Shulou(Shulou.com)06/01 Report--

This article mainly shows you the "example analysis of login verification and exit based on cookie", which is easy to understand and well-organized. I hope it can help you solve your doubts. Let me lead you to study and study the "example analysis of login verification and exit based on cookie".

There is a question in the message:

It's a question about cookie login and exit. The original text of the question is: how to exit and login, the page jumps to the landing page, and after the front-end login, the back-end return field can be set to cookie to achieve identity authentication, but this cookies should be set up the httponly field, does not allow the front-end js operation, then click on the exit button what should be done

First of all, to solve such a question, whether or not cookie has set the httponly property, login or exit when the cookie should not be operated by js. The specific reasons will be said later.

After the website sends the login request, set the cookie through Set-Cookie in the response header. After receiving the response, the browser will store the cookie information in the Set-Cookie to the browser, as shown below:

At this point, check the browser's application as shown below:

This is the case of landing, what about exit? At this time, some friends think that click the exit button, or exit operation, directly call js to delete cookie on it, the general project is not such an operation, delete cookie is also achieved through the backend. Since the backend can set cookie through Set-Cookie, it should also be able to delete cookie through Set-Cookie, so there is an exit interface api in the general project interface document.

When the current side sends a request to this exit api, the Set-Cookie in the response header generally sets the expires property of the cookie (PHPSESSID) set when logging in to an expiration time. In this way, the browser deletes the PHPSESSID when parsing the Set-Cookie.

When sending a message to the exit interface, see what network will respond to, as shown in the figure:

Let's take a look at the appliaction display:

Then why can't you use the front-end js to delete the cookie? here is the session information. When you log in to the website, the back-end server will return a cookie to the front-end and store a cookie in the back-end database. The two cookie are the same. After each exit, the two cookie should be deleted. This requires the front-end to send a request to the back-end to delete the cookie, and the server will delete the cookie after receiving the request. And set the following information in the response header.

Set-Cookie:PHPSESSID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/

The browser receives the above information, determines that the cookie expires (expired in 1970) based on the expires field information, and deletes the cookie. So both cookie are deleted.

If you only use the front-end js to manually remove the cookie, the back-end still saves the cookie, resulting in a waste of resources, of course, there are some other disadvantages, which will not be discussed here.

The above is all the contents of this article "sample Analysis of login verification and exit based on cookie". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.