1 / 23

E-Commerce: Fundamentals and Applications

E-Commerce: Fundamentals and Applications. Chapter 6 : Server-Side Programming III Session Tracking. Outline. What is session tracking in Web applications Traditional session tracking techniques Hidden form field URL rewriting HTTP user authorization Cookies.

cassie
Download Presentation

E-Commerce: Fundamentals and Applications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. E-Commerce: Fundamentals and Applications Chapter 6 : Server-Side Programming III Session Tracking

  2. Outline • What is session tracking in Web applications • Traditional session tracking techniques • Hidden form field • URL rewriting • HTTP user authorization • Cookies

  3. A realistic case in session tracking: shopping in VBS • To implement a simple virtual store such as the e-pizza ordering store as shown in Fig. 6.1, users are usually provided with an electronic form (e-form) to fill in the order. After submitting the form to the server, the order can then be processed accordingly. • The above approach is fine for a "simple e-retail business", which carries a small number of products. • However, for large e-retail businesses, it is impractical to put all the products into a single e-form.

  4. Pizza Order Scenario Using the e-Form Mechanism (Fig. 6.1)

  5. A realistic case in session tracking: shopping in VBS (cont.) • Let us look at the "physical" shopping scenario, for example shopping in a supermarket. The shopping process is as follows: • enter the supermarket; • get a shopping cart; • walk around the store; • choose the goods and put them into the shopping cart; and • finally check out at the cashier's counter. • To emulate the above shopping process in the cyber world, we need to implement a shopping cart.

  6. A realistic case in session tracking: shopping in VBS (cont.) • To implement shopping cart object, there are two issues to be resolved: • The first one is how to assign and map a“shopping cart” to a user. Note that in most B2C e-commerce system, a user does not need to log into the system before shopping. • The second issue is how to keep track of the shopping cart and its content. • Example: • During an e-shopping situation, we may access the VBS, get a shopping cart and then browse another Web site for a while before returning to the VBS again. • The challenge is how can we "get back" the previous shopping cart to continue shopping instead of restarting from the beginning? The solution is Session Tracking.

  7. Traditional session tracking techniques • To support session tracking for Web-based applications, a number of techniques have been developed. The most common ones are: • Hidden form field; • URL rewriting; • HTTP user authorization; • Cookies.

  8. Hidden Form Field (HFF) - A Perspective • As part of the HTML standard, "Hidden Form Field" provides a simple solution to session tracking. • In the Advance Book Search (Chap 5), hidden form field technique have be used as follows: • First, the user browses the "Advanced Book Search" Web page, which provides an interface for the user to fill in the search criteria • After submitting the form to the VBS Web server, the corresponding servlet is launched by parsing the search criterion and executes the SQL statement. • Once the search result is obtained, the program formats the information using the HTML and returns it to the user • If the search result consists of multiple pages, some page pointers are presented for the user to go to the desired page. • The program uses the hidden form field to return the search criteria together with the previous ISBN of the book being displayed. Hence the books can be displayed accordingly.

  9. Hidden Form Field for shopping cart • To implement a shopping cart using the "Hidden Form Field", we can define a hidden field element called "username" in an HTML form. • This can be used to keep track of the user session and hence the shopping cart. <FORM ACTION="your_program" METHOD="POST"> <INPUT TYPE = “HIDDEN” NAME="username" VALUE="ray"> …. </FORM>

  10. Simple book ordering using HFF • We use a simple example to demonstrate how to implement a “Simple Book Store” using the "Hidden Form Field" for session tracking. The system flow of this "Simple Book Store" is shown in Figure 6.2. • The simple bookstore consists of FOUR major modules as follows • Bookorder.html – This is the home page or "front-door" of the whole system. • DisplayorderHFF - This servlet program is used to display the selected book(s). • ShoppingHFF – This servlet program allows users to continue shopping by 1) consolidating the previous book selection; and 2) displaying the book list again for selection. • Check out – This allows the user to “check out”.

  11. book + sbook Displayorder Shopping Check Out Bookorder.html HFF HFF book book System Flow Diagram for Simple Bookstore Using HFF (Fig. 6.2)

  12. Simple book ordering using HFF (cont.) • As shown in Fig. 6.3, the Bookorder.html file provides the "main entry" for the whole system. • The HTML page consists of a simple book list and three buttons. A user can either: • click "Clear" button to reset the book selection; • click "Put to Cart" button to "put" the selected item(s) into the shopping cart; or • click "Check out" button to exit. Note that no matter which button is selected, the request is handled by the same server-side program. The parameter value of the "submit" button is used to identify the action required.

