cookies e sessions no http
DESCRIPTION
Cookies e Sessions no HTTPTRANSCRIPT
![Page 1: Cookies e Sessions no HTTP](https://reader034.vdocuments.net/reader034/viewer/2022052621/5588beb9d8b42a797e8b4743/html5/thumbnails/1.jpg)
Cookies e SessionsWillian Massami Watanabe
1
![Page 2: Cookies e Sessions no HTTP](https://reader034.vdocuments.net/reader034/viewer/2022052621/5588beb9d8b42a797e8b4743/html5/thumbnails/2.jpg)
Cookies
2
![Page 3: Cookies e Sessions no HTTP](https://reader034.vdocuments.net/reader034/viewer/2022052621/5588beb9d8b42a797e8b4743/html5/thumbnails/3.jpg)
Cookies
3
• Mecanismos gerais para armazenar dados persistentes de navegação no lado cliente de uma aplicação web
• Estão associados a um determinado domínio de uma aplicação
• O servidor envia os Cookies e estes são armazenados como arquivos texto no computador
• Em toda requisição realizada por um navegador web os cookies relacionados ao domínio do destino da requisição são enviados
![Page 4: Cookies e Sessions no HTTP](https://reader034.vdocuments.net/reader034/viewer/2022052621/5588beb9d8b42a797e8b4743/html5/thumbnails/4.jpg)
4
Usuário
Servidor
Servlet1
Login
Protegido por login
Sem Cookies
![Page 5: Cookies e Sessions no HTTP](https://reader034.vdocuments.net/reader034/viewer/2022052621/5588beb9d8b42a797e8b4743/html5/thumbnails/5.jpg)
5
Usuário
Servidor
Servlet1
Login
Protegido por login
Requisição HTTP
Resposta HTTP
![Page 6: Cookies e Sessions no HTTP](https://reader034.vdocuments.net/reader034/viewer/2022052621/5588beb9d8b42a797e8b4743/html5/thumbnails/6.jpg)
6
Usuário
Servidor
Servlet1
Login
Protegido por login
Sem Cookies
Requisição HTTP
Resposta HTTP
![Page 7: Cookies e Sessions no HTTP](https://reader034.vdocuments.net/reader034/viewer/2022052621/5588beb9d8b42a797e8b4743/html5/thumbnails/7.jpg)
7
Usuário
Servidor
Servlet1
Login
Protegido por login
Sem Cookies
Requisição HTTP
Resposta HTTP
![Page 8: Cookies e Sessions no HTTP](https://reader034.vdocuments.net/reader034/viewer/2022052621/5588beb9d8b42a797e8b4743/html5/thumbnails/8.jpg)
8
Usuário
Servidor
Servlet1
Login
Protegido por login
Cookies abobrinha=logado
Requisição HTTP
Resposta HTTP
![Page 9: Cookies e Sessions no HTTP](https://reader034.vdocuments.net/reader034/viewer/2022052621/5588beb9d8b42a797e8b4743/html5/thumbnails/9.jpg)
9
Usuário
Servidor
Servlet1
Login
Protegido por login
Requisição HTTP
Resposta HTTP
Cookies abobrinha=logado
![Page 10: Cookies e Sessions no HTTP](https://reader034.vdocuments.net/reader034/viewer/2022052621/5588beb9d8b42a797e8b4743/html5/thumbnails/10.jpg)
10
Usuário
Servidor
Servlet1
Login
Protegido por login
Requisição HTTP
Resposta HTTP
![Page 11: Cookies e Sessions no HTTP](https://reader034.vdocuments.net/reader034/viewer/2022052621/5588beb9d8b42a797e8b4743/html5/thumbnails/11.jpg)
11
Exemplo
![Page 12: Cookies e Sessions no HTTP](https://reader034.vdocuments.net/reader034/viewer/2022052621/5588beb9d8b42a797e8b4743/html5/thumbnails/12.jpg)
12
Servlet1
![Page 13: Cookies e Sessions no HTTP](https://reader034.vdocuments.net/reader034/viewer/2022052621/5588beb9d8b42a797e8b4743/html5/thumbnails/13.jpg)
13
Login - doGet
![Page 14: Cookies e Sessions no HTTP](https://reader034.vdocuments.net/reader034/viewer/2022052621/5588beb9d8b42a797e8b4743/html5/thumbnails/14.jpg)
14
Login - doGet
Login - doPost
![Page 15: Cookies e Sessions no HTTP](https://reader034.vdocuments.net/reader034/viewer/2022052621/5588beb9d8b42a797e8b4743/html5/thumbnails/15.jpg)
15
Login - doGet
Login - doPost
Servlet1
Set-Cookies abobrinha=logado
Sem Cookies
Sem Cookies
![Page 16: Cookies e Sessions no HTTP](https://reader034.vdocuments.net/reader034/viewer/2022052621/5588beb9d8b42a797e8b4743/html5/thumbnails/16.jpg)
16
Problemas• Por que cada cookie é associado a um domínio?
• É possível forjar um cookie?
• Como proteger os cookies?
• Posso armazenar quantos cookies eu quiser?
• Que outras utilidades os cookies podem ter?
