Advantages of cookies: good compatibility
Disadvantages of cookies: ①Increased network traffic, ②Limited data capacity, can store up to 4kb of data, different browsers, ③Insecure.
A cookie is a small piece of textual information that is passed between a web server and a browser with a user request. It is stored on the visitor's computer and is sent every time the same computer requests a page through the browser. It is a mechanism provided by the browser to provide the cookie property of the document object to js, and js can be used to create and retrieve the value of the cookie, so we can access it through document.cookie. A cookie is a file stored on a user's hard disk, which usually corresponds to a domain name, that is, a cookie can span multiple web pages under one domain name, but cannot be used across multiple domain names.
The fundamental purpose of cookies: cookies store information on the user's hard drive, so they can be used as global variables. This is the biggest advantage of cookies. The most fundamental purpose is to help web sites save information about visitors.
For example: ①Save user login information;
②Create shopping cart (Shopping websites usually save the selected items in cookies, which can synchronize data between different pages, and at the same time, these cookies will be sent to the background when the order is submitted. );
③ Track user behavior (for example, Baidu Alliance will record user preference information through cookies, and then recommend personalized promotion information to users, so when browsing other web pages, you will often find that the small advertisements next to you are all you have recently searched on Baidu. thing, this can be disabled, which is also one of the disadvantages of cookies)
Format and common attributes of cookies: String rules: ① Each cookie is in the form of a name/value pair, that is, name = value; ② Both the name and value must be URL-encoded; ③ Two pairs of cookies are separated by a semicolon separated by spaces. domain, path, expires/max-age, size, http. Secure, etc. are all attributes of cookies.
The two attributes domain and path together determine which pages the cookie can be shared with. The domain parameter is used to control which domain the cookie is valid for. The default is the domain where the cookie is set. This value can contain subdomains or not. path is used to control the path of the specified domain sent by the cookie. The default value is "1", which means that all paths under the specified domain can be accessed. It is based on the domain name and specifies the accessible path. For example: the cookie is set as:
"domain = .google.com.hk; path = /webhp"
Then only ".google.com.hk/webhp" and any subdirectory under "/webhp" (eg "/webhp/aaa") will send cookie information, but ".google.com.hk" will not sent even if they are from the same domain.
expires/max-age expiration time, expires/max-age is used to determine the life cycle of the cookie, that is, when the cookie will be deleted, expires represents the expiration time, to be precise, the time, max-age represents It is the effective time period, in seconds. If max-age is a positive value, it means that the cookie will expire after max-age seconds. For example, if max-age = 10800, that is, the effective time is three hours, then the cookie will be invalid in It expires after three hours. If max-age is negative, the cookie expires after the browser session ends.
secure is empty by default, and the secure option is not specified, that is, a cookie will be sent whether it is an http request or an https request. secure is the security flag of the cookie and is the only part of the cookie that is not a key-value pair. Only sent to the server when using ssl connections (such as HTTPS requests or other secure protocol requests).
httponly (ie http) is used to restrict the access of client scripts to cookies. Setting cookies to httponly can reduce the harm of xss (cross-site scripting) attacks, prevent cookies from being stolen, and enhance the security of cookies.