Table of contents:

In the preceding two sections, we discussed two ways in which information may be passed between programs (or executions of the same program) through a browser. This section concentrates on storing state information on the client computer with cookies. Cookies are essentially small text files that a Web server sends to your browser, which then saves the cookies on your computer. Many Web sites use cookies to track users' progress through their site (as in a shopping-cart application) or to help customize the site for an individual user.

Cookies cannot break into your computer, nor can they erase your hard drive. However, they can be used to identify users and keep track of how often users visit a site or what users buy at a site. For this reason, cookies are considered to be a security and privacy concern. Popular Web browsers provide support for cookies. These browsers also allow users who are concerned about their privacy and security to disable this support. Most major Web sites use cookies. As a programmer, you should be aware of the possibility that cookies might be disabled by your clients. Figures 19.1519.17 use cookies to store and manipulate information about a user.

Figure 19.15. XHTML document containing a form to post data to the server

(This item is displayed on pages 943 - 944 in the print version)

"http://www.w3.org/1999/xhtml"> 9 10

 1  "1.0"?>
 2  "-//W3C//DTD XHTML 1.1//EN"
 3 "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
 4
 5 
 6 
 7
 8

Writing a cookie to the client computer 11 12 13

Click Submit to save your cookie data.

15 16 "post" action = "/cgi-bin/writecookie.cgi"> 17

Name:
18 "text" name = "name" /> 19

Age:
21 "text" name = "age" /> 22

Favorite Color:
24 "text" name = "color" /> 25

27 "submit" name = "button" value = "Submit" /> 28

29 30 31

Figure 19.15 is an XHTML page that contains a form in which values are to be input. The form posts its information to writecookie.cgi (Fig. 19.16). This CGI script retrieves the data contained in the CONTENT_LENGTH environment variable. Line 24 of Fig. 19.16 declares and initializes string expires to store the expiration date of the cookie, which determines how long the cookie resides on the client's machine. This value can be a string, like the one in this example, or it can be a relative value. For instance, "+30d" sets the cookie to expire after 30 days. For the purposes of this chapter the expiration date is deliberately set to expire in the year 2010 to ensure that the program will run properly well into the future. You may set the expiration date of this example to any future date as needed. The browser deletes cookies when they expire.

Figure 19.16. Writing a cookie.

(This item is displayed on pages 944 - 946 in the print version)

 1 // Fig. 19.16: writecookie.cpp
 2 // Program to write a cookie to a client's machine.
 3 #include 
 4 using std::cin;
 5 using std::cout;
 6
 7 #include 
 8 using std::string;
 9
10 #include 
11 using std::getenv;
12 using std::atoi;
13
14 int main()
15 {
16 char query[ 1024 ] = "";
17 string dataString = "";
18 string nameString = "";
19 string ageString = "";
20 string colorString = "";
21 int contentLength = 0;
22
23 // expiration date of cookie 
24 string expires = "Friday, 14-MAY-10 16:00:00 GMT";
25
26 // data was entered
27 if ( getenv( "CONTENT_LENGTH" ) )
28 {
29 contentLength = atoi( getenv( "CONTENT_LENGTH" ) );
30 cin.read( query, contentLength ); // read data from standard input
31 dataString = query;
32
33 // search string for data and store locations
34 int nameLocation = dataString.find( "name=" ) + 5;
35 int endName = dataString.find( "&" );
36 int ageLocation = dataString.find( "age=" ) + 4;
37 int endAge = dataString.find( "&color" );
38 int colorLocation = dataString.find( "color=" ) + 6;
39 int endColor = dataString.find( "&button" );
40
41 // get value for user's name
42 nameString = dataString.substr(
43 nameLocation, endName - nameLocation );
44
45 if ( ageLocation > 0 ) // get value for user's age
46 ageString = dataString.substr(
47 ageLocation, endAge - ageLocation );
48
49 if ( colorLocation > 0 ) // get value for user's favorite color
50 colorString = dataString.substr(
51 colorLocation, endColor - colorLocation );
52
53 // set cookie 
54 cout << "Set-Cookie: Name=" << nameString << "age:"
55  << ageString << "color:" << colorString 
56  << "; expires=" << expires << "; path=
"; 
57 } // end if
58
59 cout << "Content-Type: text/html

"; // output HTTP header
60
61 // output XML declaration and DOCTYPE
62 cout << ""
63 << "
64 << ""http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">";
65
66 // output html element and some of its contents
67 cout << ""
68 << "Cookie Saved";
69
70 // output user's information
71 cout << "

A cookie has been set with the following" 72 << " data:

Name: " << nameString << "

" 73 << "

Age: " << ageString << "

" 74 << "

Color: " << colorString << "

" 75 << "

Click <a href="">" 76 << "here</a> to read saved cookie data.

