📄 ch11_03.htm
字号:
<?label 11.3. Client-Side Cookies?><html><head><title>Client-Side Cookies (CGI Programming with Perl)</title><link href="../style/style1.css" type="text/css" rel="stylesheet" /><meta name="DC.Creator" content="Scott Guelich, Gunther Birznieks and Shishir Gundavaram" /><meta scheme="MIME" content="text/xml" name="DC.Format" /><meta content="en-US" name="DC.Language" /><meta content="O'Reilly & Associates, Inc." name="DC.Publisher" /><meta scheme="ISBN" name="DC.Source" content="1565924193L" /><meta name="DC.Subject.Keyword" content="stuff" /><meta name="DC.Title" content="CGI Programming with Perl" /><meta content="Text.Monograph" name="DC.Type" /></head><body bgcolor="#ffffff"><img src="gifs/smbanner.gif" alt="Book Home" usemap="#banner-map" border="0" /><map name="banner-map"><area alt="CGI Programming with Perl" href="index.htm" coords="0,0,466,65" shape="rect" /><area alt="Search this book" href="jobjects/fsearch.htm" coords="467,0,514,18" shape="rect" /></map><div class="navbar"><table border="0" width="515"><tr><td width="172" valign="top" align="left"><a href="ch11_02.htm"><img src="../gifs/txtpreva.gif" alt="Previous" border="0" /></a></td><td width="171" valign="top" align="center"><a href="index.htm">CGI Programming with Perl</a></td><td width="172" valign="top" align="right"><a href="ch12_01.htm"><img src="../gifs/txtnexta.gif" alt="Next" border="0" /></a></td></tr></table></div><hr align="left" width="515" /><h2 class="sect1">11.3. Client-Side Cookies</h2><p>As <a name="INDEX-2290" /> <a name="INDEX-2,291" /> <a name="INDEX-2,292" />we mentioned, there are problems withboth of the approaches for maintaining state discussed earlier. Mostimportantly, if users travel to other web sites and return, there isa good chance that their state information will be lost.</p><p>Cookies (originally called "magic cookies") were createdby Netscape as a solution to this problem. Cookies allow the webserver to ask the <a name="INDEX-2293" /><a name="INDEX-2294" />browser for small amounts ofinformation on the client machine. Netscape's original proposalwas adopted by most web browsers and has become the standard mannerfor handling cookies. RFC 2109, <em class="citetitle">HTTP State ManagementMechanism</em>, which was coauthored by a representative ofNetscape, proposed a new protocol for handling cookies. However,browsers have not adopted this new protocol so Netscape'soriginal protocol continues to be the de facto standard.</p><p>When a user requests a document, a web server can provide the webbrowser with one or more cookies along with the documents. Thebrowser adds the cookie to its cookie jar (so to speak) and can passthe cookie back to the server on subsequent requests. As a result, wecan store simple information, such as a <a name="INDEX-2295" />session identifier, on the client sideand use it to reference more complex data we maintain on the serverside.</p><p>Cookies are ideal for <a name="INDEX-2296" /><a name="INDEX-2297" />web document personalization. Forexample, when a user visits our server for the first time (a missingcookie indicates a first time user), we present the user with a formasking for specific preferences. We store these preferences ascookies, and so every subsequent time users visit our site, they willsee documents that match their individual preferences only.</p><p><a name="INDEX-2298" />Cookies do have restrictions. First,clients do not always accept cookies. Some browsers did not supportcookies (though these browsers are becoming less common), and manyusers disable cookies due to privacy concerns. We will look at how totest for cookies later in this section.</p><p>Second, there are restrictions placed on cookie size and the numberof cookies. According to Netscape's original cookiespecification, no cookie can exceed 4KB, only twenty cookies areallowed per domain, and a total of 300 cookies can be stored on theclient side. Some browsers may support more than this, but you shouldnot assume this.</p><a name="ch11-1-fm2xml" /><div class="sect2"><h3 class="sect2">11.3.1. Setting Cookies</h3><p>How do <a name="INDEX-2299" />cookies work? When a CGI applicationidentifies a new user, it adds an extra header to its responsecontaining an identifier for that user and other information that theserver may collect from the client's input. This header informsthe cookie-enabled browser to add this information to theclient's cookies file. After this, all requests to that URLfrom the browser will include the cookie information as an extraheader in the request. The CGI application uses this information toreturn a document tailored to that specific client. Because cookiescan be stored on the client user's <a name="INDEX-2300" />harddisk, that information can even remain when the browser is closed andreopened.