session,cookie,token
https://www.cnblogs.com/moyand/p/9047978.html
1.session, cookie, token talk about your understanding of their -------- session, cookies, tokens
History of development aid memory
Web browsing is basically a document only, since it is the view, as the server
does not need to record who are in a certain period of time browsing what documents, each request is a new HTTP protocol, is added in response to a request, especially since I do not have remember who had just made a HTTP request, each request is new for me.
Later, with the rise of interactive Web applications, like online shopping site, website, etc. you need to log in
to (this is called a session .session). Immediately faced with a problem, that is to manage the session, who log must remember who to put in their shopping cart of goods, which means that I must separate area for everyone.
In computer terms, a session refers to a process for communicating with end-user interactive system, such as the operating system into the account password inputted from the operating system is to exit a session.
For more sessions on the network, TCP three-way handshake to create a session, TCP closes the connection is to close the session.
In the case of such multiple HTTP connection maintains the association between the different users of the same request issued by the user is referred to as a maintenance session (session)
I use my CPU time to obtain my session storage space! https://www.cnblogs.com/moyand/p/9047978.html
Practical application token of my code
@RestController @RequestMapping(value = "/phonerest/coupon") public class AlipayArTransferCouponRestService extends BaseController { @Autowired private IAlipayArService alipayArService; @Value("${alipay.des.key}") private String desKey; @RequestMapping(value = "/transferBlessingCard", method = {RequestMethod.POST}) @ResponseBody public SimpleResponseVO transferCard(@RequestBody JSONObject json) { SimpleResponseVO responseVO = new SimpleResponseVO(); responseVO.setStatus (FAIL); / ** print front-end incoming parameters * / LoggerUtil.info ( "Alipay AR promotions, donation cards, the front end of the argument is: ----- >>" + JSON.toJSONString (json )); the try { String String = json.getString ( "token" ); String the decrypt = DESUtil.decode (String, DESKey); AlipayTransferBlessingCardRequestVO transferBlessingCardRequestVO . JSONObject.parseObject = (the decrypt, AlipayTransferBlessingCardRequestVO class ); String timestamp = transferBlessingCardRequestVO.getTimestamp ( ); the SimpleDateFormat SDF = new new SimpleDateFormat("yyyy-MM-dd HH:mm:ss"); Date date = sdf.parse(timestamp); Calendar calendar = Calendar.getInstance(); calendar.setTime(date); Calendar timenowbefore = Calendar.getInstance(); Calendar timenowafter = Calendar.getInstance(); timenowafter.setTime(new Date()); // timenowafter.add(Calendar.SECOND,+10); timenowafter.add(Calendar.MINUTE,+30);//测试 timenowbefore.setTime(new Date()); // timenowbefore.add (Calendar.MINUTE, -1); timenowbefore.add (Calendar.MINUTE, -30); // Test LoggerUtil.info ( "the Reference Time:" + Calendar); LoggerUtil.info ( "Time To timenowbefore after: "+ timenowbefore); LoggerUtil.info ( " time to before timenowafter: "+ timenowafter); IF (calendar.after (timenowbefore) && calendar.before (timenowafter)) { LoggerUtil.info ( " came within one minute data continues normally logic " ); String fromUserId = transferBlessingCardRequestVO.getFromUserId (); String toUserId =transferBlessingCardRequestVO.getToUserId (); String cardcode = transferBlessingCardRequestVO.getTransferCardCode (); // Analyzing this card is not kcal String cardinfo = alipayArService.findCardByCardCodeAndUserId (cardcode, fromUserId); IF (cardInfo.equals (FAIL)) { responseVO.setMessage ( "can not Get kcal" ); return responseVO; } // user card number is less than substantially. 8, String cardAmount = alipayArService.checkUserBasicCards (transferBlessingCardRequestVO.getToUserId ()); IF ( '. 8 " .equals (cardAmount)) { responseVO.setMessage ( "your basic Foca has eight, can not continue to" ); return responseVO; } // user of the gift card status in an unused state responseVO = alipayArService.transferBlessingCard (fromUserId, toUserId, cardcode); return responseVO; } the else { LoggerUtil.info ( "time stamp to the existing ones" ); responseVO.setStatus (FAIL); responseVO.setMessage ( "timestamp than 30 minutes" ); return responseVO; } } the catch(Exception E) { LoggerUtil.info ( "decryption failed" ); responseVO.setMessage ( "decryption failed" ); responseVO.setStatus (FAIL); return responseVO; } } }
@RestController @RequestMapping (value = "/ phonerest / coupon" ) public class AlipayArCouponRestService the extends BaseController { / ** * pumping down Fuka Lu * / public static Final String PUMPCARD = "PUMPCARD" ; / ** * go synthesis Fu Kalu * / public static Final String SYNTHESISCARD = "SYNTHESISCARD" ; / ** * querying user Fuqua details * / public static Final String QUERYDETAILS = "QUERYDETAILS" ; @Value ( "alipay.des.key $ {}" ) Private String DESKey; @Autowired Private IAlipayArService alipayArService; @Autowired Private IUserService that userService; @RequestMapping (value = "/ receiveBlessingCard", Method = {} RequestMethod.POST) @ResponseBody public SimpleResponseVO checkScanCodeOrCombinedCard (@RequestBody the JSONObject JSON) { SimpleResponseVO responseVO = new new SimpleResponseVO (); responseVO.setStatus (FAIL); / ** print front-end incoming