http://www.chrispearson.org/pages/programming/javascript/wineshop.asp
09h14
Wednesday, 8. October 2008

THE WINE SHOP

It's often necessary to get information to persist between a web site's pages. It isn't always easy (or possible) to maintain state on the server. Although connections which stay alive between requests to the server are commonplace, especially in .NET applications, there is still a place for managing data at the client end.

The Wine Shop is based on an order picking requirement from 1999 - the dark days when we still worried about bandwidth and server performance - which I've updated as an e-commerce scenario for 2002.

Although cookies have enjoyed a rather poor press over the years it has proabably been overly harsh and this project shows how they can be effectively used to provide a solution that moves the application's intelligence away from server-side scripting and improves bandwidth usage.

This is The Wine Shop. As e-commerce sites go it's oven-ready if a little basic - I rather like the presentation . . .

 

The coding examples used in
The Wine Shop site are discussed in
The Wine Shop: How it works
The Wine Shop site demonstrates some practical uses of cookies, with examples of writing cookies, adding to a site's cookies, reading data back from cookies and selectively deleting them.

The site provides a home page from which two shopping areas can be accessed.

There is an option to review the contents of your shopping basket and another to move to the checkout to process your order.

What are cookies and what do they do?

Cookies sit doing nothing - Waiting to be read back by a page from the same server that wrote them in the first place.

The site is divided into a home page, two shopping departments - one stocking white wines and the other red wines - and the checkout area.

There is also a page which reports back on the contents of your basket.

As shown here

Home page : default.htm
White whites whites.htm
Red wines reds.htm
Review basket mybasket.htm
Checkout checkout.htm

Notice that these are all HTML pages: There is no server-side scripting - No .ASP or .PHP pages.

Quite a lot of the code is written in-line. In a production environment you would probably write functions and call them when necessary. I have placed the code in line to allow for context-specific comments and for general clarity.

The cookie functionality is explored in the sections on the page The Wine Shop: How it works

These sections refer to elements of the functionality scripted into The Wine Shop site

The site allows you to buy one each of any of the products offered.

To place an order you need to provide your name and address. These are kept on file as cookies so you can be personally greeted on return visits to the site.

Placing the order executes a dummy posting, the checkout page is refreshed after the shopping basket is emptied but no order is posted back to the server - I'm afraid I can't supply any of the wines mentioned although I would be happy to help with their consumption!

What is a cookie?

  • It's a data record
  • Text
  • Human readable
  • Escaped string
    • Some characters are repaced by groups of characters:
      • Space becomes %20 - A percent sign followed by the hexadecimal ASCII code for a space

A cookie is visible only to pages on the same site as the page from which it was originally written

  • Cookies are confiential to pages served by the same server
  • They are shared between a website (the server) and a client (the browser)

Their lifetime is determined by

  • Their expiry date - Set when the cookie is written
  • Manual tidying by the user
    • Cookies enjoy no special protection and can be deleted with only the usual confirmation requested after you've pressed DEL

What does a cookie do?

A cookie stores information

  • Usually information provided by the client (the browser) or the user
    • Information available to scripts, such as
      • browser type
      • screen height and width
      • operating system
    • Information entered by the user
      • text entered into form fields

Most importantly, scripts - and therefore the contents of cookies - cannot access

  • browser history (see JavaScript documentation of the history object for details)
  • installed applications (beyond the current browser type)
  • security settings
    • user names
    • passwords
  • email addresses (unless entered into a form field by a user)

Cookies can't conatin executable code - Because their text strings are escaped, they can't even contain the text of a simple batch file in a form that will run.
 
 

Cookies are safe!

Cookies were designed and are implemented within the basic JavaScript security model. Having cookies enabled is no less secure than having them disabled.
 

xxx,xxx

copyright ©2000 - 2008 Chris Pearson