Shulou(Shulou.com)06/01 Report--

Login and cookie caching

For cookie used to log in, there are two common ways to store login information in cookie: one is signed cookie, and the other is token cookie.

The signed cookie usually stores the user name, possibly the user ID, the last time the user successfully logged in, and any other information that the site finds useful. In addition to the user's information, the signature cookie contains a signature that the server can use to verify that the information sent is intact (such as changing the login user name in cookie to another customer).

Token cookie stores a string of random bytes as tokens in cookie, and the server can find the owner of the token in the database based on the token. The following table shows the advantages and disadvantages of signing cookie and token cookie.

Cookie type advantages and disadvantages signing cookie all the information needed to verify the cookie is stored in the cookie. Cookie can contain additional information (additional information), and signing that information is easy and difficult to handle correctly. It is easy to forget to sign the data, or to verify the signature of the data, resulting in a security breach token cookie adding information is very easy. The size of cookie is very small, so mobile and slower clients can send requests faster and need to store more information on the server. If you are using a relational database, it may be more expensive to load and store cookie

Here is an example written in java

Import java.util.ArrayList;import java.util.Set;import redis.clients.jedis.Jedis;public class Login {public String checkToken (Jedis conn,String token) {return conn.hget ("login:", token);} public void updateToken (Jedis conn,String token,String user,String item) {long time=System.currentTimeMillis () / 1000; conn.hset ("login:", token, user); / / maintain conn.zadd ("recent:", time, token) between tokens and users / / save the last occurrence time of the token if ("viewd:" + token, time, item) {conn.zadd ("viewd:" + token, time, item); / / set the trade name conn.zremrangeByRank ("viewd:" + token, 0,-26) accessed by the user in this timestamp according to this token; / / remove the user record and keep only 25 items that the user has browsed. Conn.zincrby ("viewd:",-1, item);} public class CleanSessionsThread extends Thread {private Jedis conn; private int limit; private boolean quit; public CleanSessionsThread (int limit) {/ / TODO Auto-generated constructor stub this.conn=new Jedis ("localhost"); conn.select (15); this.limit=limit;} public void quit () {quit=true } @ Override public void run () {/ / TODO Auto-generated method stub while (! quit) {long size=conn.zcard ("recent:"); / / determine the number of online users based on login time if (size)

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.