![Page 17: Cookies e Sessions no HTTP](https://reader034.vdocuments.net/reader034/viewer/2022052621/5588beb9d8b42a797e8b4743/html5/thumbnails/17.jpg)
Sessions
17
![Page 18: Cookies e Sessions no HTTP](https://reader034.vdocuments.net/reader034/viewer/2022052621/5588beb9d8b42a797e8b4743/html5/thumbnails/18.jpg)
Sessions
18
• Mecanismos gerais para armazenar dados persistentes de navegação no lado servidor de uma aplicação web
• Utiliza-se de uma chave compartilhada entre o cliente e o servidor
• Cookies
• URL rewriting
![Page 19: Cookies e Sessions no HTTP](https://reader034.vdocuments.net/reader034/viewer/2022052621/5588beb9d8b42a797e8b4743/html5/thumbnails/19.jpg)
19
Usuário
Servidor
Servlet1
Login
Protegido por login
Sem Cookies
![Page 20: Cookies e Sessions no HTTP](https://reader034.vdocuments.net/reader034/viewer/2022052621/5588beb9d8b42a797e8b4743/html5/thumbnails/20.jpg)
20
UsuárioServlet1
Login
Protegido por login
Requisição HTTP
Resposta HTTP
Sessions JSESSIONID=qav…
![Page 21: Cookies e Sessions no HTTP](https://reader034.vdocuments.net/reader034/viewer/2022052621/5588beb9d8b42a797e8b4743/html5/thumbnails/21.jpg)
21
Usuário
Servidor
Servlet1
Login
Protegido por loginCookies
JSESSIONID=qav…
Sessions JSESSIONID=qav…
![Page 22: Cookies e Sessions no HTTP](https://reader034.vdocuments.net/reader034/viewer/2022052621/5588beb9d8b42a797e8b4743/html5/thumbnails/22.jpg)
22
Usuário
Servidor
Servlet1
Login
Protegido por login
Requisição HTTP
Resposta HTTP
Sessions JSESSIONID=qav…
![Page 23: Cookies e Sessions no HTTP](https://reader034.vdocuments.net/reader034/viewer/2022052621/5588beb9d8b42a797e8b4743/html5/thumbnails/23.jpg)
23
Usuário
Servidor
Servlet1
Login
Protegido por login
Requisição HTTP
Resposta HTTPSessions
JSESSIONID=qav…
Cookies JSESSIONID=qav
…
![Page 24: Cookies e Sessions no HTTP](https://reader034.vdocuments.net/reader034/viewer/2022052621/5588beb9d8b42a797e8b4743/html5/thumbnails/24.jpg)
24
Usuário
Servidor
Servlet1
Login
Protegido por login
Requisição HTTP
Resposta HTTPSessions
JSESSIONID=s4x…!logado = true!
usuario = watinha
Cookies JSESSIONID=s4x
…
![Page 25: Cookies e Sessions no HTTP](https://reader034.vdocuments.net/reader034/viewer/2022052621/5588beb9d8b42a797e8b4743/html5/thumbnails/25.jpg)
25
Usuário
Servidor
Servlet1
Login
Protegido por login
Requisição HTTP
Resposta HTTP
Sessions JSESSIONID=s4x…!
logado = true!usuario = watinha
Cookies JSESSIONID=s4x
…
![Page 26: Cookies e Sessions no HTTP](https://reader034.vdocuments.net/reader034/viewer/2022052621/5588beb9d8b42a797e8b4743/html5/thumbnails/26.jpg)
26
Usuário
Servidor
Servlet1
Login
Protegido por login
Requisição HTTP
Resposta HTTP
Sessions JSESSIONID=s4x…!
logado = true!usuario = watinha
![Page 27: Cookies e Sessions no HTTP](https://reader034.vdocuments.net/reader034/viewer/2022052621/5588beb9d8b42a797e8b4743/html5/thumbnails/27.jpg)
27
Exemplo
![Page 28: Cookies e Sessions no HTTP](https://reader034.vdocuments.net/reader034/viewer/2022052621/5588beb9d8b42a797e8b4743/html5/thumbnails/28.jpg)
28
Servlet1
![Page 29: Cookies e Sessions no HTTP](https://reader034.vdocuments.net/reader034/viewer/2022052621/5588beb9d8b42a797e8b4743/html5/thumbnails/29.jpg)
29
Login - doPost
![Page 30: Cookies e Sessions no HTTP](https://reader034.vdocuments.net/reader034/viewer/2022052621/5588beb9d8b42a797e8b4743/html5/thumbnails/30.jpg)
30
Login - doPost
Servlet1
Login - doGet
![Page 31: Cookies e Sessions no HTTP](https://reader034.vdocuments.net/reader034/viewer/2022052621/5588beb9d8b42a797e8b4743/html5/thumbnails/31.jpg)
31
Login - doPost
Servlet1
Login - doGetCookies
JSESSIONID=qav…
Sessions JSESSIONID=qav…
Cookies JSESSIONID=qav
…
Sessions JSESSIONID=qav…
Sessions JSESSIONID=s4x…!
logado = true!usuario = watinha
Cookies JSESSIONID=s4x
…
![Page 32: Cookies e Sessions no HTTP](https://reader034.vdocuments.net/reader034/viewer/2022052621/5588beb9d8b42a797e8b4743/html5/thumbnails/32.jpg)
32
Login - doPost
Servlet1
Login - doGetCookies
JSESSIONID=qav…
Sessions JSESSIONID=qav…
Cookies JSESSIONID=qav
…
Sessions JSESSIONID=qav…
Sessions JSESSIONID=s4x…!
logado = true!usuario = watinha
Cookies JSESSIONID=s4x
…
Servidor
Servidor
Servidor
Cliente
Cliente
Cliente
![Page 33: Cookies e Sessions no HTTP](https://reader034.vdocuments.net/reader034/viewer/2022052621/5588beb9d8b42a797e8b4743/html5/thumbnails/33.jpg)
33
Problemas
• É possível forjar uma session?
• A session é mais segura que o cookie?
• Que outras utilidades as sessions podem ter?