Anyone who does JavaWeb knows that the bottom layer of the session is implemented by using cookies. The server side will save the session information in the local file and send the sessionID to the client ( browser ), and the browser will send the sessionID ( more accurate name ). Called JSESSIONID ) is stored in the client-side cookie, but note that the client-side cookie lives in memory, not persistent on the hard disk, and its life cycle will expire after the browser is closed. Every time the browser accesses the application of our server, it will send this sessionID in the request, and the server can know which user is currently based on this sessionID. Therefore, we all say that the session is basically invalid after the browser disables cookies. Although it can be solved by appending the sessionID to the URL, the impact of disabling is still not small.
I record here how to disable cookies in Chrome, Firefox, and 360 browsers:
Chrome (version: 63)
In Advanced -> Privacy Settings and Security
Click on Content Settings
Uncheck this option below
There is no option to block third-party cookies. If you only choose to block third-party cookies, it is not to disable all cookies, but to prevent cookies from being saved on the hard disk (setting a lifetime for cookies), and will not block cookies stored in memory. The session can still be used.
Firefox (version: 59)
Privacy & Security -> History
Change logging history to use custom settings
The difference and function of accepting cookies from websites and accepting third-party cookies here are the same as Chrome
360 Browser (Version: 9.1)
Advanced Settings -> Webpage Settings
Click into the web content advanced settings, there is also an option to disable cookies and block third-party cookies, the same as Chrome
