1、Cookie
HTTP is a stateless protocol. Example: Open the home page of a domain name, and then open the other pages of the domain name server can not identify visitors. That same browser to access the same Web site, each visit has nothing to do.
Cookie principle is: the client browser after the first access to the server, the server returns some json data is identified, then when the client browser to access the same domain again, each time carrying this cookie information.
Feature
- A cookie is not encrypted, users are free to see;
- Users can delete the cookie, or disable it, is not set expiration time, the default after you close the browser fails
- cookie can be tampered with
- cookie can be used to attack
- cookie store is very small. (Less than 4k)
Cookie has a non-cross-domain nature . According Cookie specification, carrying only a browser to access Google's Cookie Google, Baidu will not carry the Cookie. Google can only operate Google's Cookie, and can not operate Baidu's Cookie.
cookie using Node.js in:
The require cookieParser = const. 1 ( 'Parser-Cookie'); // module Parser-Cookie 2 App = const Express (); . 3 app.use (cookieParser ()); // intermediate piece 4 app.get ( '/', (REQ, RES) => { . 5 res.send ( 'root route' ); . 6 }) . 7 app.get ( '/ Login', (REQ, RES) => { . 8 // Get client Cookies . 9 Console. log (req.cookies); 10 . 11 // delivered by the server Cookie 12 is res.cookie ( 'Heaven', '666' , { 13 is the maxAge: 900000 // valid time, milliseconds 14 }); 15 res.send('ok'); 16 }) 17 18 app.listen(3000);
2、Session
When the server needs to record the user's state, dependent on cookie tracking session, first create a session, the server will tell the client in the HTTP protocol, you need to record a session ID in a cookie inside, after each time the client requests to carry this session ID, the server will be able to identify the client.
Feature
- Session is not born of a technology, but rather rely on cookie. When a browser cookie is disabled when the login effects disappear; or the user cleared the cookie, log disappeared;
- session cookie is different than where is it? session issued is garbled, and the cache server itself something; the next browser with garbled up, this time with a cache compare to see who is?
/ * Session data stored in the server, but the index stored in the browser, the browser based cookieid identify the corresponding session NPM-Express I -S session using the session module * / const Express = the require ( 'Express' ); const session = the require ( 'Express-session'); // parsing module session session-Express const = App Express (); // start session middleware formula app.use (session ({ // requires a client encrypted set cookie Secret: 'Heaven', // any character row, a cookie encrypted cookie: {the maxAge: 300000 }, Resave: to true , saveUninitialized: to true , })) //Middleware is performed in chronological order, so in front of the interceptor app.get ( '/ the favicon.ico', (REQ, RES) => { return ; }) app.get ( '/', (REQ, RES) => { res.send ( 'are you footprint' + req.session.lvyou); }) app.get ( '/: City', (REQ, RES) => { the let City = req.params.city; // console.log (req.session); the let cityArr req.session.lvyou || = []; cityArr.push (City); req.session.lvyou = cityArr; res.send ( "you go today." + City); }) app.listen ( 3000);
/ * The extracted session mongo from memory into the database module npm i connect-mongo -S mongo into the session database * / const Express = the require ( "Express" ), App = Express (), session = the require ( " the session-Express " ), Mongosession = the require (" connect-Mongo " ) (the session), Mongoose = the require (" Mongoose " ); // connect to the database mongoose.connect (" mongodb: // localhost / bounty ", {useNewUrlParser: to true }) // the session formula app.use (the session ({ secret: "doukeyi", // secret key,Encryption rolling:to true , // each interaction (page operation, a tag, ajax) reset the time Cookie: {the maxAge: 1000 * 60 * 60}, // Cookie valid for one hour Resave: to false , // if each request re save data saveUninitialized: to false , // if the default setting an initial value Store: new new Mongosession ({ URL: "MongoDB: // localhost / Bounty" // the session stored in the database, the database is automatically cleared after the expiration }) })) / * Clear the session * / router.get ( "/ Zimbabwe Logout", function (REQ, RES) { req.session.destroy (); res.redirect ("/login"); })
3, the difference
- A cookie is clearly; session is garbled;
- cookie from the client browser; there is a server session;
- cookie small memory; large session memory;