1: The first point you want to know the same technology must understand its philosophy, that is, what is the point of this technology is its existence in order to solve the problem and what is born?
Because HTTP is connectionless, when the request ends the connection is interrupted it will cause problems of identification.
Thus was born the cookie even in localStorage before the appearance of the browser functions are relying on cookie storage to complete
But it's simple in principle to the explosion, saying that when the browser accesses the server, the server sends a cookie to the browser
Can be understood as an identifier, the next time the browser again carries the identifier (cookie) in the uplink packet when the server sends a request
Server identification can be made based on the identifier when the server kookie provided in the downlink packet duration
Then the browser to access the server within a certain period of time will carry this cookie, kookie purported cookies, crackers do foreigners like to take a keepsake
So kookie is a keepsake browser to communicate with the server, if it is possible that the Chinese invented jargon, this foundation is to establish a connection HTTP None
2: So what is the session it was said the session is very abstract and difficult to understand in fact session cookie contrast better understanding easier
cookie required server in the downlink packet is set, then the session completely without, depends on the session cookie is a cookie may even
Just do a simple upgrade, there is a unique concept proxy
That is when the first browser sends a request to the server, the server does not recognize the browser because the browser did not carry the uplink packet token cookie
This time you have to set up the server, the browser returns a token to the next browser cookie does not come to know?
But the problem is that some people think that token cookie set multifarious server, but too simple, so the session appeared
The server can enable or disable each session, for example under the language is not the same.
If you set up the server open session then the time server generates a random string of gibberish according to hash algorithm into memory
At the same time these bunch of gibberish downlink packet sent to the browser, all this is transparent, that is, do not you set up a programmer, I did the server automatically
Or that's going on the server to the browser a keepsake, he took the string of gibberish to compare with the server memory garbled next browser
Just as the words of black, right on the OK, in fact, you are not your servers that control them, just for the slogan.
For example, I landed blog garden, garden blog server sent me a bunch of gibberish, this time you will be able to hold this string of gibberish landing my background.
Meanwhile server based on this string of gibberish to hash structure cache some of the information, as long as the browser to access the server, then right on the black
Then you can read the information in memory.
node.js in open session, then the server will send a browser to access every server a cookie to the browser as a keepsake, garbled
var express = require("express"); var formidable = require("formidable"); var session = require('express-session') var app = express(); app.set("view engine", "ejs"); // 开启唯一代理session app.set('trust proxy', 1); app.use(session({ secret: 'lalala', saveUninitialized: true, cookie: { maxAge: 86400 } })); //首页 app.get("/", function(req,RES) { presentation template// res.render("shouye"); }); app.post("/login", function(req, res) { }); app.listen(3000);
We can do some operations based on characteristics of the session cache
var Express = the require ( "Express" ); var formidable = the require ( "formidable" ); var the session = the require ( 'the session-Express' ) var App = Express (); app.set ( "View Engine", "EJS" ); app.set ( 'Trust Proxy',. 1 ); app.use (the session ({ Secret: 'lalala' , saveUninitialized: to true , Cookie: {the maxAge: 86400 } })); // Home app.get ( " / ", function (REQ, RES) { // presentation template, the logon information is also to bring: res.render("shouye" , { login : req.session.login , yonghuming : req.session.name , anlian : req.session.love }); }); //登录 app.post("/login" , function(req,res){ var form = new formidable.IncomingForm(); form.parse(req , function(err , fields){ req.session.login = true; req.session.name = fields.name; req.session.love = fields.love; res.redirect("/"); }); }); app.listen(3000);