what are cookies
A cookie is a character string of no more than 4 KB that is stored in the user's browser . It consists of a name (Name), a value (Value) and several other optional attributes used to control the cookie validity period, security, and scope of use.
Cookies under different domain names are independent. Whenever the client initiates a request, all unexpired cookies under the current domain name will be automatically sent to the server together.
Several characteristics of cookies:
Automatically sent
Domain name independent
Expiration time limit
4KB limit
The role of cookies in authentication
When the client requests the server for the first time, the server sends an authentication cookie to the client in the form of a response header, and the client automatically
saves the cookie in the browser.
Subsequently, when the client browser requests the server each time, the browser will automatically send the cookie related to identity authentication to the server in the form of a request header, and the server can verify the identity of the client.
Cookies are not secure
Since the cookie is stored in the browser, and the browser also provides an API for reading and writing the cookie, the cookie is easy to be forged and has no security. Therefore, it is not recommended that the server send important private data to the browser in the form of cookies.
Note: Never use cookies to store important and private data! Such as user identity information, password, etc.
Improve the security of identity authentication
In order to prevent customers from forging membership cards, the cashier can swipe the card for authentication on the cash register after receiving the membership card presented by the customer. Only the membership card confirmed by the cash register
can be used normally.
This design concept of "membership card + credit card authentication" is the essence of the Session authentication mechanism.
How sessions work
