cookie,session,token

Others 2019-08-01 17:47:41 views: null

cookie:    

    Something very specific, refers to a data browser which can be permanently stored, merely a data storage browsers implement a server-generated, sent to the browser, the browser cookie saved to a form to kv the cookie will be sent to the server when a text file in the directory, the next request the same site. Since the cookie exists on the client, the browser adds some restrictions to ensure the cookie will not be used maliciously, but will not take up too much disk space, so the number of cookie per domain is limited.

session:

    To know the current server who send requests to their yes. In order to make this distinction, going to a different server for each client is assigned "identity", and then sent to the server each time the client requests the time, are put on the "identity", the server knows that the request comes from who had. As for the client how to save this "identity" can have a variety of ways, for browser clients, we are using the default cookie manner. The server uses the user's session information temporarily stored in the server, user session after leaving the site will be destroyed. This user information is stored relatively cookie is more secure, but the session has a flaw: If the web server to do load balancing, then the next operation request to another server when the session will be lost
 

Token:
    Token优点:

      1. No state can be extended to support mobile devices 2. 3. 4. Security across program calls With the rise of Web, application, and mobile terminal, session this proven way gradually exposed the problem. Especially in terms of scalability.
    token validation :      

      When a client initiates a request to the server, the server sends the client a token (token), which contains the user id of the client and prevent malicious forged key (signature), token data server is not saved when a customer when the terminal initiates a request to the server, obtaining a client token, the server generates a token and then the same method, in comparison, the verification result obtained, with some of the storage space acquires CPU time

    security token:      

      Sending the request token is no longer possible to prevent the transmission cookie CSRF (cross-site request forgery). Even if the client uses a cookie to store token, cookie store is only a mechanism and not for certification. The information is not stored in the Session, so that we have less of session operation. And there is a token of aging

Guess you like

Origin www.cnblogs.com/qiansk/p/11281281.html
Recommended
Ranking
How to make the url of the picture have the download attribute and force the download. Jump browser to download automatically.
Lr CC 8.3 Installation Guide
MD5Utils (MD5 encryption tools! Unsalted)
Econ 325 (004)
Photo studio photography appointment app based on java SpringBoot and Vue uniapp
What is b
2017 Second Guangdong strong network Cup online game --Nonstandard
myeclipse8.5 add tomact7
mpeg1, mpeg2 and mpeg4 standard comparative analysis and summary
Tencent sub-sub-group 6-color program
Daily
More
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)
2024-04-17(31)
2024-04-16(23)

Code World

© 2018 codetd.com