Web Instruments

PART 2: Web
Technologies and DB
Lesson 5- Dynamic
Websites
Created by Vladimir Poddukin, 2019
1
Version 4.0
We learn in Part 2 of the course:

 Lesson 4 – Static Websites – HTML, client scripting

languages, mechanisms of work

 Lesson 5 - Dynamic Websites – Web Servers, Dynamic

Web Pages, Languages and Technologies for creating
Dynamic Web Content

 Lesson 6 – Web Services – (Main principles, XML, SOAP,

REST-services)

2
We will learn in this lesson:

 Part 1: Dynamic Websites Basics, how it works

 Part 2: Websites Testing

 Part 3: Dynamic Web Programming – main principles,

evolution, technologies

 Part 4: Web Servers

3
 Web Applications
 Static - content on the server is static and provides a set of
already defined files (images, video, audio, applets)
embedded into HTML.
 Dynamic – the content is generated by server depending on
some variables defined in HTTP request.

4
 Static Websites
Web Applications

Static website problems

Your static website has to deal with different type of visitors who come to
your website for several different reasons: content consumers,
information collectors, customers, leads, potential customers, suppliers, …
They all come with different goals and different interests, whereas your
website is just static, i.e. presenting the same content to all of them.
It is not possible to provide the most appropriate or suited content for
each of these visitors or visitor groups.

5
 Static vs. Dynamic Architecture

Static website – provides ready files Dynamic website –provides files

“(What You See Is What You Get)”. “generated per request”, construct
HTML on the fly using server side
scripting or libraries.
6
 Authentication vs. Authorization

Authentication – process of recognition of the identity

Authorization – process of delegation of certain rights to

authenticated users

7
 Web Sessions
Fact: HTTP is stateless, but can keep connections alive.
Connection TTL = Min(browser_timeout, server_timeout)
Definitions:
 A session is an instance of the interaction between a user
and an application
 A web session is a data structure that an application uses to
store temporary data that is useful only during the time a
user is interacting with the application, it is also specific to
the user
Tip: avoid confusion between HTTP 1.1 connections and web
sessions
8
Web Sessions vs. HTTP 1.1 Persistent
Connections

Web Session
9
 How sessions are established?

 Client’s browser makes an initial request

to the server
 Server notes clients IP address/browser,
stores some local session data and
sends a session ID back to the
client
 Client sends that same session ID back to
server on future requests
 Server uses session ID to retrieve the
data for the client’s session later, like a
ticket given at a coat-check room

10
 How is session ID kept on the client?
 URL based session ID’s:
Example:
http://www.example.com/news.asp?article=27781;sessionid=IE60012219

 Hidden Post Fields:

Example:
<FORM METHOD=POST ACTION=”/cgi-bin/news.pl”>
<INPUT TYPE=”hidden” NAME=”sessionid” VALUE=”IE60012219”>
<INPUT TYPE=”submit” NAME=”Read News Article”>

 Cookies
Example: Within the plain text of the HTTP server response –
Set-Cookie: sessionID=”IE60012219”; path=”/”;
domain=”www.example.com”; expires=”2003-06-01 00:00:00GMT”;
version=0
11
 Cookies

A cookie is a small amount of information sent by a server to a

browser, and then sent back by the browser on future page requests.
Cookies have many uses:
 authentication
 user tracking
 maintaining user preferences, shopping carts, etc.
A cookie's data consists of a single name/value pair, sent in the
header of the client's HTTP GET or POST request.

