[JavaWeb] Usage scenarios of Cookie and Session

Language 2023-08-15 18:03:21 views: null

1. Introduction to Cookies

Cookie - a persistent storage mechanism provided by the browser.

Why do browsers need to provide users with persistent storage like cookies? Isn’t it good to store them directly on the hard disk? In other words, what exactly is the cookie mechanism? ? ?

In order to prevent users from visiting malicious websites in early browsers, the malicious code inside the website may affect the resources on the user's device, such as: implanting viruses, crawling user resources, deleting user resources... These situations can be solved through website code To operate the device, imagine that the website can upload files, pictures and other resources. This is our active behavior, but some behaviors can be automatically executed by code. Browser - By default, websites are not allowed to access resources on the user's device casually

In view of the above situation, the website needs the browser to be able to store some key information for the interaction between the client and the server to improve user experience. The main data stored in the cookie is the user's account number and password. When the user logs in to the website, the website server will first verify the account. After the verification is correct, the account information will be written back to the browser, and the browser will store the account information In the cookie, when the user clicks some operations on the webpage to send a request to the server of the website, the browser will also write the user information in the cookie into the request, for example: Zhang San, the entire user logs in to Baidu's website, we generally It is a tourist mode. After logging in, I search for "beauty" with Baidu search engine. At this time, the server can judge which user is currently operating the page based on the information in the cookie——Zhang San, that IP address, what? Device, what browser, what search engine, searched for beautiful women. Don’t just use the web to browse anything, because the server knows everything and is very detailed~

A cookie is a "small file" used to store user-related information (generally speaking, the size of each cookie is limited to within 4KB), which is usually sent by the server to the client's web browser, and then stored locally by the browser on the computer. When a user visits the same website, the browser will pass the cookie related to the website to the server, so that the server can read and use the data in it—the cookie stores data in the form of key-value pairs.

The browser will allocate a space on the hard disk for each domain name (IP address mapping such as: www.baidu.com), this space is Cookie.

Summarize:

1. What is a cookie?

The persistent storage mechanism provided by the browser prevents malicious website codes from affecting user device resources, and does not allow web pages to access user resources casually. Sometimes it is hoped that the browser can persistently store some key information for interaction with the server , the most common is to store user account information, all browsers will divide a space on the hard disk for each domain name, this space is Cookie

2. Where does the data in the cookie come from?

The data in the cookie is returned from the server to the browser. In the server code, the programmer decides what information to save to the client side, and writes the key-value pair back through the Set-Cookie field of the HTTP response.

3. Where does the data in the cookie go?

The cookie data will be sent to the server in the Cookie field in the header of the request when the subsequent browser accesses the server.

4. What are cookies used for?

1. It is convenient for the client to interact with the server

2. The server can use the information in the cookie to determine who the current client is, Zhang San or Li Si, and what they have done.

5. Where are cookies stored?

Stored on the host where the browser (client) is located, the browser will store them separately according to the domain name~~

2. Introduction to Session

In the computer field, a session (Session) refers to an established interactive session. It usually refers to a network connection established between a client and a server to communicate over the network, perform specific operations, and exchange data.

In web development, Session ( the structure of key-value pairs, Map ) usually refers to a set of data stored in server-side memory . When the user interacts with the server, the server identifies the user through the Session and stores data related to the user . Session can be used to share data between multiple requests so that data can be persisted across multiple pages during a user's browsing session. Some common data can be saved in Session, such as user authentication information. Since the Session is stored in the server-side memory, the session data can be persisted, even if the user closes the browser, the data will not be lost until the Session times out or is manually deleted.

Session also refers to a mechanism that can persist user data across multiple pages or requests . Normally, a session is automatically created when the user visits a website for the first time, and automatically expires after the user leaves the website or times out (creation and destruction are designed by the programmer, of course, the Session is also a mechanism that runs in memory, and the server restarts the data in the Session is gone). By using sessions, web applications can easily track user status and maintain continuity of user information as the user navigates through different pages of the website.

For example: go to the hospital to see a doctor

1. The first step is to go to the hospital, select the designated department to register, and the hospital will give you a medical card (now the ID card can play this role). The medical card contains some personal information: ID card information, phone number, address... …

2. After the registration is completed, you can go to see a doctor with your medical card. When it is your turn, the doctor will swipe your medical card, and your basic information will be displayed on the doctor’s computer interface. There is a column, past case history , is empty, because you came to this hospital for the first time, and the hospital did not record your information, so at this time the doctor asked you what is wrong with you, and whether you have been treated in other hospitals, and the doctor gave you a meal on the computer according to your description Crazy knocking, finally let you go to the laboratory for a test. When you arrive at the laboratory, the doctor will do an examination for you. You go to the doctor to continue the diagnosis. At this time, the doctor does not need your result report. Just swipe your medical card, and the test result you just showed is displayed. The reason is that the doctor has stored all your data in the In the hospital's database, the medical card is the search condition.

