Quiz

  1. Not a content question, but when I tried to click on the 'Session Secrets' link I got this message: 
    Internal Server Error: Missing headers or other script malfunction. Check the logs or contact cs-sysadmin@wellesley.edu

    My apologies. There were some technical issues I ran into moving to the new server that I haven't had time to fix, and this is yet another of them. When/if you run into things like this, you can usually edit the URL to access oldcs.wellesley.edu instead of cs.wellesley.edu and it should work.

  2. What's the difference between disk and memory?

    The processor (CPU) can access data in memory (RAM) in a few nanoseconds. To read data from disk takes a few milliseconds. So memory is a million times faster.

    When your program starts, the code is read from disk into memory, and the processor runs the code from memory (moving data to the processor for computations).

    disk is really only for long-term storage.

  3. Can you go into more detail about what sticky settings are?

    It's not a technical term. It's just an informal notion that things last and don't go away with the next request, page refresh, or whatever.

    In the reading, we wanted the setting of whether the cart is shown or not to last until the user explictly sets to the other value. In other words, clicking "show cart" means that the cart will always be shown until the user clicks "hide cart".

  4. Why didn't Flasks digital signature prevent me from tampering with the number of prior visits cookie in the cookie example webpage?

    Because we weren't using sessions. We were using plain old cookies. Flask's sessions use a digitally signed cookie, but all other cookies are normal.

  5. You mentioned in the reading that session identifiers are created at the start of a Flask session, but sessions do not have ""Session ID""s. What is the difference between session IDs and session identifiers?

    Hmm. I think you may have mis-read that. We can create a session ID, but Flask doesn't. There is no difference between a session ID and a session identifier; ID == identifier.

  6. Why don't you need to worry about session files accumulating on the server and deleting old session files from the server? Are session cookies not saved on the server?

    If sessions are stored in files, then you are correct. PHP stores its sessions in files (in /var/lib/php/sessions). In fact, that directory on Tempest currently has 571 files in it, some dating back to September 4th. But they total less than half a megabyte, so no big deal (yet).

  7. If you clear browser cookies, could that end sessions running for websites? Are all logins made possible through sessions or are there other methods?

    Yes! Clearing browser cookies will probably mean you have to re-login to everything you've logged into.

    Another technique that is sometimes used is to put a session id in the URL: https://domain.com/path/to/endpoint?sessid=29834792837492832. You then have to make the app append that session id onto every URL, so that it's available in every request (like cookies).