cookie-parser plugin: cookie analysis, the encryption operation
Plug-cookie-session: session parsing operation
http is stateless
cookie: save some data in the browser, each time sending a request to the server, will take over
Use cookie drawbacks: unsafe, limit the size of 4kb
session: Save the data used, save in the server
The advantage of using session: security, there is no size limit
session works
session cookie-based implementation and not achieve independence, there will be a session cookie in the id, and the server, using the id session to find id session, the read write, etc.
Risks: session hijacking, are subject to change session, cookie encryption
cookie:
let express = require("express");
let cookieParser = require("cookie-parser");
let server = express();
server.listen (3000); // create a server
server.use (cookieParser ( 'jsdkfjsidfj')); // need to rely on this to parse the cookie inside the parameters: Optional, used to encrypt the cookie, for safety, the argument is just write, write what to write
server.use("/",function(req,res){
console.log (req.cookies); // get from the browser cookie
console.log (req.signedCookies) // unsigned version of the key, that is not encrypted
res.cookie ( 'user', 'blue', {// response from the server to the browser cookie
path: "/", // cookie path
maxAge: 24 * 3600 * 1000, // cookie duration of 24 hours
signed: true // signature signature role, can not be modified, which means that users can only view, but not change things in the cookie
})
res.clearCookie ( 'user') // delete the cookie inside the parameters: user, this is my cookie, we can according to their own circumstances
})
session:
It is based on the realization of the cookie, cookie upgraded version, compared with the cookie, safer, and there is no size limit
let express = require("express");
let cookieParser = require("cookie-parser");
let cookieSession = require("cookie-session");
let server = express();
server.listen (3000); // Create the server
// In order to make the session more secure
let arr = [];
for(let i=0;i<100000;i++){
arr.push ( 'sig' + Math.random ()) // arr at this time there is dreadful, because the key to make recycled, when someone broke a key after you,
}
server.use(cookieParser()); // 解析 cookie
server.use (cookieSession ({// Yes, want to use this plug-in, you must use cookieParser to first resolve the cookie
name: "sess", // set session
keys: arr, // key required, recycling cookie key, to some extent, to ensure the safety
maxAge: 2 * 3600 * 1000 // 2 hours, session storage time of 2 hours
}))
server.use("/",function(req,res){
console.log(req.session) // 读取 session
res.send("ok");
})
// determine user access to the site of several classes of
server.use("/",function(req,res){
if (req.session [cont] == null) {// make the first user to prove
req.session [cont] = 1; // count 1 so him
}
else{
req.session [cont] ++; // after each visit accumulation
}
console.log number (req.session [cont]) // this is the user's total access
res.send("ok");
})