Article directory
[Difference 1] The difference between GET and POST
In the process of learning JavaWeb-HTTP requests, I often encounter a problem like this: Do you know the difference between a get request and a post request?
Ever since, I have been thinking hard to find a solution. After I have written countless GET and POST requests and searched countless CSDN articles, the answer seems obvious:
- Request form:
- The GET request is to put the requested data in the request line, and the transmitted parameter information will be echoed in the access address bar;
- The request parameters of the POST request are generally in the request body, and no parameters will be added in the browser address bar. When it is necessary to send some more private information, it is best to use the POST request.
- Transfer data limit:
- In fact, GET requests can only send ordinary strings, the browser will limit the length of the url, and the submitted data is generally limited to within 2K;
- POST requests can send any type of data, theoretically there is no length limit, but the server will limit the size of the submitted data.
- safety:
- The security of GET requests and POST requests is relative.
- When you send any GET request, the result of the final response will be cached by the browser, and the transmitted data parameters will be echoed in the address bar, which can be viewed by everyone, which is why the security of GET requests is low;
- Although this situation does not occur with POST requests, think carefully about the server enabling the interception function. Generally, it intercepts the data submitted by the POST request, and the data submitted by the POST request to the server may also change the data of the server. Then its Security is also relative.
- Encoding:
- GET requests can only be url encoded;
- POST supports multiple encoding methods.
Putting aside the appearance and looking at the essence, after tracing the source, I thought I had realized it, and I accidentally saw an article telling me that there is actually no difference between GET and POST in essence.
The following is just my personal understanding after reading that article:
It means -
GET/POST are two ways to send requests in the HTTP protocol, and HTTP is a protocol based on TCP/IP on how data communicates in the World Wide Web. So based on this, the underlying layers of GET and POST are also implemented based on TCP/IP. In theory, GET and POST can do the same thing. We can break the "difference" between the two by adding a request body to GET and a url parameter to POST.
To be honest, after understanding the difference between the two, I also thought about this question. Logically speaking, this is completely feasible technically. But it would be naive if that were the case!
(Because there are too many text descriptions, copying and pasting is not very good, I will directly send screenshots)
After I read this article several times, it is not so much to let readers know that there is no difference between GET and POST in essence, it is better to say that Let readers understand why there are so many "differences" between GET and POST.
Then I learned another point -
another "significant difference" between GET and POST:
GET generates one TCP packet; POST generates two TCP packets.
That is: when sending a GET request, the browser will send the request header and data to the server together. During this process, the GET request only generates a TCP packet; when sending a POST request, the browser sends the request header first, and the server responds After 100, the browser sends data again, and the POST request generates two TCP data packets in total.
The difference between the two basic request methods of GET and POST
[Difference 2] The difference between Cookie and Session
The difference between the two should be something you have experienced in knocking out small cases or watching document videos.
Without further ado, let's get straight to work!
Let's first talk about what they are for. In official terms, both cookies and sessions are used to track the identity of browser users.
So how to understand it specifically? Let’s take an example that can be seen just by searching for Cookie and Session—the common one is website login, which generally only needs to be logged in once. Within a certain period of time, we don’t need to log in again when we enter this website again. The realization of this function It is to store your information through session technology, and every time you enter the website within the set lifetime, you will get the stored user information.
Now that the function is finished, let’s talk about the difference——
- How to create:
- Cookie is a client session technology, and its data is saved on the client;
- Session is a server-side session technology, and its data is saved on the server side.
- storage type:
- Cookies can only store objects of type String;
- Session can store any java object.
- life cycle:
- Both Cookie and Session have a validity period, that is, a time limit for survival;
- By default, cookies are stored in the browser's memory. When the browser is closed and the memory is released, the cookie will be destroyed; the cookie can set the valid time through setMaxAge (within this valid time range, even if the browser is closed, it still exists);
- Session depends on the settings of the server. If the client does not send a request to the server for a long time, the Session object will disappear automatically. This time depends on the server (Tomcat server defaults to 30 minutes), which can be provided by the method provided by the Session object. Or manually configure the session expiration time in the web.xml file.
- Storage data limit:
- The amount of data stored in cookies is very limited. Most browsers support a maximum capacity of 4K, which cannot store complex requirements;
Session has no data size limit.
- Advantages and disadvantages:
- Cookies: Not all browsers support cookies, and the data information is saved in the client computer in the form of plain text. Others can analyze the cookies stored locally and cheat them, so it is best not to save sensitive, unencrypted Otherwise, it will affect the security of the website, so Session should be used for security reasons;
- Session: Session will be saved on the server for a certain period of time. When the Session times out or is closed, the saved data information will be released automatically. Since it is still kept in memory for a period of time after the user stops using the application, the Session object is used to save The method for user data is very inefficient. When the number of visits increases, more server resources will be occupied, so cookies should be used for performance considerations.
- Applicable scene:
- Cookie: shopping cart, login remember me function, etc.;
- Session: login verification information, customer's private information, etc.
Please correct me if I am wrong.
