Cookie, session silly and unclear?
After so many years of testing, I still can't tell what is a cookie and what is a session? Very normal, many junior development engineers may not be able to figure out what a session is, and cookies will be relatively simple.
The following article hopes to help you clearly distinguish the difference between these two technologies and their corresponding use scenarios.
A) Features of .cookie:
- Cookie is a client-side caching technology
- Cookie data is generated by the server and sent to the browser to save
- Cookie data format: key-value pair
- Cookie data expiration mechanism: set expire value
Cookie is a client technology, which is generally generated by the server and returned to the browser client to save, and the cookie is saved in the browser client in the form of key-value pairs. Each cookie will have a name, value, and expiration time. .... There are many use cases for cookies, and the more common ones in the project are:
1. Log in to remember username
2. Record user browsing history
...
The most familiar thing in the above application is to remember the user name. Taking the login function of the Jingdong website as an example, when we log in to Jingdong once and then log in to the login page later, we will find that it will help you before filling in User name, this scenario is achieved through cookie technology.
1. Open the Firefox browser, visit the Jingdong login page, enter the login account, password to complete the login:
2. Log out from the home page:
3. Log in again on the login page and find that the user name input box has backfilled the previous mobile phone number:
4. F12 Open the Firefox browser and find the cookie that saves the mobile phone number: "mp", the value is the user name information we filled in:
Summary: This implementation process: the login is successful, write the mobile phone number to the cookie ---> back to the login page and log in again, take the value of the mobile phone number according to the name of the mp cookie and fill it back into the user name input box (take the value according to the key )
Expansion: Cookies have an expiration mechanism, you can control when the cookie expires by setting the cookie expiration time
The expiration time of this mp is one month, so as long as you don't clear the cookie data on the browser side within this month, then use the Firefox browser to access the login page of Jingdong can see the effect of mobile phone number backfill.
================================================== ============ Split line ==================================== ==========================================
二).session
Features of session:
- session is a server-side session caching technology.
- The session is created by the web container on the server side and stored on the server side.
- Session save data: key-value pair form
- Session expired: 30 minutes by default
Session is a session technology on the server side. When a user logs in to the system, a web container on the server side creates a session. In this session, information about the logged-in user can be saved, and it is also saved in the form of key-value pairs. It uses session technology to do authentication (authorization), that is, users can access some pages and data in the system only after logging in.
Take the following system as an example:
Direct access to the home page index.html of the system lmcanon cannot be accessed successfully, and it will be redirected to the login page login.html, because this system does user authentication, and users without login cannot access the data in the system.
as follows:
2. Now log in to the system:
When you open F12, you can see that there is a "set-cookie" header in the response header of the login login interface, which contains the message "JSESSIONID = 8AC39619BB5BEC4426CF999A92E74337" Among the cookies, the cookie name is: "JSESSIONID" and the value is: " 8AC39619BB5BEC4426CF999A92E74337". The session number is returned by the server. This session on the server side saves the information of the logged-in user.
After being cached as a cookie, you can see this data in the browser's cookie, as shown below:
After logging in, there is no problem to access any page in the system, because every subsequent request will bring the value of "JSESSIONID" in the cookie in the browser past, as shown in the figure below, access the menu of "weekly schedule" When requesting this page and any interface request of the page, the session id " 8AC39619BB5BEC4426CF999A92E74337" will be included in the request header and then submitted to the server, as shown in the following request:
When the server receives this request, the session id in the "Cookie" request header matches the server and determines that it is the same session session, and the session has information of the logged-in user, thus judging that the request was issued by a logged-in user, thus allowing the request to be released .
The above process can be represented by the following picture:
Extension 1: session expiration processing.
When the session on the server side expires, when you continue to initiate the request, because the session number you brought from the client is the same as the previous one, it will fail the verification and you will be prompted to log in again if the session expires.
Extension 2: token mechanism
An example of an app project:
General app projects are authenticated based on a token.
Because the client is not a browser at this time, there is no such thing as a cookie.
When the user logs in to the app, the server will respond with a token message (usually a string of unique identifiers returned, such as uuid or other).
The server will store a mapping relationship between the logged-in user and the token, which is generally stored in redis or a table. The token returned by the server will be cached in
the local cache of the mobile phone, and then the mobile phone will access other pages of the app Take this token to the server for verification. If you can find the login user information from redis through this token,
then you are considered to be a logged-in user.
Token invalidation: After
a period of time, the server-side token becomes invalid, then the mapping relationship between this token and the user will be deleted from redis, then when you come back later, the token brought by your mobile request
will not match the login User, the server tells the client that you need to log in again,
About cookie, session, token sharing is here, I hope these can help everyone. There are incorrect places, welcome to correct me in the message area. Feel good, don't forget to like it.
