[Python] Cookie and Session


A recent study Python network programming, has achieved a simple information exchange server and browser. We are further learning and Cookie Session (possibly Token), so write an essay to deepen their understanding.


First, what is Cookie

Cookie, sometimes with plural forms Cookies, refers to the data (typically encrypted) to identify the user identity of certain sites, for Session tracking and stored locally on the user terminal. [Source: Baidu Encyclopedia ]

In short, Cookie is a content server and browser communications. For implementing local persistence. Set-Cookie server can be added back to the field in the browser data. Content Browser will survive this field, and then each subsequent request is automatically added to Cookie. Thus, when the server receives a request, the request can identify the identity of the sender, to give some of the personalized response.

So Cookie is the server to the client plus an identification tag, which is stored in the client, it will be sent to the server each time the browser requests data. Meanwhile, other user data will be saved and associated with the label on the server, such as the user name. Cookie has the following properties:

Attributes Introduction
name cookie name
value cookie values
expires Expiration time, if this property is not specified, is "session cookie", that is, the session will be deleted after you close your browser
path Web cookie scope, sub-folder can access the web page generated by the cookie parent folder, but the converse is not. In the example become cookie_a / path swells, in cookie_b became / sub path swells, the next / cookie_a path can only read, and / cookie_a the sub path can be read and cookie_b. Note that if this property is omitted, the default is the current url using relative path, for example path is not specified in the cookie path disposed url http://www.a.com/some/page.php, then it path attribute / some. Generally, we set a cookie, the site is to let all the other pages can be read, so it should be set to '/'.
domain the cookie belongs to the domain name, the default is the fully qualified domain name, such as www.somesite.com. Of course, you can specify your own root domain, namely somesite.com, so if the current site, then there's subdomain websites, such as a.somesite.com subdomain b.somesite.com like, it is also located in the sub-domain You can read the cookie.
secure This property is for https is, if its address set to true, then only at the request of current https websites when to read it.
httponly This property sets read permissions for the current js cookie, and if true, then modify the current cookie can not read js



Second, what is Session

I understand (to be corrected).

Session interpreted literally, is the "session", the browser and server to establish a session, then the session server how know who is it? Common is verified by a user name and password. But if every time access is required to verify too much trouble, so, after a validation server joins a field in Cookie returned, Session_id, usually a random string. In the server, the association (such as user name, date of birth, etc.) of the current information about the user by Session_id, so that the server can borrow the Cookie Session_id to identify the session object. Session advantages with respect Cookie art in that it is encrypted, since Session_id is a random string, therefore, not directly forge the identity information of the visitor in the Cookie. Of course, if Session_id is intercepted, still you can assume the identity of a visit.


Third, how to achieve Cookie

The simplest method is added to the Cookie field of the request and the response.

Cookie contents stored in the browser.

Session data is stored on the server side.


Fourth, the problem to be solved

Whether Session is permanent? 






Guess you like

Origin www.cnblogs.com/bladeofstalin/p/11222429.html