Article Directory
Both Cookie and Session are mechanisms in the http protocol, and both are session methods used to track the identity of browser users. But they have their own workflows.
Cookie
A cookie is a mechanism for the browser to store data locally.
The workflow of cookies
1. Where does the cookie come from?
The server returns to the browser through the set-cookie field in the response.
2. Where does the cookie go?
When the browser sends an http request to the server again, the request will carry the cookie.
3. What do cookies do?
Before talking about what cookies do, let's first understand http. HTTP is stateless, there is no direct connection between the previous communication and the next communication.
So what if we need information about the previous communication for the next communication? At this time, we need to use cookies to achieve it.
The function of cookie is:
when a user browses a site and registers an account, a cookie file will be generated to record the login information.
A cookie is similar to a hospital's medical card. When you go to the hospital, you swipe the medical card, and the doctor will know who you are and get detailed information about you.
The workflow is roughly as follows :
1. The browser sends an http request to the server, and the browser returns an http response that is a cookie returned to the browser through the set-cookie field.
2. When the browser sends an http request to the server, it will carry the cookie field. The server can identify the user's login identity information with almost the content in the cookie.
Session
Session is a mechanism for the server to distinguish user identities
Above we know that cookies can record user identity information. However, how to identify and store user identity information requires server support. (After all, the cookie is obtained through the server) Session is used to do this.
Session workflow
1. Session will assign a sessionId to the current user, and record some identity information of the user at the same time;
2. The sessionId will be returned to the browser by the server in the cookie
3. When the subsequent browser accesses the server, it will carry the sessionId. The server can identify the current user identity based on the sessionId.
Usually, cookies and sessions work together:
for example, we implement a simple user login: a login page and a home page.
The login page has a username and password and a submit button, clicking submit will send a Post request. After successful login, jump to the home page. The welcome "Username" is displayed.
The overall workflow is as follows:
1. The browser sends an http request to the server to obtain the login page; the browser returns the html of the login page.
2. The browser enters the user name and password on the login page. Click to log in, and a post request will be sent to the server. After the server receives the request again, it will return a set-cookie (which contains the sessionId). The login is successful
3. When the browser visits the homepage, it will bring the cookie field, which contains the sessionId. After the server receives the request, it parses the request, obtains the sessionId in the cookie field, obtains the user's identity information, and returns the corresponding html.
Capture the packet and get:
there is no cookie when you visit the login page for the first time:
when returning the response, return the cookie through the set-cookie field
When visiting the home page:
Return response:
