Share this Page URL

Chapter 9. Building Blocks for Internet ... > Sessions and Cookies - Pg. 112

Building Blocks for Internet Commerce 112 The portability of Java applets and the standardization of the virtual machine mean that applet creators do not need to worry about supporting many different versions of the applet for different client computers in use by the users. A single applet will run exactly the same way on all platforms. Java and the Java virtual machine are still evolving rapidly, so the applet author does need to worry about different versions of the Java environment. Security for Java applets is based on a sandbox model, in which the applet is prevented from doing anything that might be dangerous. Unfortunately, this also prevents the applet from doing many things that are useful. Extensions to Java, such as signed applets in Java 1.1, make Java applets useful for some commerce applications. ActiveX In 1996, Microsoft introduced ActiveX. ActiveX is an evolution of Object Linking and Embedding (OLE), which Microsoft developed earlier to enable diverse applications to work closely together. ActiveX controls are software objects referenced by a Web page, which can be automatically down- loaded and installed on a user's PC at the time of first reference. On future references, the control is automatically activated without being downloaded again. Unlike Java applets, ActiveX controls have full access to the resources of the client system. The security model for ActiveX is based on code signing rather than on a sandbox. ActiveX controls have full access to the user's computer. In order for users to be willing to install such potentially dangerous pieces of software, each control is digitally signed by its authoring organization (digital signatures are described in Chapter 13). Before running the control, the user decides whether or not to trust the organization that created it. ActiveX controls are very powerful, but they contain binary computer code, making them dependent on particular platforms. At this time, ActiveX is restricted to various versions of Microsoft Windows. In addition, the flow of a user's experience at a Web site may be disrupted when an ActiveX control is installed if the user must interrupt the process to answer a question about trusting the creator of the ActiveX control. ActiveX currently has no provision for removing controls once they are installed, so frivolous or seldom-used controls will accumulate and consume the user's system resources. Sessions and Cookies The HTTP protocol is designed to be stateless. Each request is intended to be independent of every other request. As the Web has come to be used as the foundation for complex applications (for commerce and other areas), cookies and other technologies have been developed to maintain per- sistent application state on top of the stateless protocol. Why Sessions Are Important As originally conceived, the Web was a very large collection of documents. Browsers would request a document, the user would work with it for a while, and then the user would request another docu- ment. In this environment, a stateless protocol makes sense. With many browsers and few servers, it is appropriate to make the server stateless so that it uses few resources per request. Today, however, almost any interesting Web-based application, particularly an Internet commerce appli- cation, requires a whole series of actions by the user and the server, working through a number of different Web pages. Therefore, it is important to treat such a series of actions as a single session of work.