12
 Cookies: between Myths and Reality

Myths:
 Cookies are like worms/viruses and can erase data from the user's
hard disk;
 Cookies are a form of spyware and can steal your personal
information;
 Cookies generate popups and spam;
 Cookies are only used for advertising.
Facts:
 Cookies are only data, not program code;
 Cookies cannot erase or read information from the user's computer;
 Cookies are usually anonymous (do not contain personal
information);
 Cookies CAN be used to track your viewing habits on a particular
site.
13
 Structure of a session

A session is a key-value
pair data structure.
Think of it as a
hashtable where each
user gets a hashkey to
put their data in. This
hashkey would be the
“session id”. A session
data structure would
look like this :

14
 PART 1 of Lesson 5: we have passed
• General principles of how dynamic content is generated

• Dynamic vs. static Web Development Comparison

• The limitations with static web sites that are solved by web server data
processing, examples

• The core notion of dynamic programming – web session

• HTTP 1.1 Persistent Connections vs. Web Sessions

• The mechanisms of session maintenance

• Several workshops
 Enable/disable cookies, Web sessions, Killing a web Session by Deleting a cookie.
15
We will learn in this lesson:

 Part 1: Dynamic Websites Basics, how it works

 Part 2: Websites Testing

 Part 3: Dynamic Web Programming – main principles,

evolution, technologies

 Part 4: Web Servers

16
 Web Traffic Analyzing Products

 Wireshark

 Firebug

 Fiddler

17
Web Traffic Debugging System - Fiddler

 Web debugging

 Web Session Manipulation

 Performance Testing

 HTTP/HTTPS Traffic Recording

 Security Testing
Eric Lawrence, The Creator of
18 Fiddler
 Fiddler vs. HP UFT

 HP UFT interacts with User Interface Elements (HTML

controls etc.)

 Fiddler is UI independent and operates at the level of

message exchange between server and client

19
 PART 2 of Lesson 5: we have passed

 Tools for HTTP traffic analyzing:

 Wireshark
 Fiddler
 Firebug

 Specifics of each tool

 Fiddler main functionalities

 Workshop: Recorded a page request in Fiddler, saved it and played back,

identified that the page is cached, and session playback is different from
original one due to cache, cleared the cache and repeated again

 The difference between UI automation testing and testing based on HTTP

recording and playing back (HP UFT vs. Fiddler) 20
We will learn in this lesson:

 Part 1: Dynamic Websites Basics, how it works

 Part 2: Websites Testing

 Part 3: Dynamic Web Programming – main principles,

evolution, technologies

 Part 4: Web Servers

21
 ASP - briefly

<CENTER><H1>Add a New user account.</H1></CENTER>

<FORM> UserName :
Sent to client <INPUT NAME=UserName> UserPassword :
(HTML) <INPUT Name=UserPassword>
<INPUT TYPE=SUBMIT>
</FORM>
<% UN = Request("UserName")
Executed Response.Write "User <B>" & UN & "</B> Added.<BR>"
on Response.Write "List of users :<BR>" 'List all of server users. For
SERVER, Each User In xServer.Users Response.Write "<B>
%>
Converted
to
HTML,
sent
22
 ASP (Active Server Pages) – can:
Acess backend for both – extracting and inserting (updating data) into different databases
Example: <%
Set oConn = Server.CreateObject(“ADODB.Connection”)
oConn.Open @DRIVER ={Microsoft Access Driver (*.mdb)}; DBQ =@ &
Server.MapPath(“DB.mdb”)
Set rsUsers = Server.CreateObject(“ADODB.Recordset”)
rsUsers.Open “SELECT * FROM Users”, oConn %>

 Manage session wide variables, manage entire session

 Write output HTML depending on the session state, database data, request variables like
cookies, URL embedded value

 Connect to other libraries in order to reuse the logic encapsulated there

 Main Objects: Request, Response, Error 23

 ASP (Active Server Pages) – main objects

 Server
Usage: Allows connections to databases (ADO), filesystem, and use of components
installed on the server
 Request
Usage: Allows reading the data sent by the client browser
 Response
Usage: Can send information to the client, such as the text on a page or HTTP Cookie
(Write method to write output HTML)
 Application
Usage: Stores global variables
 Session
Usage: Stores variables accessible only to a single visitor
 Error
Usage: Allows error management

24
 ASP disadvantages

ASP code is mixed with client side HTML and JavaScript

ASP Code is interpreted rather than compiled, this causes

performance issues

ASP has few support for OOP concepts

ASP ties us to Microsoft technologies (like IIS)

25
 Other Technologies

 Perl was a highly used language on the early web and still is very
much alive today. Large websites using Perl include Amazon.com,
LiveJournal.com, Ticketmaster.com and IMDb.com.
 A programming language that keeps gaining popularity.
Some projects that use Python are the Zope application
server, YouTube and Google has mentioned that they use
Python extensively.
 Most likely the most used server-side scripting language in the
world. Over 19 million internet domains are currently hosted
on servers with PHP installed. Examples of popular server-side
PHP applications include phpBB, WordPress, and MediaWiki.