In the above example, the medical card can be regarded as a cookie, a mechanism for persistent data storage provided by the hospital to the user, which stores relevant information of the user. When the doctor uses the medical card for the first time, a set of Session sessions will be provided to the new user. The session is The structure of a set of key-value pairs - Map, key-value model

For the above cases, the medical card can be regarded as a cookie, which stores the basic information of the user. Although some information can be stored on the medical card, the saved data is limited after all. The real storage of user information is in the server of the hospital (relying on the In the database), and the medical card only needs to store an identity (such as ID card number), and this identity is used as the key of the Session, and other more user information is used as the value value, which is a Map structure.

It is reliable to store user data on the server of the hospital. Even if the user loses the medical card, he can reissue a medical card according to the identity (ID card), and this identity exists as the Key value of the Session (session). Therefore, as long as there is an ID, all the user's information can be quickly obtained on the hospital server (provided that the code is written in this way, and the data stored in the session is designed by the programmer).

The server of the hospital manages many sessions (sessions), and each session stores the key information of the user, (basic information, examinations to be done, past medical history, consumption records...), each session has a key value —— SessionId, the SessionId is stored in the cookie, and every time the card is swiped (request), the SessionId in the Cookie (medical card) is used as the key in the Session (session) to match and obtain the value of the Session.

3. The association and difference between Cookie and Session

Association:

In the login function of the website, it needs to be used together. Cookie stores the user's account information as the key (key). Session is a map key-value pair structure, which will be used as the key value according to the account information of the cookie. More user-related The information is stored as value. Every time the browser sends a request to the server, it will attach the data in the cookie. After receiving the request, the server can obtain the value in the Session session according to the key in the cookie. The value means more Personal User Information. So we say that Session is a mechanism for storing information across pages under the same website, which is equivalent to a global variable of a website, and the trigger condition is the SessionId (user identity/account information) in the cookie.

the difference:

1. Different storage data

Cookie is the storage mechanism of the client. It stores data in the form of key-value pairs. It not only stores user account information but also stores other information, such as: user preferences, more beautiful women, big data~

Session is the storage mechanism of the server, which stores data (Map) in the form of key-value pairs, and is specially used to store user identity information and related information.

2. Different usage scenarios

Cookies can be used alone in non-login interface scenarios without the need for sessions (sessions). The specific codes are designed and implemented by programmers. Cookies not only store user account information (identity identification).

Session can also be used without cookies. For example, when a mobile app logs in to the server, there is no concept of cookies at this time, because cookies are a set of persistent storage mechanisms provided by the browser.

3. Differences in attribution

Cookie is part of the HTTP protocol (a key-value pair in the header of the HTTP protocol, see the request picture above for details), Session has nothing to do with the HTTP protocol, but is related to the "application", for example: Tomcat is a Java code The implemented HTTP server provides Servlet API for programmers to better control the HTTP protocol. The HttpSession class can manage the Session session. This class has nothing to do with the protocol itself and is related to Tomcat.

See the flowers in spring, admire the moon in autumn, enjoy the cool wind in summer and listen to the snow in winter

Guess you like

Origin blog.csdn.net/zzbzxzzdf/article/details/131360939
Recommended
LFOSSA Yuanlaisusu Open Course | Mastering the Cloud Native Future: Comprehensive Guide to CNCF Certification and Exam Preparation Tips
Ranking
C++ Basic Syntax
bootstrapTable hides a column based on a condition
Why is reentrant lock recommended instead of Synchronized when dynamic high concurrency?
hexo create a blog
[Fully open source and non-encrypted version] Imitation of the eighth district distribution/online signature/multiple sets of download templates/APP distribution hosting/APP packaging and packaging
Polymerization combination
https://www.flysnow.org/2017/05/06/go-in-action-go-log.html
From the perspective of Flutter and the front-end, talk about how to ensure UI fluency under the single-threaded model
nginx-301, 302 redirect
Geolocation by IP Address in ASP.NET
Daily
More
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)
2024-04-17(31)

Code World

© 2018 codetd.com