parameters * / LoggerUtil.info ( "Alipay AR promotions, the front end of the argument is: ----- >>" + JSON.toJSONString ( json)); String string = json.getString("token"); String decrypt = DESUtil.decode(string, desKey); AlipayBlessingCardRequestVO alipayBlessingCardRequestVO = JSONObject.parseObject(decrypt, AlipayBlessingCardRequestVO.class); String type = alipayBlessingCardRequestVO.getType(); String userName = alipayBlessingCardRequestVO.getUid(); try { String timestamp = alipayBlessingCardRequestVO.getTimestamp(); SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss"); Date date = sdf.parse(timestamp); Calendar calendar = Calendar.getInstance(); calendar.setTime(date); Calendar timenowbefore = Calendar.getInstance(); Calendar timenowafter = Calendar.getInstance(); timenowafter.setTime(new Date()); // timenowafter.add(Calendar.SECOND,+10); timenowafter.add(Calendar.MINUTE,+30);//测试 timenowbefore.setTime(new Date()); // timenowbefore.add (Calendar.MINUTE, -1); timenowbefore.add (Calendar.MINUTE, -30); // Test LoggerUtil.info ( "the Reference Time:" + Calendar); LoggerUtil.info ( "Time To timenowbefore after: "+ timenowbefore); LoggerUtil.info ( " time to before timenowafter: "+ timenowafter); IF (calendar.after (timenowbefore) && calendar.before (timenowafter)) { LoggerUtil.info ( " pass thirty minutes to the data, continue with normal logic " ); // take the lead card or synthetic card IF (PUMPCARD.equals (of the type)) { // draw Foca //Fuqua number of substantially no more than 8 // draw Fuqua valid card invalid card // return responseVO = alipayArService.getCard (the userName, type); return responseVO; } the else IF (SYNTHESISCARD.equals (type)) { // Synthesis Fu card // the user had no synthetic Fuqua // there are four different basic card // synthesis Fuqua responseVO = alipayArService.synthesizeCard (the userName, type); return responseVO; } the else IF (QUERYDETAILS.equals (type)) { // querying user Fuqua details List <AlipayArUserCouponInfo> alipayArUserCouponInfoList = alipayArService.queryBlessingCardDetail (the userName); responseVO.setResult (alipayArUserCouponInfoList); responseVO.setMessage ( "query to the user Fuqua Details" ) ; responseVO.setStatus (SUCCESS); return responseVO; } responseVO.setMessage ( "incoming error" ); return responseVO; } the else { LoggerUtil.info ("In addition to existing time stamp" ); responseVO.setStatus (FAIL); responseVO.setMessage ( "timestamp than 1 minute" ); return responseVO; } } the catch (Exception E) { LoggerUtil.error ( "Fuca - coupon - receive exception: " , E); return alipayArService.receiveNoUseCard (the userName); } } }
They are to receive donation Foca and Foca, I agreed, and easy to use front-end des encryption algorithm, a string desKey agreed well configure it to cache. I pass a front-end to json, json after desKey according to decryption, turn entity,
Entity time stamp, the current time stamp is determined before and after the current time within 3 minutes, and the like. Here uses token, in order to improve this interface ,,, safety bar. If I summarize wrong.
session has a flaw: If the web server to do load balancing, then the next operation request to another server when the session will be lost
specific token can look at our official website login is how to achieve
The end of the sentence
A cookie is data stored in the local terminal
session is stored in the data server, and after the end of the session will be destroyed, and it will face a web server to do load balancing, then the next operation request to another server when the session will be lost.
session token is acquired by CPU time storage, stateless
cookie composition
token composition
The composition of the cookie are: name (key), value (value), effective domain (domain), path (path domain is generally set to global: "\"), time to failure, safety signs (after a specified, cookie is only in use if an SSL connection to the server (https)).
token means "token", is the user identity authentication, the simplest token consisting of: uid (user's unique identity), time (timestamp of the current time), sign (signed by former token several + salt is compressed to fixed length hash algorithm hexadecimal string, a malicious third party can be prevented splicing token requesting server)
The difference between the cookie and session
When the instance login account password, we use a cookie
Taobao station, shopping cart items we may use session, and to store data they've done, the next log on to our account, what a shopping cart is still there.
https://blog.csdn.net/qq_41802128/article/details/82151490
The difference between the cookie and session
1, cookie data is stored on the customer's browser, session data on the server.
2, cookie is not very safe, people can analyze stored locally COOKIE COOKIE cheat and
take into account security should use the session.
3, session will be stored on the server within a certain period of time. When accessing the increase would be more take up the performance of your server
take into account mitigating server performance, you should use COOKIE.
4, a single cookie stored data can not exceed 4K, many browsers are limited to a maximum of 20 sites saved cookie.
5, so personal recommendations:
the login information and other important information is stored as SESSION
additional information if necessary, it can be placed in COOKIE
token
1. stateless, scalable
2. support for mobile devices
3. Cross-program calls
4. Security