 Java Answers to ASP

26
Other Technologies – sample scripts

27
MVC – Model-View-Controller

Ruby-on-Rails is an open
source web application
framework written in
Ruby. Rails is a full stack
framework

28
 Revolution in WEB – Asynchronous updates
Classic Web: AJAX: (Asynchronous JavaScript and
 User enters a page and clicks the button XML)
 Browsers sends HTTP Request  User enters a page and clicks the
 Server generates or simply returns new page button
 Browser reloads the page  JavaScript defines what part of page
to be renewed
 Browser sends the respective request
 Server returns just a part of the
document which is renewed
 JavaScript changes the page according
to Server response
Central object: XmlHttpRequest
Implementations: jQuery, AngularJS, many
others
NOTE: HTML 5.0 must be used for async calls
29
 PART 3 of Lesson 5: we have passed

 Server side scripting technologies:

 ASP (classic ASP)
 JSP, PHP
 Server Scripting Objects

 Disadvantages of server-side scripting as a challenge to a new era in web-server

development techniques

 From ASP to ASP.NET – solutions proposed to overrun server-site scripting

limitations (other technologies –same evolution steps)

 Revolution – Asynchronous Web Request (AJAX)

30
We will learn in this lesson:

 Part 1: Dynamic Websites Basics, how it works

 Part 2: Websites Testing

 Part 3: Dynamic Web Programming – main principles,

evolution, technologies

 Part 4: Web Servers

31
 Web Servers

A web server is a computer system that processes requests via

HTTP, the basic network protocol used to distribute information on
the World Wide Web. The term can refer either to the entire
system, or specifically to the software that accepts and supervises
the HTTP requests.

Web servers are able to map the path component of a Uniform Resource Locator
(URL) into:
 A local file system resource (for static requests)
 An internal or external program name (for dynamic requests)

32
 Web Servers features and facts

 HTTP handling and passing to Web Applications

 Security management
 Virtual hosting to serve many web sites using one IP
Address
 Bandwidth throttling to limit the speed of resources in
order not to saturate the network and to be able to
serve more clients The world’s first Web
 Load balancing Server – NeXT - 1990
 Logging, error processing

33
Web Servers: TOP 3

Apache HTTP Server and Tomcat

Internet Information Services (former Server)

nginx

34
Web Servers: Market Share

35
 Web Servers: Comparison Criteria

 Dynamic technology supported (Java Servlets, ASP.NET (ISAPI), pages, etc.)

 Execution mode: kernel vs. user

 Authentication type: basic, digest, windows.

 Secure Protocol Support (HTTPs)

 IPv6 Support

36
LAMP

37
 Workshops

 Workshop 1: IIS – publishing static content

 Workshop 2: Deploying dynamic web application on Apache Tomcat Server

38
 PART 4 of Lesson 5: we have passed
 Web Server – main definitions and functions, algorithms of
processing dynamic and static content

 Web Server – main characteristics, decision making criteria

 A&A extension – basic and digest authentication

 Market share of different Web Server Solutions

 Classic Web Applications Bundles – LAMP, WAMP

 Workshop 1: IIS static web content publication

 Workshop 2: Apache Tomcat – dynamic web content

publication + extra how to use Fiddler to distinct between
server and client processing 39
We will learn in this lesson:

 Part 1: Dynamic Websites Basics, how it works

 Part 2: Websites Testing

 Part 3: Dynamic Web Programming – main principles,

evolution, technologies

 Part 4: Web Servers

40
 Thank you for your attention.
Q&A: vpoddukin@alliedtesting.com
YM: v_poddukin

41