Our Castro text tells us only the minimal information about cookies. Here's a more comprehensive look-see:

http://builder.cnet.com/Programming/Cookies/index.html

In particular, it discusses the question of the security of cookies, at this link.

Here's another link which specifically shows how to use CGI.pm to construct and access cookies. This is the way to do it, methinks.

Finally, here's Netscape's official Cookie Documentation.

Some contents of my cookie.txt file: (As you can tell, I'm a Netscape user. IE users, go dig up your own.)

www.pickadw.com  FALSE /shopsite-scripts/sb FALSE 946555398 SSMBSuperCookie
%20Name%75Michael_Moshell%20Company%75Registration_Systems_Lab%20
Email%75moshell@reg-master.com%20Address%752060_Goldwater_Court%20Address2%75
%20City%75Maitland%20State%75FL%20Zip%7532751%20Country%75USA%20Phone
%75407_628_3602

www.mcglen.com  FALSE /McGlenWeb  FALSE 946616595 REFER
www%2Emcglen%2Enet

www.1800flowers.com FALSE /flowers  FALSE 944035463 SHOPPERMANAGER%2FFLOWERS
0HCN82JAN8sH2P4900CG1MJU1RstEURQ

What are these fields? In order:
1) URL from which it came. Only this URL can get 'em back again.
2) ? some obscure Netscape parameter. About half mine are TRUE and half FALSE.
3) Path at that URL which contains scripts allowed to get the cookie.
4) TRUE if secure sockets is required for this cookie to be sent
5) Expiration date & time, encoded
6) Name of the cookie
7) URL-encoded value of the cookie.

Security concerns. There was a recent bug discovery, sometimes called the "triple dot scam". Check it out.

Another situation (security risk? you decide) was presented by DoubleClick.net. This company provides a "shared cookie" technique which makes it possible for every member of their network to add to a common database, various snippets of information about you, which rolls up a cumulative picture of your buying or browsing habits.They do this by having each partner company use a common identifier in their cookies, and pool the data about what you browse and buy.

The following queries' answers must come from the live lecture. Ask your study buddy if you weren't there for the lecture.

Query 10.1: Why do e-commerce sites use cookies?

Query 10.2: What security concerns do people have about cookies? How did the original architecture of cookies provide for these concerns?

Query 10.3: Does the triple dot scam mean that your cookies from company A can be read by company B? Why or why not?

Dynamic Graphics.

NOTICE: Despite several hours of trying, we did NOT get this example to work on Nemesis. Don't waste your time trying to run it there. This example is here for purposes of teaching some principles, including these

• The use of pipes to connect processes in Unix
• The basic concepts and syntax behind Postscript

Here's a digital clock program, all pulled together.

#!/usr/local/bin/perl
    $GS = "/usr/local/bin/gs";
    $|=1;        # perl convention: makes std.out unbuffered
    print "Content-type: image/gif", "\n\n";    # This routine emits GIF!
    ($seconds, $minutes, $hour) = localtime (time);    # three vars from one call
    if ($hour>12)    # Some simple minded cosmetic stuff here.
    {    $hour -= 12;
         $ampm = "pm";
    } else
    {    $ampm = "am";
    }
    if ($hour == 0)    # Note equality test is "=="
    {    $hour = 12;
    }
    $time = sprintf ("%02d:$02d:$02d $s", $hour, $minutes, $seconds, $ampm);
    # That line formats the string to report the time.
    $x = 80; $y = 15;    # We want to draw an 80 pixel wide by 15 pixel high image.
############## Now for the magic. We send a command to gs.
############## GS will send its output to its standard out, which will
############## actually go to whoever called this piece of Perl.