"; 77 return 0; 78 } // end main

After obtaining the data from the form, the program creates a cookie (lines 5456). In this example, we create a cookie that stores a line of text containing the name-value pairs of the posted data, delimited by a colon character (:). The line must be output before the header is written to the client. The line of text begins with the Set-Cookie: header, indicating that the browser should store the incoming data in a cookie. We set three attributes for the cookie: a name-value pair containing the data to be stored, a name-value pair containing the expiration date and a name-value pair containing the URL of the server domain (e.g., www.deitel.com) for which the cookie is valid. For this example, path is not set to any value, making the cookie readable from any server in the domain of the server that originally wrote the cookie. Note that these name-value pairs are separated by semicolons (;). We use only colon characters within our cookie data so as not to conflict with the format of the Set-Cookie: header. When we enter the same data as displayed in Fig. 19.15, lines 5456 store the data "Name=Zoeage:24color:Red" to the cookie. Lines 5976 send a Web page indicating that the cookie has been written to the client.

Portability Tip 19.1

Web browsers store the cookie information in a vendor-specific manner. For example, Microsoft's Internet Explorer stores cookies as text files in the Temporary Internet Files directory on the client's machine. Netscape stores its cookies in a single file named cookies.txt

Figure 19.17 reads the cookie written in Fig. 19.16 and displays the stored information. When a client sends a request to a server, the client Web browser locates any cookies previously written by that server. These cookies are sent by the browser back to the server as part of the request. On the server, the environment variable HTTP_COOKIE stores the client's cookies. Line 20 calls function getenv with the HTTP_COOKIE environment variable as the parameter and stores the returned value in dataString. The name-value pairs are decoded and stored in strings (lines 2334) according to the encoding scheme used in Fig. 19.16. Lines 3655 output the contents of the cookie as a Web page.

Figure 19.17. Program to read cookies sent from the client's computer.

(This item is displayed on pages 947 - 948 in the print version)

 1 // Fig. 19.17: readcookie.cpp
 2 // Program to read cookie data.
 3 #include 
 4 using std::cin;
 5 using std::cout;
 6
 7 #include 
 8 using std::string;
 9
10 #include 
11 using std::getenv;
12
13 int main()
14 {
15 string dataString = "";
16 string nameString = "";
17 string ageString = "";
18 string colorString = "";
19
20 dataString = getenv( "HTTP_COOKIE" ); // get cookie data
21
22 // search through cookie data string 
23 int nameLocation = dataString.find( "Name=" ) + 5; 
24 int endName = dataString.find( "age:" ); 
25 int ageLocation = dataString.find( "age:" ) + 4; 
26 int endAge = dataString.find( "color:" ); 
27 int colorLocation = dataString.find( "color:" ) + 6;
28
29 // store cookie data in strings
30 nameString = dataString.substr(
31 nameLocation, endName - nameLocation );
32 ageString = dataString.substr(
33 ageLocation, endAge - ageLocation );
34 colorString = dataString.substr( colorLocation );
35
36 cout << "Content-Type: text/html

"; // output HTTP header
37
38 // output XML declaration and DOCTYPE
39 cout << ""
40 << "
41 << ""http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">";
42
43 // output html element and some of its contents
44 cout << ""
45 << "Read Cookies";
46
47 if ( dataString != "" ) // data was found
48 cout << "

The following data is saved in a cookie on" 49 << " your computer

Name: " << nameString << "

" 50 << "

Age: " << ageString << "

" 51 << "

Color: " << colorString << "

"; 52 else // no data was found 53 cout << "

No cookie data.

"; 54 55 cout << ""; 56 return 0; 57 } // end main

Software Engineering Observation 19.2

Cookies present a security risk. If unauthorized users gain access to a computer, they can examine the local disk and view files, which include cookies. For this reason, sensitive data, such as passwords, social security numbers and credit card numbers, should never be stored in cookies.

Introduction to Computers, the Internet and World Wide Web

Introduction to C++ Programming

Introduction to Classes and Objects

Control Statements: Part 1

Control Statements: Part 2

Functions and an Introduction to Recursion

Arrays and Vectors

Pointers and Pointer-Based Strings

Classes: A Deeper Look, Part 1

Classes: A Deeper Look, Part 2

Operator Overloading; String and Array Objects

Object-Oriented Programming: Inheritance

Object-Oriented Programming: Polymorphism

Templates

Stream Input/Output

Exception Handling

File Processing

Class string and String Stream Processing

Web Programming

Searching and Sorting

Data Structures

Bits, Characters, C-Strings and structs

Standard Template Library (STL)