web applications, multiple requests sharing "user session" is necessary to
deal with the cookie:
Server sends a cookie to the client
Save the client's browser cookie
Each request, the browser will send the cookie to the server
before the HTML document is sent, the server in the Set-Cookie HTTP header of the message, the cookie is sent to the browser
Set-Cookie:
name=value;
Path = path; // affect the way that the cookie, such as path = / if the path does not match, the browser does not send this Cookie
expires=Wednesday, 09-Nov-99 23:12:40 GMT;
maxAge: maximum time to failure
secure: is true, cookie is invalid in HTTP, HTTPS only valid in the
httpOnly: COOKIE is Microsoft doing to expand. If you set "httpOnly" attribute in the COOKIE, then through the program (JS script, applet, etc.) will not be able to read COOKIE information, generating prevent XSS attacks
deal with the cookie:
Server sends a cookie to the client
Save the client's browser cookie
Each request, the browser will send the cookie to the server
before the HTML document is sent, the server in the Set-Cookie HTTP header of the message, the cookie is sent to the browser
Set-Cookie:
name=value;
Path = path; // affect the way that the cookie, such as path = / if the path does not match, the browser does not send this Cookie
expires=Wednesday, 09-Nov-99 23:12:40 GMT;
maxAge: maximum time to failure
secure: is true, cookie is invalid in HTTP, HTTPS only valid in the
httpOnly: COOKIE is Microsoft doing to expand. If you set "httpOnly" attribute in the COOKIE, then through the program (JS script, applet, etc.) will not be able to read COOKIE information, generating prevent XSS attacks
Reproduced in: https: //my.oschina.net/boogoogle/blog/546116