HTTP protocol with Cookie and Session Study Notes

Others 2020-03-24 14:22:13 views: null

HTTP

HTTP: Hyper Text Transfer Protocol Hypertext Transfer Protocol, defined when the client and server side communication, transmission data format.
Features:

  1. TCP / IP based high-level agreement
  2. The default port number is 80
  3. Based on a request / response model: Response time corresponding to the first request
  4. Stateless: each request is independent of each other, can not interact with the data, does not keep any information about the customer

http1.0 are each request will establish a new connection, now using http1.0 version, it will reuse the connection, that is, the client sends a request to the server connection channel will remain open. In which non-persistent connections and persistent connections

Data format of the request message

  1. The request line: the request method, request url, request protocol / version consisting of
    request method: HTTP protocol has seven kinds of request methods, common are two kinds, one is a GET POST. GET and POST difference:

    GET:

    • Request parameters in the request line, behind the url
    • url requests limited length
    • Unsafe

    POST:

    • Species request parameters in the request body
    • url requests unlimited length
    • Relatively safe

  2. Request header: the client's browser tells the server some of the information in the format requested header name: request header values. There are two common request header

    1. User-Agent: The client tells the server using a browser version information
    2. Referer: url, the current request come from tells the browser

  3. Request blank line: is a blank line, for dividing the request header and request POST request body.

  4. Request body (body): a package POST request parameter request message, for example:

    POST /login.html	HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://localhost/login.html
Connection: keep-alive
Upgrade-Insecure-Requests: 1
			
username=zhangsan

    The first line is the request line, header 2-9 action request, the action request blank line 10, 11 is the body of the request.

The response data format of the message

HTTP/1.1 200 OK
Connection:...
Date:...
Server:...
Last-Modified:...
Content-Length:...
Content-Type:...

(data data data data data ...)

Response message has three parts: the initial state of the line, in response to the first, and in response thereof in response to an empty line. Status line has three fields: Protocol / version, status codes and the corresponding status information. Corresponding response header, Connection: indicates how to handle packets after sending a TCP connection, Date: header represents a response indicating the server generates and transmits the date and time of the response message, Server: indicates the packet is generated by a server what the, last-modified: response line indicates the date and time of object creation or last modified, Content-Length: indicates the number of bytes to be transmitted in the object, Content-Type: indicates what the object body in response Yes. It is the main body part in response to the response message, i.e., it contains the requested object itself.

Common status code that is associated with the phrase:

  • 200 OK: Request successful
  • 301 Moved Permanent: permanent requested object has been transferred, the new URL is defined in the response message Location: in response header
  • 400 Bad Request: a generic error code indicating that the request can not be understood by the server
  • 404 Not Found: The requested document is not on the server
  • 505 HTTP Version Not Supported: The server does not support the HTTP protocol version used in the request message

Cookie technology

HTTP server status information is stateless, that does not retain the user, but a Web site often desirable to be able to identify the user, you have to use cookie technology, cookie technology has four components:

  1. A cookie header line in the HTTP response packets
  2. A cookie header line in the HTTP request packets
  3. In the client system retains a cookie file, the user's browser management
  4. Database Web site located

Cookie so users can track the status of the browser will be recommended to the user based on the user ... but using cookie is a violation of user privacy, you could collect a lot of information on the site, and then sell this information to third parties.

Cookie on realized IDEA

Steps for usage:

  • Create a Cookie object, bind data
    new Cookie(String name,String value)
  • Send Cookie object
    response.addCookie(Cookie cookie)
  • Get Cookie, get the data
    Cookie[] request.getCookies()

The principle: Based on the response, and set-cookie header request header Cookie
Cookie details:

  • Cookie can be sent multiple objects, use multiple calls addCookie response method to send cookie
  • lifetime of the cookie, default browser is closed, Cookie data is destroyed, if you want to achieve persistent storage, it is necessary to use setMaxAge(int seconds)the method, the seconds parameter has three different situations, positive, negative and zero. A positive number indicates the Cookie data is written to the hard disk file storage seconds seconds, the default value is negative, zero means to delete cookie information
  • cookie-sharing:
    • Deployed between multiple web server with a tomcat project, if you want to share cookie between these projects must set a cookie acquisition range setPath(String path), default is not shared, to be shared can be set path to "/"
    • Different tomcat server share: setDomain(Sting path): If you set an identical domain name, the cookie can be shared among multiple servers, as an example of Baidu, Baidu Post Bar of the domain name tieba.baidu.com, the domain name of Baidu news news.baidu.comin which they have a domain name: .baidu.comso they cookie can be shared between the

Technical Session

Like the Cookie session are technical, but Session is a server-side session technology, Cookie is a client session technology, the ability to share data among multiple requests in one session, the data stored in the server-side object (HttpSession) in, session can be stored any type of data of any size.
Get HttpSession object: HttpSession session =request.getSession();
use HttpSession object: getAttribute (String name), setAttribute (String name, Object value), removeAttribute (String name).
Session principle: Session achieved is dependent on the Cookie is completed by the request header with the corresponding head.
Session details:

  • After the client turned off by default, the server does not shut down twice taken different Session
    If you want to get the same, set a survival timesetMaxAge(int seconds)
  • The client does not shut down after the server is down, get the Session is not the same, but to ensure that data is not lost, tomcat automatically at work:
    • session passivation: normal until the server closes the session object serialization on the hard disk
    • session activation: After the server is started, the session file into a session object in memory

Cookie and Session of difference

  1. session data is stored on the server side, cookie client

  2. session no data size limit, cookie data size limit

  3. session data security, cookie relatively unsafe

Guess you like

Origin www.cnblogs.com/cubeblog/p/12558567.html
Recommended
Ranking
go in memory leaks
django learning - Database Configuration - create a model
uni-app uses sqlite database
American technology tycoon exchanged his son's plasma to achieve "eternal youth"?
Development knowledge-mysql master-slave replication
app Login - remain logged && Login
20180413
数学建模学习笔记(三)拟合算法
Linux remote connection ssh prompts IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY to solve
Java Collections Framework source code analysis (5.2 - TreeMap, red-black tree insert)
Daily
More
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)
2024-04-17(31)
2024-04-16(23)
2024-04-15(5)
2024-04-14(0)
2024-04-13(18)
2024-04-12(5)

Code World

© 2018 codetd.com