From: https://blog.csdn.net/qq_33616529/article/details/78288883
After so many years of testing, I still can't tell what is a cookie and what is a session? Very normal, many junior development engineers may not be able to figure out what a session is, and cookies will be relatively simple.
The following article hopes to help you clearly distinguish the difference between these two technologies and their corresponding use scenarios.
A) Features of .cookie:
- Cookie is a client-side caching technology
- Cookie data is generated by the server and sent to the browser to save
- Cookie data format: key-value pair
- Cookie data expiration mechanism: set expire value
Cookie is a client technology, which is generally generated by the server and returned to the browser client to save, and the cookie is saved in the browser client in the form of key-value pairs. Each cookie will have a name, value, and expiration time. .... There are many use cases for cookies, and the more common ones in the project are:
1. Log in to remember username
2. Record user browsing history
...
The most familiar thing in the above application is to remember the user name. Taking the login function of the Jingdong website as an example, when we log in to Jingdong once and then log in to the login page later, we will find that it will help you before filling in User name, this scenario is achieved through cookie technology.
1. Open the Firefox browser, visit the Jingdong login page, enter the login account, password to complete the login:
2. Log out from the home page:
3. Log in again on the login page and find that the user name input box has backfilled the previous mobile phone number:
4. F12 Open the Firefox browser and find the cookie that saves the mobile phone number: "mp", the value is the user name information we filled in:
Summary: This implementation process: the login is successful, write the mobile phone number to the cookie ---> back to the login page and log in again, take the value of the mobile phone number according to the name of the mp cookie and fill it back into the user name input box (take the value according to the key )
Expansion: Cookies have an expiration mechanism, you can control when the cookie expires by setting the cookie expiration time
The expiration time of this mp is one month, so as long as you don't clear the cookie data on the browser side within this month, then use the Firefox browser to access the login page of Jingdong can see the effect of mobile phone number backfill.
================================================== ============ Split line ==================================== ==========================================
二).session
Features of session:
- session is a server-side session caching technology.
- The session is created by the web container on the server side and stored on the server side.
- Session save data: key-value pair form
- Session expired: 30 minutes by default
Session is a session technology on the server side. When a user logs in to the system, a web container on the server side creates a session. In this session, information about the logged-in user can be saved, and it is also saved in the form of key-value pairs. It uses session technology to do authentication (authorization), that is, users can access some pages and data in the system only after logging in.
Take the following system as an example:
Direct access to the home page index.html of the system lmcanon cannot be accessed successfully, and it will be redirected to the login page login.html, because this system does user authentication, and users without login cannot access the data in the system.
as follows:
2. Now log in to the system:
When you open F12, you can see that there is a "set-cookie" header in the response header of the login login interface, which contains the message "JSESSIONID = 8AC39619BB5BEC4426CF999A92E74337" Among the cookies, the cookie name is: "JSESSIONID" and the value is: " 8AC39619BB5BEC4426CF999A92E74337". The session number is returned by the server. This session on the server side saves the information of the logged-in user.
After being cached as a cookie, you can see this data in the browser's cookie, as shown below:
After logging in, there is no problem to access any page in the system, because every subsequent request will bring the value of "JSESSIONID" in the cookie in the browser past, as shown in the figure below, access the menu of "weekly schedule" When requesting this page and any interface request of the page, the session id " 8AC39619BB5BEC4426CF999A92E74337" will be included in the request header and then submitted to the server, as shown in the following request:
When the server receives this request, the session id in the "Cookie" request header matches the server and determines that it is the same session session, and the session has information of the logged-in user, thus judging that the request was issued by a logged-in user, thus allowing the request to be released .
The above process can be represented by the following picture:
Extension 1: session expiration processing.
When the session on the server side expires, when you continue to initiate the request, because the session number you brought from the client is the same as the previous one, it will fail the verification and you will be prompted to log in again if the session expires.
Extension 2: token mechanism
An example of an app project:
General app projects are authenticated based on a token.
Because the client is not a browser at this time, there is no such thing as a cookie.
When the user logs in to the app, the server will respond with a token message (usually a string of unique identifiers returned, such as uuid or other).
The server will store a mapping relationship between the logged-in user and the token, which is generally stored in redis or a table. The token returned by the server will be cached in
the local cache of the mobile phone, and then the mobile phone will access other pages of the app Take this token to the server for verification. If you can find the login user information from redis through this token,
then you are considered to be a logged-in user.
Token invalidation: After
a period of time, the server-side token becomes invalid, then the mapping relationship between this token and the user will be deleted from redis, then when you come back later, the token brought by your mobile request
will not match the login User, the server tells the client that you need to log in again,
About cookie, session, token sharing is here, I hope these can help everyone. There are incorrect places, welcome to correct me in the message area. Feel good, don't forget to like it.
From: https://blog.csdn.net/qq_33616529/article/details/78288883