos/subst/home/redirect.html
GET /exc/obidos/subst/home/redirect.html HTTP/1.0Host: www.amazon.com
HTTP/1.1 302 FoundDate: Wed, 05 Nov 2003 14:05:19 GMTSet-Cookie: session-id=103-6021036-0351066; Path=/; Domain=.amazon.com; expires=Sunday, 10-Nov-2003 20:00:00 GMTSet-Cookie: session-id-time=1068624000; Path=/; Domain=.amazon.com; expires=Sunday, 10-Nov-2003 20:00:00 GMT
(a)
(b)
(c)
(d)
13
Cookies and Caching
client
GET /exc/obidos/subst/home/redirect.html/103-6021036-0351066 HTTP/1.0Host: www.amazon.comCookie: session-id=103-6021036-0351066; session-id-time=1068624000
HTTP/1.1 302 FoundDate: Wed, 05 Nov 2003 14:30:55 GMTSet-Cookie: ubid-main=430-2474191-8563948; Path=/; Domain=.amazon.com; expires=Tuesday, 10-Nov-2035 20:00:01 GMTSet-Cookie: x-main="hQ...bf"; Path=/; Domain=.amazon.com; expires=Tuesday, 10-Nov-2035 20:00:01 GMTLocation: http://www.amazon.com/exec/obidos/subst/home/home.html/103-6021036-0351066
server(e)
(f)
14
Cookies and Caching
GET /exc/obidos/subst/home/redirect.html/103-6021036-0351066 HTTP/1.0Host: www.amazon.comCookie: session-id=103-6021036-0351066; session-id-time=1068624000; ubid-main=430-2474191-8563948; x-main="hQ...bf"
client
server(g)
(h)
15
For More Information
Cookies Simon St.Laurent,McGraw-Hill
http://www.ietf.org/rfc/rfc2965.txt HTTP State Management Mechanism
http://www.ietf.org/rfc/rfc2964.txt Use of HTTP State Management
http://home.netscape.com/newsref/std/cookie_spec.html
“PERSISTENT CLIENT STATE:HTTP COOKIES“