Shulou(Shulou.com)06/01 Report--

In this issue, the editor will bring you basic knowledge about how to understand Session and Cookie. The article is rich in content and analyzes and narrates it from a professional point of view. I hope you can get something after reading this article.

As one of the well-paid industries recognized in the current market, Web front-end has attracted a lot of people to join the study. However, with the improvement of the skill requirements of job seekers, it is not difficult to find that the interview is becoming more difficult. Many students want to know what the examination questions are often asked by enterprises, and then the editor of the good programmer Web front-end training will briefly share the relevant interview questions of Session and Cookie.

1. Cookie and Session

HTTP protocol is a stateless protocol, that is, every time the server receives a request from the client, it is a brand-new request, and the server does not know the historical request record of the client; the main purpose of Session and Cookie is to make up for the stateless characteristics of HTTP.

2. What is Session

The client requests the server, and the server opens up a piece of memory space for this request, which is the Session object and the storage structure is ConcurrentHashMap. Session makes up for the stateless feature of HTTP, and the server can use Session to store some records of the client's operations during the same session.

3. How does Session determine whether it is the same session?

When the server receives the request for the first time, it opens up a piece of Session space (creates a Session object), generates a sessionId at the same time, and sends a response to the client requesting to set Cookie through the Set-Cookie:JSESSIONID=XXXXXXX command in the response header; after the client receives the response, it sets the Cookie information of a JSESSIONID=XXXXXXX in the local client, and the expiration time of the Cookie is the end of the browser session.

4. What is Cookie?

Cookie in the HTTP protocol includes Web Cookie and browser Cookie, which is a small piece of data sent by the server to the Web browser. The server sends it to the browser's Cookie, which stores it and sends it to the server with the next request. Typically, it is used to determine whether two requests come from the same browser, such as keeping the user logged in.

5. What is Session Cookies

Session Cookies, also known as session Cookies, in Session Cookies, the user's login status is saved in the server's memory. When the user logs in, the Session is securely created by the server. On each request, the server reads the SessionId from the session Cookie, and if the data on the server is the same as the read SessionId, the server sends a response to the browser, allowing the user to log in.

6. What is Json Web Tokens

The abbreviation of Json Web Token is JWT, which can usually be called Json token. It is a form of secure transmission of information as Json objects defined in RFC 7519. The information stored in JWT is digitally signed, so it can be trusted and understood. JWT can be signed using the HMAC algorithm or using RSA/ECDSA 's public / private key.

Using JWT is mainly used for the following two points:

Authentication (Authorization): this is the most common case of using JWT, where once a user logs in, each subsequent request contains a JWT, allowing the user to access routes, services, and resources allowed by the token. Single sign-on is a feature that is widely used in JWT today because of its low overhead.

Information Exchange (Information Exchange): JWT is a way to transmit information securely. JWT is authenticated by signing using the public / private key. In addition, because the signature is calculated using head and payload, you can also verify that the content has been tampered with.

The above is the editor for you to share how to understand the basic knowledge of Session, Cookie, if you happen to have similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.