  13. Pros & Cons of using Hidden Form Fields • Pros: • The major advantage of using the "Hidden Form Field" is its simplicity. • As part of the HTML standard, it is supported by all browsers and therefore it can be easily implemented in all the major Web programming environments such as CGI programming, servlet programming, etc. • Cons: • However if we want to keep track of a lot of information, passing information using hidden form fields may be clumsy from the implementation point of view.

  14. URL Rewriting • There are two commonly used methods to identify a session using URL rewriting: Method (1) To add an extra directory path to the original URL Method (2) To add additional parameters at the end of the URL • E.g. Suppose that the original URL is http://www.comp.polyu.edu.hk/Servlet/welcome/hello • A user with session identity 007 will access the URL as • Using method (1) - Not supported in PHP • http://www.comp.polyu.edu.hk/Servlet/welcome/007/hello Note: each user is assigned a different directory path so that the Web server can identify the client accordingly. • Using method (2) http://www.comp.polyu.edu.hk/Servlet/welcome/hello?sessionid=007 Note: In this case, the program knows that the request is from the session with ID of 007.

  15. URL Rewriting - Pros & Cons • Pros: • URL Rewriting provides an easy-to-implement solution to session tracking. • Cons: • The "Adding an Extra Path" method may not work well for complex applications and the "Adding an Extra Parameter" method can only be used with the "GET" command, but not the "POST" command. • As the POST command is often used in HTML forms, it applicability is quite limited.

  16. HTTP user authorization • What is HTTP user authorization? • This method supports session tracking by means of the HTTP "User Authorization" response header. Authentication is done by asking the user to provide his username and password. • How can User Authorization be done for session tracking? • Example: • The Web server is configured to use the WWW authentication scheme. • When a user accesses the Web server for the first time, he needs to fill in the username and password for authentication • The information is then passed to the Web server for authentication. • Once the Web server identifies the user, appropriate actions can be taken for that user.

  17. Sample Page for a Web Site that Needs User Authorization (Fig. 6.8)

  18. HTTP user authorization: Pros & Cons • Pros: • The major advantage of using User Authorization is that it is a "standard" feature of the HTTP so it is supported by all Web servers. • It can be implemented easily. • In fact, User Authorization is still commonly used in many contemporary Web systems, especially in Intranets. • Cons: • Users must be pre-registered with the Web server. Therefore it may not be suitable for B2C e-commerce system because the customers may not have any relationship with the company. • Simultaneous login cannot be supported. In other words, a user cannot establish more than one session with the same site.

  19. Session tracking using Cookies • In summary, cookies are "tiny" pieces of information stored in the client browser. • In an e-shopping scenario, one can use cookies for session tracking as follows: • When a user accesses a B2C Web site for the first time, the Web server asks for the user information (e.g. username). Then the Web server can ask the client browser to "store" a cookie by including this cookie in the HTTP response header. For example, Set-Cookie: Username=ray The cookie with Username=ray is then stored in the client browser for later use. • Each time the user returns to the Web site, the client browser will send this cookie in the HTTP request message. Hence the cookie can be used for session tracking purpose.

  20. Using Cookies: Pros & Cons • Pros: • Cookies are the most commonly used method for supporting session tracking. • They are easy to implement as most server-side programming tools provide API for managing cookies. • Cookies are supported by nearly all browsers. In fact, the use of cookies is standardized in RFC 2109. • Cons • A cookie can only store a limited amount of information. • There are security concerns in using cookies because it involves saving something on the client side.

  21. Servlet session tracking • Java servlet API provides a set of classes, namely the Session Tracking API, to handle session tracking. • The advantages of using this API are as follows: • It can be used in any servlet program with little additional programming effort. • Similar to Cookies • Stored in memory of client computer

  22. Session tracking: How does it work? • Let us look at how session tracking can be applied for our store as follows: • When a user visits the store for the first time, the servlet engine will automatically assign a session ID to the user. The session ID is passed to the user using the “Set-Cookie” command such as Set-cookie: Session id= 9786421343242 • Once the client’s browser gets this cookie, the cookie and hence the session ID will be stored. • Whenever the user returns to the store, the client browser sends this cookie (i.e. the session ID) to the Web server. • By identifying the session ID, the corresponding shopping cart can be retrieved for shopping.

  23. System Flow of SessionDemo program(Fig. 6.10)

More Related