    open (GS, "|$GS -sDEVICE=gif8 -sOutputFile=- -q -g${x}x${y} - 2>/dev/null");
    # Whew, that's mysterious. Let's call it magic for now (see the Gundavaran text, p. 106)
    # Now we can write to GS and it'll get piped to the Postscript system.
    print GS <<End_of_PostScript_Code;
        %!PS-Adobe-3.0 EPSF-3.0
        %%BoundingBox: 0 0 $x $y
        %%EndComments
        /Times-Roman findfont 14 scalefont setfont
        /red {1 0 0 setrgbcolor} def
        /black {0 0 0 setrgbcolor} def
        black clippath fill
        0 0 moveto
        ($time) red show
        showpage
    End_of_PostScript_Code
    close (GS);
    exit(0);
 Key ideas to understand:

• The Postscript stack
• The Postscript coordinate system

#!/usr/local/bin/perl
#GS = "/usr/local/bin/gs";
$| = 1;
print "Content-type: image/gif", "\n\n";
($seconds, $minutes, $hour) = localtime (time);
$x = $y = 150;
open (GS, "|$GS -sDEVICE-gif8 -sOutputFile=- -q -g${x}x${y} - 2>/dev/null");

# Note: The following doesn't work for some reason!
# I don't know why. I have had to substitute a quote mark
# solution.

print GS <<End_of_PostScript_Code;
%!PS-Adobe-3.0 EPSP-3.0
%%BoundingBox: 0 0 $x $y
%%EndComments
/max_length    $x def
/line_size     1.5 def
/marker        5 def

%% Now we define a scaleable clock

%% Definitions containing expressions must have the exp. in ()

/red    (1 0 0 setrgbcolor) def
/green (0 1 0 setrgbcolor) def
/blue  (0 0 1 setrgbcolor) def
/black (0 0 0 setrgbcolor) def

/hour_angle ($minutes seconds 60 div add 3 sub 30 mul neg) def
% which means: hour angle = - ((minutes / 60) + hour - 3) * 30
% Textbook forgot the first minus sign.

/minute_angle ($minutes $seconds 60 div add 15 sub 6 mul neg) def
% which means: minute angle = -((seconds/60) + minutes - 15) * 6

%% QUERY 11.1 (embedded in a comment, too!)
%% Write the Postscript for the angle of a sweep second hand.

%% fill rectangle with black; draw blue circular line, centered.

center dup translate
black clippath fill
line_size setlinewidth
origin radius 0 360 arc blue stroke

%% Draw tick marks around the clock at 12 places

gsave            %% Save coordinate frame; we're gonna mess with it
1 1 12
{    pop                        %% remove useless loop counter
    radius marker sub 0 moveto    %% move to (radius-marker,0)
    marker 0 rlineto red stroke    %% draw red line to (marker,0)
    30 rotate                        %% rotate coordinates by 30
} for                            %% well it is a stack language...
grestore           %% Return to original coordinate frame

%% And now for the moving hands of the clock!

origin moveto
hour_segment hour_angle cos mul %% (hour_segment is hand-length)
hour_segment hour_angle sin mul
      %% leaves x,y values of hour hand's tip on the stack
      %% meaning: x coord = (cos  (hour angle))* radius
      %% and likewise y coord=(sin (hour angle))* radius

lineto green stroke    %% AND we draw a green Hour Hand

origin moveto
minute_segment minute_angle cos mul
minute_segment minute_angle sin mul
lineto green stroke    %% AND we draw a green Minute Hand

%% now a little red circle in the center of the clock:

origin line_size 2 mul 0 360 arc red fill

showpage

End_of_PostScript_Code
close (GS);
exit(0);

Now the obvious question is (what IS the obvious question?) Well ...

Query 10.4: Rewrite the above code so as to draw the hands' positions by rotating the coordinate system, instead of by doing all that sin and cos business. If it works for tick marks, it ought to work for the hands, eh?

And the point of it all is... you may think "Javascript can do graphics better than all this..." which is true, IF you have the data at the client. But consider, for instance, any of the map-drawing systems on the web. As you move through a worldwide map, you have to construct the map based on the user's inputs. This much data cannot reside in the client, so you gotta get it from the server somehow. Ghostscript is one way of rendering that server-side data.

Back to previous lecture
Forward to next lecture
Back to the Index
Back to the Syllabus