2.4 Session and cookie
2.4.1 Static and dynamic web pages
1 of static pages
Static pages are standard HTML documents, can not pass parameters, only show information
2 dynamic pages
Dynamic pages can change the URL parameters dynamically parsing web pages, linked to the database, showing different pages based on different parameters, you can achieve login, registration, verification.
2.4.2 stateless http
I.e. stateless http protocol connection using the client and the server, the server does not identify who the client is Yes.
In order to keep hold of the browser and server connections, the use of a new technology: the session and cookie
Cookie stored in the client browser, the next time access to the server will be included with the request, the server cookie to identify which user to determine whether to log, and then returns the response content.
Session 1
Session, is mutual, both sides recognize each other. When users in different pages of the application jump, information identifying the user variables in the session object is not lost, and it will exist throughout the session. Session expires, or give up, the server will terminate the session.
2 cookies
Cookies That site to identify the user, maintaining the conversation tracking, a set of data is stored locally in the browser
3 session to maintain
How to use Cookies hold it? When a client requests views of the server, the server returns a response to the request header with the Set-Cookie field to the client, which is used to mark a user, the client browser will save up at when the browser Cookies once again request the site, the browser will put Cookies request submitted to the server from the head, Cookies carries the session ID information, the server checks the Cookies you can find what corresponding session is then used to determine the session in order to identify user status
Upon successful login to a website, the server will tell the client what ookies information settings, the client would Cookies sent to the server during subsequent visits to the page, and then find the corresponding server session is set to be judged if some of the session's login status variable is valid, it would prove that the user is logged in, log on to return after this time can view the web content, then the browser will be able to see the resolve
Cookies are passed to the server if the invalid or session has expired, we will not be able to continue to access the page, then you may receive an error response or jump to the login page to log in again so, Cookies and sessions need to meet, in a the client, in a server, the two work together to achieve a login session control
2.4.3 cookies content
Baidu login cookies
Name Cookie's name. Once created, the name will not be changed
If the value of the value of the Value Cookie Unicode characters, character encoding is required if the value is binary data, it is necessary to use BASE64 encoding
Domain: Cookie domain can be accessed, for example, if set to zhihu.com, all domain names ending zh ihu .co can access the Cookie
Max Age Cookie failure time, in seconds, often used with the Expires, it can be calculated by
If the effective time is after Max Age Max Age positive number if the second failure is negative, then the browser is closed Cookie i.e. failure, the browser does not in any way to save the Cookie
Path Cookie use path If set to / path /, the only path to path / page can access the Cookie fruit set / all pages under this domain can access the Cookie
Size Fields Cookie
HTTP fields: Cookie httponly Properties is true, only this will be with the HTTP header
Cookie information, and can not be accessed through this Cookie document.cookie
Are Secure Cookie is only using a secure protocol HTTPS SSL transport security agreement, etc., the network uploads
Before the first input data Data Encryption default is false