1, the basic concept of cookies
Cookies are text files placed on the staging server information of your computer txt format, mainly used to identify the network server computers. Browser with bindings, not shared before each browser. Cookie from the site, not the server.
2, how to view the cookie
Google / search dogs and other browsers - the "Developer Tools -" Application
3, cookie composed of what
Name, value, Domain, path, extended time
4, cookie test test points
1) prohibit the use of Cookie
Set your browser to prohibit the use of Cookie, after visiting the page, check the documents stored in the Cookie file is not generated;
2) .Cookie storage path
According to the settings of the operating system and browser Cookie storage path, check the storage path is consistent with the setting;
3) .Cookie expired inspection
According to Cookie expiration time, check whether the stored files in the Cookie is automatically deleted, if the cookies file in the test of time and outside normal range, that is, within the time frame, open a web system again, whether the information is automatically displayed by default; in the time range In addition, when you open web system again, whether the information is no longer the default display cookies, whether failure
4) Check your browser Cookie Options
By different browsers, set whether to accept the Cookie file, if they agree to accept the Cookie, Cookie file to check whether there are storage paths
5) The browser Delete Cookie
By setting the browser to Delete Cookie Files, behavioral testing system, in particular the user is logged in conversion behavior, and systems. You can view the personal center.
6) .Cookie encryption
When you submit sensitive information, data should be encrypted
7) .Cookie store information
Cookie verification can work
8). Cookie tampering
Cookie modify content, view the system function is abnormal, or garbled data
9) .Cookie compatibility
Compatibility with different types, or different versions of the same type of browser, check the cookie file
10) The impact on the cookie refresh operation
进行刷新操作后,是否重新生成cookie文件或是对cookie文件进行修改
11).检查cookie内容存储是否完整正确
若cookie进行了加密,先对cookie文件内容进行解密,然后检查是否按照设计要求存储了相关所有的cookie记录信息。
12).对应硬盘存储空间没有空闲时,是否能进行cookie内容的有效存储
13).多次做相同的操作或设置,检查是否更新或添加了新的cookie文件
按照设计要求进行判断
14).如果使用cookie来统计次数,则要检测是否统计正确
例如通过用户登录次数进行统计
5、cookie与session的区别:
1)、cookie数据存放在客户的浏览器上,session数据放在服务器上。
2)、cookie不是很安全,别人可以分析存放在本地的cookie并进行cookie欺骗,考虑到安全应当使用session。
3)、session会在一定时间内保存在服务器上。当访问增多,会比较占用服务器的性能,考虑到减轻服务器性能方面,应当使用cookie。
4)、单个cookie保存的数据不能超过4K,很多浏览器都限制一个站点最多保存20个cookie。
5)、所以一般建议:
将登陆信息等重要信息存放为session
其他信息如果需要保留,可以放在cookie中