|
You don't need a Crystal Ball |
 |
|
to Search for Files |
| SearchWin Home |
| Article Home |
| Web Forms |
| Borderless Windows |
| Cookies-Part One |
| Cookies-Part Two |
| About Span and Div. |
| Using CSS-Part 1 |
| Using CSS-Part 2 |
| Using CSS-Part 3 |
| About DOCTYPE |
| Tables With XML |
 |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| In Part One, I discussed background information and
anatomy of cookies. In this issue, I'll discuss some specifics on using
cookies & some uses of cookies. To facilitate the discussion about using cookies, I've provided some basic javascript cookie functions - http://www.dalesplace.net/Cookhlp.zip. This discussion will focus on how to use cookies in web pages using these functions and some of the possible uses of cookies. I'm not going to discuss the mechanics of the designing javascript functions needed to take full advantage of cookies. Cookies - Getting Started Our basic cookie tool box contains these functions: 1) AllowCookie - check if a client accepts cookies 2) SetCookie - to place a cookie on a client machine 3) GetCookie - to return a previously placed cookie 4) DelCookie - to delete a cookie See the functions in cookhlp.zip for usage details. As mentioned, the primary purpose of cookies is to provide a means of remembering information from one web transaction to another. Reading and writing cookies can be initiated by a web page loading/unloading/changing or by a users actions. My "trivial example" requires user action - pushing a forms buttons. A page's onLoad and onUnLoad events provide a method to save or read cookie data without user intervention. The 'cookie enabled' example One is comprised of 4 web pages - a home page, a write cookie page, a read cookie page & a No cookie page. This trivial example demonstrates the very basics of writing and reading cookies. The home page checks during the page's onLoad event to see if the user's browser supports cookies & transfers to the No cookie page if cookies are not enabled. The read and write pages use forms and buttons to write and read data to cookie values. Data entered in the form's fields are saved in cookies and then read from the cookies and placed in another form's fields. Using Cookies Cookies have many possible uses. Trivial uses like how many times a visitor has been on a page/site or user's page preferences. They can be used to track a sequence of events or data entered in forms. Use of cookie data can be straight forward or as sophisticated as programmatically constructing a web page based on the data. Below are several scenarios to give you a feel for using cookies. Visitor counter - use a page's onLoad event to read your site's Counter_Cookie & increment it's value and then save it. If it equals one, it's a first time visitor > do something special? otherwise, use the value for your display. Download agreement - you want to verify a user has viewed your download agreement before allowing a download. Clicking the download link/button triggers transfer to the page containing the agreement. The agreement page has a "I AGREE" button which triggers writing a cookie of name Program_Name_Agreement with a value of 'yes' and then transfers to the actual download page. The download page's onLoad event reads Program_Name_Agreement cookie & only allows the download if it has a 'yes' value. Return to a web page - your site has a multi-page article and you want a user to be able to easily return to where they last were. Each page in the sequence uses it onUnLoad event to write a cookie named Sequence with a value of it's own name (abc.htm). Each page has a return-to-where-you-left-off link/button that when clicked will read the Sequence cookie and transfer the browser to that page or to the first page if the cookie doesn't exist. The last page deletes the cookie. Forcing pages to be viewed in sequence - a variation of the above technique but uses the page's onLoad event to read the cookie & do the transfer. Cookie Names It's important to remember that your site's base URL, domain(sub-domain), and any path information are part of a cookies name and cookies are returned based on those values. More specific values return all matches that are more general. An example: site dalesplace.net and it has a path 'download' (dalesplace.net/download/). A cookie name ABC is written without path information and a second cookie DEF is written with path "/download". A read cookie request without path information will return only cookie ABC. A read cookie request containing path "/download" will return both cookie ABC and DEF. Similiar rules apply for sub-domains, e.g., server2.dalesplace.net. There is nothing that prevents use of duplicate cookie names but doing so can cause you problems. Consider, I set cookie ABC without path information, and cookie ABC with path "/download". A read cookie request without path correctly returns ABC. A read cookie with path "/download" returns ABC & ABC in the order of most general first - so I end up with the value of the cookie without the path information rather than the one with the path information. Cookie Expires and Max-Age If a server uses HTTP ver. 1.0 a cookies life is determined with expires. Beginning with ver. 1.1 cookies use Max-Age. Expires is a future date, format Wdy, DD-Mon-YY HH:MM:SS GMT when the cookie ceases to be valid. Max-Age defines the lifetime of the cookie, in seconds. Cookies without expires/Max-age data are considered session cookies. They exist only for the current web session and are not saved to disk. When a cookie reaches it expire date/Max-Age it is no longer valid i.e., it will not be returned with a cookie request, and may be deleted by the browser. For example, you want the download agreement to only be valid for one month, set the expires date to today's date + one month. Cookie Integrity Remember that cookies are plain text files on a users system. Nothing prevents a user from modifying them. In fact, one published technique to "foil" a sites cookies (using IE as the browser) is to edit the cookie, deleting it's content and then saving it as read only. If you want to rely on cookie data, consider using a checksum or other technique to make sure the data has not been changed. Also, remember that cookies should not be used for 'private' data such as credit card or other personal information unless a secure encryption technique is used. Some web hosting servers have such functions available. Cookie resources http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc2109.html http://www.netscape.com/newsref/std/cookie_spec.html http://www.cookiecentral.com/ http://www.webreference.com/js/column8/http.html |