-------------------------------------------------------------------- SearchWin2000.com's Developer Tip -------------------------------------------------------------------- TODAY'S DEVELOPER TIP: Cookies -- the good and the bad ==================================================================== SPONSORED BY: MKS Software ==================================================================== The Power of UNIX on Windows with MKS Toolkit. Integrate UNIX and Windows software development on a single developer system and solve both interoperability and cross-platform needs. These powerful utilities help save time and increase the productivity of your team on Windows platforms. Call 800-637-8034; +1 (703) 803-3343. Order your FREE Cross-Platform Development Guide at http://ad.doubleclick.net/clk;3225148;5058249;j?http://www.mkssoftware.com/docs/cpdg. MKS Toolkit See It. Try It. Buy it at http://ad.doubleclick.net/clk;3225170;5058249;e?http://www.mkssoftware.com/eval/ ==================================================================== "Cookies -- the good and the bad" By Kyle D. Lutes If you want to do something useful with your Web applications, you need to save state information on visitors to a given page. This tip, excerpted from InformIT, tells one way to do that using cookies. But there are downsides to cookies. The full tip on the site discusses other ways of saving state information. -------------------------------------------------------------------- Any real Web application will need to retain state information, so Web application developers use several coding techniques to retain state. One technique for retaining state is to use cookies. With cookies, the Web application on the server sends information to the browser, along with a request that the browser save the information. If the browser supports cookies, the data is written to a special file on the user's computer. Whenever the data is needed again, the Web application can ask the browser to send the same data back to the server. Netscape introduced cookies with the first version of its browser. Since then, the World Wide Web Consortium (W3C) has endorsed a cookie standard, and now most modern Web browsers support cookies. The ASP Response and Request objects both have a cookies collection property that makes writing and reading cookies easy. For example, if an application needs to remember a user's e-mail address, it can save the data to a cookie using code like this: Response.Cookies("EmailAddr") = "[EMAIL PROTECTED]" A cookie created like this will be destroyed when the user leaves the Web site. To make it persistent, an expiration date must be specified. For example, to remember the user's e-mail address for the next 30 days, the following code can be used: Response.Cookies("EmailAddr") = "[EMAIL PROTECTED]" Response.Cookies("EmailAddr").Expires = Now + 30 Your application can then later attempt to retrieve the user's e-mail address from the cookie using the Request object. Here's an example: EmailAddr = Request.Cookies("EmailAddr") If the cookie doesn't exist on the client, the EmailAddr variable will contain an empty string. Using cookies to retain state information is easy enough to code, but it's far from an ideal solution to the statelessness of HTTP. Each cookie should not exceed 4KB, each server or domain is allowed only 20 cookies and servers should not expect a client to store more than 300 total cookies. State information is transmitted back and forth between the browser client and server, thus increasing data transmission times. But arguably the biggest disadvantage of cookies is that some users consider persistent cookies to be an invasion of their personal privacy. Persistent cookie data is stored in files on the user's computer, so there is the potential that it could be used for purposes other than the original intent. For example, it could be used to track the sites that an individual visits. To see for yourself, the next time you borrow someone's PC, browse their cookies if you want to see what they do on the Web. Recent versions of MS IE store cookie information in a folder aptly named "Cookies" under the Windows folder, and Netscape Navigator stores all cookie information in a single cookies.txt file. A cookie created by an application on one server can't be retrieved by an application on another. That's the theory, anyway. But both Netscape Navigator and MS IE have at some time contained flaws that allowed cookies to be read by a site other than the site that created the cookie, and advertising firms such as DoubleClick use cookies to provide so-called personalized marketing services to Web sites. A program running on the user's PC can also easily access the cookie files. Whether cookies are good or evil is not something this author wishes to debate, but it's interesting to note that the use of persistent cookies by government Web sites was deemed a violation of federal privacy regulations, and they have been banned in almost all circumstances. So, even if most modern Web browsers support the cookie protocol, they also recognize that cookies are controversial -- and offer options that allow the user to disable them. This means that as a Web application developer, you cannot be certain that your application will be able to store state information in a cookie. Assuming that all users of your Web application will have cookies enabled is definitely a bad assumption, especially if you are developing an application for an e-commerce site that needs to work for as many users as possible. To read this full tip, click the link below to visit InformIT. You have to register there, but registration is free. [http://www.informit.com/myinformit/login/index.asp?session_id={5FC2BC5F-A158-432D-8521-EDAFBC0AAAB4}&t={6373D50E-EF0B-4084-B8A7-032653E262E2}&n={C91333F7-5914-48BA-A3E9-03F6FEE1A470}] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Have you heard about searchWin2000's newest feature? If you're responsible for the managing your company's network, you should visit our new micro-portal, searchWindowsManageability. Register today at http://searchwindowsmanageability.techtarget.com/. ==================================================================== WIN! WIN! WIN! ==================================================================== This month's tip contest is in full swing. Don't miss out on your change to win. Submit a tip today and you'll be eligible to win a set of Klipsch ProMedia 2.1 THX Certified Multimedia Speakers! Just go to http://searchwin2000.techtarget.com/tipsHallOfFame/0,289489,sid1_prz758210_cts758207,00.html. ==================================================================== FEATURED BOOK -------------------------------------------------------------------- "Cookies" Author: Simon St. Lauren Publisher: McGraw-Hill Published: Mar. 1998 Let Simon St. Laurent give you the full picture of how cookies fit into your Web tooklit and how they work with other tools: the truth about cookies' power to invade privacy, spread viruses and breach security; details to help you create cookies with maximum functionality, including client-side cookie scripting and server-side cookie applications; step-by-step instructions on delivering content tailored to individual users; insights into the latest improvements to the cookie standard and new specifications from Microsoft and Netscape/VeriSign, including the Open Profiling Standard; sample cookie files and code; advice on blending cookies and Java; better ways to track site usage; simulated cookies for browsers that can't handle them; alternative routes when users hostile to cookies have turned them off; the lowdown on higher=level user verification methods, such as digital signatures and encryption; site architecture considerations. http://www.digitalguru.com/dgstore/product.asp?isbn=0070504989&ac_id=73 ==================================================================== If you would like to sponsor this or any techtarget newsletter, please contact Mike Kelly at mailto:[EMAIL PROTECTED]. ==================================================================== If you no longer wish to receive this newsletter simply reply to this message with "REMOVE" in the subject line. Or, visit http://searchWin2000.techtarget.com/register and adjust your subscriptions accordingly. If you choose to unsubscribe using our automated processing, you must send the "REMOVE" request from the email account to which this newsletter was delivered. Please allow 24 hours for your "REMOVE" request to be processed.