</p><p>In order to set a cookie, you send a<em class="emphasis">Set-Cookie</em><a name="INDEX-2301" />HTTP header to the browser with a number of parameters for the cookieyou wish to set. The browser then returns the cookie in its<em class="emphasis">Cookie</em><a name="INDEX-2302" /><a name="INDEX-2303" /> header. The<em class="emphasis">Set-Cookie</em> header is formatted as follows:</p><blockquote><pre class="code">Set-Cookie: cart_id=12345; domain=.oreilly.com; path=/cgi; expires=Wed, 14-Feb-2001 05:53:40 GMT; secure</pre></blockquote><p>In this example, the name of the cookie is<tt class="literal">cart_id</tt>, the value is <tt class="literal">12345</tt>,and the rest of the parameters are set as name-value pairs except for<tt class="literal">secure</tt>, which never has a value -- it is eitherpresent or not. <a href="ch11_03.htm#ch11-68491">Table 11-2</a> shows a list of the<a name="INDEX-2304" /><a name="INDEX-2305" />parameters that you can set with acookie<em class="citetitle">.</em></p><a name="ch11-68491" /><h4 class="objtitle">Table 11-2. Netscape Cookies Parameters</h4><table border="1"><tr><th><p>HTTP Cookie Parameter</p></th><th><p>CGI.pm cookie( ) Parameter</p></th><th><p>Description</p></th></tr><tr><td><p><em class="emphasis">Name</em></p></td><td><p><tt class="literal">-name</tt></p></td><td><p>The name given to the cookie; it is possible to set multiple cookieswith different names and attributes.</p></td></tr><tr><td><p><em class="emphasis">Value</em></p></td><td><p><tt class="literal">-value</tt></p></td><td><p>The value assigned to the cookie.</p></td></tr><tr><td><p><em class="emphasis">Domain</em></p></td><td><p><tt class="literal">-domain</tt></p></td><td><p>The browser will only return the cookie for URLs within this domain.</p></td></tr><tr><td><p><em class="emphasis">Expires</em></p></td><td><p><tt class="literal">-expires</tt></p></td><td><p>This tells the browser when the cookie expires.</p></td></tr><tr><td><p><em class="emphasis">Path</em></p></td><td><p><tt class="literal">-path</tt></p></td><td><p>The browser will only return the cookie for URLs below this path.</p></td></tr><tr><td><p><em class="emphasis">Secure</em></p></td><td><p><tt class="literal">-secure</tt></p></td><td><p>The browser will only return the cookie for secure URLs using the<em class="emphasis">https</em> protocol.</p></td></tr></table><p><a name="INDEX-2306" />CGI.pm supportscookies, so you can generate the header above via the followingcommands:</p><blockquote><pre class="code">my $cookie = $q->cookie( -name => "cart_id", -value => 12345, -domain => ".oreilly.com", -expires => "+1y", -path => "/cgi", -secure => 1 );print "Set-Cookie: $cookie\n";</pre></blockquote><p>However, there's no need to<a name="INDEX-2307" />print the<em class="emphasis">Set-Cookie</em> header manually because CGI.pm willformat it for you along with other HTTP headers:</p><blockquote><pre class="code">print $q->header( -type => "text/html", -cookie => $cookie );</pre></blockquote><p>A browser that receives this cookie and accepts it will send it backfor all future secure connections to any URL that includes a domainending in <em class="emphasis">.oreilly.com</em> and a paththat starts with <em class="emphasis">/cgi</em>. Forexample, if the browser requests the URL <em class="emphasis">https://www.oreilly.com/cgi/store/checkout.cgi</em>,it will supply the following header:</p><blockquote><pre class="code">Cookie: cart_id=12345</pre></blockquote><p>This raw <a name="INDEX-2308" /><a name="INDEX-2309" /> <a name="INDEX-2,310" /><a name="INDEX-2311" />name-valuepair is available in the HTTP_COOKIE environment variable or viaCGI.pm's <tt class="function">raw_cookie</tt> method, but it is muchsimpler to have<a name="INDEX-2312" />CGI.pm parse cookies for you. To getthe value of a cookie, call the<tt class="function">cookie</tt><a name="INDEX-2313" /> method with the name of the cookie youwant:</p><blockquote><pre class="code">my $cookie = $q->cookie( "cart_id" );</pre></blockquote><p>The following restrictions apply to the<a name="INDEX-2314" />parameters that you provide whensetting cookies:</p><ul><li><p><em class="emphasis">Name</em> and <em class="emphasis">value</em> can includeany characters. CGI.pm will automatically URL-encode any specialcharacters. <em class="emphasis">Name</em> and <em class="emphasis">value</em>are both required parameters.</p></li><li><p><em class="emphasis">Domain</em> must match the domain name of the serversetting the cookie. Domains are matched from right to left, so<em class="emphasis">.oreilly.com</em> matches <em class="emphasis">www.oreilly.com</em> as well as <em class="emphasis">server3.oreilly.com</em> or even <em class="emphasis">fred.sf.oreilly.com</em>.</p><p>Domains ending with a three-character top-level domain, such as<em class="emphasis">.com</em>, <em class="emphasis">.net</em>, <em class="emphasis">.org</em>, etc., must contain at least two dots.Country top-level domains, such as <em class="emphasis">.au</em>, <em class="emphasis">.uk</em>,<em class="emphasis">.ca</em>, etc., require at least threedots. This prevents someone from setting a cookie for a large commondomain such as <em class="emphasis">.com</em> or<em class="emphasis">.co.uk</em>.</p>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -