Shulou(Shulou.com)06/02 Report--

Today, I will talk to you about how to analyze Cookie and Session. Many people may not know much about it. In order to make you understand better, the editor has summarized the following for you. I hope you can get something according to this article.

1.Cookie concept

When a user visits a website that supports Cookie for the first time using a browser, the user provides personal information, including the user name, and sends it to the server

Then, after the server receives the http request from the client, it sends a http response to the client, including the Set-Cookie header. Since then, when the client sends the request to the server, it will send the corresponding Cookie back to the server. After receiving the request from the client browser, the server can get the client-specific information by analyzing the Cookie stored in the request header. Thus the content corresponding to the client is generated dynamically.

The Cookie header contained in the client's second request provides the server with information that can be used to uniquely identify the client. At this point, the server can determine whether the client has enabled cookies.

The Cookie header contained in the client's second request provides the server with information that can be used to uniquely identify the client. At this point, the server can determine whether the client has enabled cookies and view the Cookie information in the browser.

two。 Why use Cookie

Web applications use the HTTP protocol to transmit data, but HTTP is a stateless protocol, that is, once the data exchange is completed, the connection between the client and the server will be closed, and a new connection needs to be established to exchange data again.

This means that the server cannot track the session from the connection. If you want to track the session, you must introduce a mechanism. Cookie is such a mechanism, which can make up for the stateless deficiency of HTTP protocol. Before the advent of Session, almost all websites used Cookie to track sessions.

3.Cookie management mechanism

Cookie can not cross domain names. According to the Cookie specification, browsers will only carry the Cookie of this domain name when they access a domain name, but not the Cookie of other domain names.

Cookie is managed by browsers on the client side. Browsers can ensure that domain names are not cross-domain, thus ensuring the privacy and security of users. Browsers judge whether one website can operate another website Cookie on the basis of domain name.

Let the browser disable Cookie so that you need to log in again when you visit the logged-in web page again.

Introduction to the properties of 4.Cookie

Name: name. Once a Cookie is created, the name cannot be changed.

Value: value. If the value is a Unicode character, character encoding is required.

The time of maxAge:Cookie invalidation (in seconds). The default is-1. If positive, the Cookie expires after more than maxAge seconds. If it is negative, Cookie is a temporary Cookie, closing the browser is invalid, and the browser does not save the Cookie in any form. If 0, the Cookie is deleted.

Whether secure:Cookie is only transmitted using security protocols (HTTPS,SSL, etc.)

The usage path of path:Cookie. If set to "/ sessionWeb/", only programs with contextPath of "/ sessionWeb" can access the Cookie. If set to "/", the Cookie can be accessed by contextPath under this domain name. Note that the last character must be "/"

String domain: the domain name that can access the Cookie. If set to ".9xkd.com", all domain names ending with "9xkd.com" can access the Cookie. Note that the first character must be "."

5.Session concept

Session is a mechanism used by the server to record the status of the client, which is easier to use than Cookie, and accordingly increases the storage pressure on the server.

Session technology is the server-side solution, it maintains the state through the server, we usually translate the Session into a session, so we can call a series of interactive actions between the client browser and the server a Session.

6. Use Session

The first step is to create a Session,Session when the server-side program is running. Applications implemented in different languages have different ways to create a Session. When the Session is created, the server will generate a unique Session id for the Session, and this Session id will be used in subsequent requests to retrieve the created Session.

Then you can call the Session-related methods to add content to the Session, which will only be saved in the server and sent to the client only by Session id

When the client sends the request again, it will bring the Session id. After receiving the request, the server will find the corresponding Session according to the Session id and use it again, so that the user's state can be maintained.

The difference between 7.Cookie and Session

Cookie data is stored on the client's browser, and session data is stored on the server

Cookie does not have Session security. Others can analyze the Cookie stored locally and cheat on Cookie. For security, session should be used.

Session will be saved on the server for a certain period of time. When the number of visits increases, it will occupy the performance of the server. In order to reduce the performance of the server, Cookie should be used.

The implementation of the server-side session is dependent on the client-side cookie, and the sessionid is written in cookie.

After reading the above, do you have any further understanding of how to parse Cookie and Session? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.