Authentication cookie interface, session and token

Others 2019-09-13 09:18:00 views: null

1, HTTP is a stateless protocol

What is stateless? That this time the request and the last request was not any relationship, unable to share information. Advantage is speed.

2, cookie, session added

HTTP requests are stateless, so to solve the problem of sharing information other means must be used, so there sessionid, sessionid cookie-based implementation. Server for each user generates a random string is not the same each time an HTTP request to the server initiates, would pass the string to the server, so that the user can distinguish.

3, session shortcomings

For the client session is very good, just a cookie store a string like, but for the server, you must store all online users in the session, then it takes up a lot of resources (cpu, memory ), seriously affecting the performance of the server. Then you can choose to extend the server cluster to do, but there has also been a problem of distributed session, then the session can be used sticky or session centralized management (redis) to resolve.

Schematic session:

Handmade drawing, do not like do not spray

 

 

4, the difference cookie, session of

cookie: client and server can generate a cookie, stored on the client side. Some sensitive data is not stored, only the data type is a string (JSON).

session: the server generates a session, stored on the server. Can store any data, Java in the session can be stored in any object, session cookie must depend on implementation.

5, token bills meant that tickets, tokens

After the token is a character string, user name and password to initiate a request to the server, the server generates a token string, by the string token header + userid + timestamp, after a encryption algorithm, to generate a token string.

token verification schematic diagram :( steal, ha ha)

 

 

session and token difference:

session: server generation, storage, verification as to the way the cookie to the client, the client sends in the same way to the server. stateful session.

token: generating server, authentication, or cookie to the request header of the form to the client, the client sends to the server the same way, stateless token.

 

Guess you like

Origin www.cnblogs.com/xingyunqiu/p/11512152.html
Recommended
Ranking
How to make the url of the picture have the download attribute and force the download. Jump browser to download automatically.
Lr CC 8.3 Installation Guide
MD5Utils (MD5 encryption tools! Unsalted)
Econ 325 (004)
Photo studio photography appointment app based on java SpringBoot and Vue uniapp
What is b
2017 Second Guangdong strong network Cup online game --Nonstandard
myeclipse8.5 add tomact7
mpeg1, mpeg2 and mpeg4 standard comparative analysis and summary
Tencent sub-sub-group 6-color program
Daily
More
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)
2024-04-17(31)
2024-04-16(23)

Code World

© 2018 codetd.com