Table of contents
Session Tracking Solution Comparison
Solution 3: Token Technology (Mainstream Solution)
conversational technology
- Session: The user opens the browser, accesses the resources of the web service, and the session is established until one party disconnects, and the session ends. Contains multiple requests and responses in one session .
- Session Tracking: A method of maintaining browser state. The browser needs to identify whether multiple requests originate from the same browser in order to share data between multiple requests in the same session .
- session tracking scheme
- Client Session Tracking Technology: Cookies
- Server-side session tracking technology: Session
- token technology
Session Tracking Solution Comparison
-
Solution 1: Cookies
-
Implementation ideas
- When the browser sends a request for the first time and requests the server, a cookie can be set, and relevant information can be stored in the cookie, and then the server will automatically respond to the cookie (Set-Cookie: name=valie, used to set the data of the cookie) to Browser, after the browser receives the Cookie, it will automatically store the value of the Cookie ( name=value ) locally in the browser, and subsequent requests will automatically store the data stored in the local Cookie ( Cookie: name=value, used for The data carrying the cookie ) is transmitted to the server, and the value of the cookie can be obtained on the server, and it can be judged whether the value in the cookie exists.
-
specific code
-
package com.example.tlias.controller; import com.example.tlias.pojo.Result; import jakarta.servlet.http.Cookie; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import lombok.extern.slf4j.Slf4j; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RestController; @RestController @Slf4j public class SessionController { @GetMapping("/c1") // todo 设置Cookie public Result cookie1(HttpServletResponse response) { response.addCookie(new Cookie("login_name", "hkm")); return Result.success(); } @GetMapping("/c2") // todo 获取Cookie public Result cookie2(HttpServletRequest request) { Cookie[] cookies = request.getCookies(); for (Cookie cookie : cookies) { if (cookie.getName().equals("login_name")) { System.out.println("login_name:" + cookie.getValue()); } } return Result.success(); } } -
The results of accessing c1 are as follows
-
-
The results of accessing c2 are as follows
-
-
advantage
- Technologies supported in the Http protocol
-
shortcoming
- Mobile APP cannot use cookies
- Not secure, users can disable cookies by themselves
- Cookies cannot be cross-domain (three dimensions of cross-domain distinction: protocol, ip/domain name, port)
-
-
-
Solution 2: Session
-
Implementation ideas
- Sesnsion is a server-side session tracking technology. Session is stored on the server side, and its bottom layer is implemented based on Cookie. When the browser sends a request to the server, the server side will automatically create a Session session object, and each Session session object will have an ID . , we call it SessionID. When the server responds to the browser, it will respond to the browser with the ID of the Session object through Cookie ( Set-Cookie: JSESSIONID=1 ), and the browser will automatically store the received Cookie object locally, and then The request will carry the value of the cookie to the server, and the server will find the session object Session of the current request after obtaining the value of the cookie (that is, the id of the session).
-
specific code
-
package com.example.tlias.controller; import com.example.tlias.pojo.Result; import jakarta.servlet.http.Cookie; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import jakarta.servlet.http.HttpSession; import lombok.extern.slf4j.Slf4j; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RestController; @RestController @Slf4j public class SessionController { // todo 在HttpSession中设置session对象的值 @GetMapping("/s1") public Result Session1(HttpSession session) { log.info("HttpSession:{}", session.hashCode()); session.setAttribute("loginUser-s1","hkm");// 往Session对象中存储 return Result.success(); } @GetMapping("/s2") // todo 获取=session对象的值 public Result Session2(HttpServletRequest request) { HttpSession httpSession = request.getSession(); log.info("HttpSession-s2:{}", httpSession.hashCode()); Object loginUser = httpSession.getAttribute("loginUser"); log.info("loginUser:{}", loginUser); return Result.success(loginUser); } } - The results of accessing s1 are as follows:
-
The results of accessing s2 are as follows
-
-
-
advantage
- Data is stored on the server side, safe
-
shortcoming
- Sesson cannot be used directly in a server cluster environment
- Disadvantages of Cookie (the bottom layer of Session is implemented based on Cookie)
-
-
Solution 3: Token Technology (Mainstream Solution)
-
Implementation ideas
- The token is the identification of the user's identity. It is essentially a string. The browser initiates a request. When requesting the login interface, if the login is successful, the server can generate a token, which is the user's legal identity credential. Next When responding to the data, you can directly respond the token to the front end, and the front end will store the token (it can be stored in a cookie or in other storage spaces), and each subsequent request will carry the token to The server will verify the validity of the token.
-
advantage
- Support PC and mobile
- Solve the authentication problem in the cluster environment
- Reduce the storage pressure on the server
-
shortcoming
- Need to implement it yourself
-
