Node in the Cookie and Session

Others 2019-08-27 09:15:34 views: null

1、Cookie

HTTP is a stateless protocol. Example: Open the home page of a domain name, and then open the other pages of the domain name server can not identify visitors. That same browser to access the same Web site, each visit has nothing to do.

Cookie principle is: the client browser after the first access to the server, the server returns some json data is identified, then when the client browser to access the same domain again, each time carrying this cookie information.

Feature

  • A cookie is not encrypted, users are free to see;
  • Users can delete the cookie, or disable it, is not set expiration time, the default after you close the browser fails
  • cookie can be tampered with
  • cookie can be used to attack
  • cookie store is very small. (Less than 4k)

Cookie has a non-cross-domain nature . According Cookie specification, carrying only a browser to access Google's Cookie Google, Baidu will not carry the Cookie. Google can only operate Google's Cookie, and can not operate Baidu's Cookie.

cookie using Node.js in:

The require cookieParser = const. 1 ( 'Parser-Cookie');      // module Parser-Cookie 
 2 App = const Express ();
  . 3 app.use (cookieParser ());                // intermediate piece 
 4 app.get ( '/', (REQ, RES) => {
  . 5 res.send ( 'root route' );
  . 6 })
  . 7 app.get ( '/ Login', (REQ, RES) => {
  . 8      // Get client Cookies 
 . 9      Console. log (req.cookies);
 10 
. 11      // delivered by the server Cookie 
12 is res.cookie ( 'Heaven', '666' , {
 13 is the maxAge: 900000                 // valid time, milliseconds 
14      });
15     res.send('ok');
16 })
17 
18 app.listen(3000);

2、Session

When the server needs to record the user's state, dependent on cookie tracking session, first create a session, the server will tell the client in the HTTP protocol, you need to record a session ID in a cookie inside, after each time the client requests to carry this session ID, the server will be able to identify the client.

Feature

  • Session is not born of a technology, but rather rely on cookie. When a browser cookie is disabled when the login effects disappear; or the user cleared the cookie, log disappeared;
  • session cookie is different than where is it? session issued is garbled, and the cache server itself something; the next browser with garbled up, this time with a cache compare to see who is?
session in the Node.js 
/ * 
     Session data stored in the server, but the index stored in the browser, the browser based cookieid identify the corresponding session 
     NPM-Express I -S session using the session module 
 * / 
const Express = the require ( 'Express' ); 
const session = the require ( 'Express-session');      // parsing module session session-Express 
const = App Express (); 

// start session middleware formula 
app.use (session ({            // requires a client encrypted set cookie 
    Secret: 'Heaven',         // any character row, a cookie encrypted 
    cookie: {the maxAge: 300000 }, 
    Resave: to true , 
    saveUninitialized: to true , 
})) 
//Middleware is performed in chronological order, so in front of the interceptor 
app.get ( '/ the favicon.ico', (REQ, RES) => {
     return ; 
}) 

app.get ( '/', (REQ, RES) => { 
    res.send ( 'are you footprint' + req.session.lvyou); 
}) 
app.get ( '/: City', (REQ, RES) => { 
    the let City = req.params.city;
     // console.log (req.session); 
    the let cityArr req.session.lvyou || = []; 
    cityArr.push (City); 
    req.session.lvyou = cityArr; 
    res.send ( "you go today." + City); 
}) 

app.listen ( 3000);
/ * 
       The extracted session mongo from memory into the database 
       module npm i connect-mongo -S mongo into the session database 
* / 
const Express = the require ( "Express" ), 
    App = Express (), 
    session = the require ( " the session-Express " ), 
    Mongosession = the require (" connect-Mongo " ) (the session), 
    Mongoose = the require (" Mongoose " );
 // connect to the database 
mongoose.connect (" mongodb: // localhost / bounty ", {useNewUrlParser: to true })
 // the session formula 
app.use (the session ({ 
    secret: "doukeyi",            // secret key,Encryption 
    rolling:to true ,                // each interaction (page operation, a tag, ajax) reset the time 
    Cookie: {the maxAge: 1000 * 60 * 60}, // Cookie valid for one hour 
    Resave: to false ,                // if each request re save data 
    saveUninitialized: to false ,     // if the default setting an initial value 
    Store: new new Mongosession ({ 
        URL: "MongoDB: // localhost / Bounty"         // the session stored in the database, the database is automatically cleared after the expiration 
    }) 
})) 
/ * 
    Clear the session 
* / 
router.get ( "/ Zimbabwe Logout", function (REQ, RES) { 
    req.session.destroy (); 
    res.redirect ("/login");
})

3, the difference

  • A cookie is clearly; session is garbled;
  • cookie from the client browser; there is a server session;
  • cookie small memory; large session memory;

Guess you like

Origin www.cnblogs.com/danew/p/11415672.html
Recommended
Arc Browser for Windows 1.0 officially GA
A programmer born in the 1990s developed a video porting software and made over 7 million in less than a year. The ending was very punishing!
Ranking
1. Select Sort
Create a thread thread
3 press to play ball that reach 6
Programmation CUDA (4) : gestion de la mémoire
SpringBoot database connection pool Druid error
E Diudiu App redesign summary
4EVERLAND Hosting now supports SNS+IPFS
About HTTPS
[vue3+vite+ts+element-plu+sass] uses bug records in sass
Interpretation of HUAWEI CLOUD GaussDB (for Influx): Best Practice Data Modeling
Daily
More
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)

Code World

© 2018 codetd.com