| Date | November 2018 | Marks available | 2 | Reference code | 18N.2.SL.TZ0.8 |
| Level | SL | Paper | 2 | Time zone | no time zone |
| Command term | Describe | Question number | 8 | Adapted from | N/A |
Question
BesTea is a company that sells tea and tea-related accessories online. Users browsing the website encounter the following URL:
https://www.BesTea.com/customer/pages/delivery
A person enters the URL for BesTea into their browser.
The logos of the credit and debit cards accepted by BesTea are displayed as images in the footer of all of its web pages.
The BesTea website includes a shopping basket facility that enables users to make purchases.
The following fragment of PHP code is present in the script that allows users to place a completed order:
<?php
…
$_SESSION['sessionUserID'] = new_random_number();
$query = $db -> query ("SELECT * FROM users_db WHERE id = "
.$_SESSION['sessionUserID']);
$userRecord = $query -> fetch_record();
…
>
Describe how this URL provides security in communication over the Internet.
Identify the steps that the Domain Name System (DNS) server will take in order to locate the correct IP address for this request from the browser.
Outline how the footer of a web page can be made identical across all pages of a website.
Suggest the function of this fragment of code.
Users may perform several actions on their shopping baskets. These actions require interaction with a central database of products. Each record in this database includes the identifier, the name and the price of one of these products.
Consider the following fragment of code:
<
$basket = new Basket
…
If $_REQUEST['action'] == 'removeBasketItem' && !empty($_REQUEST['id']){
remove($basket, $_REQUEST['id']);
header("view_basket.php");
}
>
From the code, identify the information that the user has provided.
Markscheme
Award up to [2 max].
HTTPS authenticates the identity of the website;
And encrypts data that are transmitted between web browser and web server/between two parties;
Award up to [4 max].
Award [1] for step that the Domain Name System (DNS) server will take in order to locate the correct IP address for this request from the browser up to [4 max].
The DNS server configured to the browser’s computer / the ISP (Internet Service Provider) checks through its own database to see if the (domain) name is there;
If it is, it will return the corresponding IP address to the browser;
If it isn’t the request is passed onto the next DNS server (in the hierarchy);
This continues until the (domain) name is found;
Or the top level / authoritative DNS server if reached;
When IP address is found, it is sent back to the original DNS server;
Award up to [2 max].
The required layout style for the footer is saves as a CSS file;
Each time the footer section/element appears it calls this CCS file;
Award up to [4 max].
Award [1] for each comment that indicates the function of the code up to [4 max].
Award [1] realising the modelling centred on a session (intuition of what $_SESSION[] is)
Award [1] realising that session user identifier shall be unique.
Award [1] realising the existence of users_db.
Award [1] realising that this database is interrogated with this session identifier to retrieve all fields of the record;
Award [1] to instantiate a variable $userRecord.
The shopping basket is modelled centred on the “session”;
A global array $_SESSION exists, holding a session identifier associated with any user;
And a new sessionUserID is added to the array and instantiated by a unique value for identifier;
That is generated by the function new random_number();
This element of the array $_SESSION[] is used to retrieve in the user db (users database) the entire record for the user;
Relative to the user and specific to that particular session;
And used to instantiate the variable $userRecord for further processing;
For example the final billing or confirmation of payment/dispatch.
Award up to [2 max].
The identifier “id” that is passed in the variable $_REQUEST['id'];
And the specific action that uses the value “removeBasketItem”;
