Reference: Qianshan bird must, million tracks were off track
About Cookie
Cookie, sometimes with plural forms Cookies, refer to certain sites in order to identify the user identity, session tracking for the data on the user's local terminal (typically been encrypted) storage. Is defined in RFC2109 and in 2956 have been abandoned, replaced by the latest specification is RFC6265
Cookie is a text file stored in the browser directory in the computer when the browser is running, play a role in the RAM memory (this is called Cookies Session Cookies), once the user exits from the site or server, can be stored in a Cookie on the user's local hard disk (called Persistent such Cookies Cookies)
Normally, when a user's browser session ends, the system will terminate all Cookie. When the Web server creates Cookies, as long as within the validity period, when users access the same web server, the browser must first check the local Cookies, and which was sent to the web server. This state information is referred to as "persistent Client State HTTP Cookie", referred to as "Cookies"
Cookie features
- Cookie disposed on the same page, the order is actually carried out from the back. If you first delete a Cookie, and then write a Cookie, you must write the written statement, write delete statement, or an error
- Cookie is path oriented. When the default path (path) attribute; web server page will automatically pass the current path to the browser, specify the path to force the path to the server using the set, Cookie in a directory page in another page set in the directory can not see
- Cookie must be set before the contents of the html file output, different browsers handling of Cookie inconsistent use must consider the client if the user settings prohibit cookie the cookie can not be established, and the client, a browser can be created cookie number up to 300, and each can not exceed 4kb, the total amount of cookie each web site can not set more than 20
cookie lifetime
cookie can keep the conversation next time the user login information to the server, in other words, the next time you visit the same Web site, users will find the user does not have to enter a login and password have been (of course, does not rule out manually delete the cookie). And there are some cookie when the user exits the session is deleted, so you can effectively protect personal privacy
cookie will be specified when generating a expire value, which is the lifetime of the cookie, cookie effective this period, exceeding the cycle cookie will be cleared, some pages of the cookie lifetime is set to 0 or negative, so close your browser device, immediately remove cookie, it does not record user information more secure
cookie check
As the name suggests, is to find the user name of the cookie in the database, once the information is found, remove it immediately and then compared with the password in a cookie, if consistent, verified: the cryptographic checksum
Be verified according to the last cookie time: the idea of the method is to be updated every time cookie issue in the database each time the server issues a cookie to the user, so if the next visit, the server can cooKie user name in the database found in the appropriate information, then the client time to compare the way, if awarded the same time, it is verified, the advantage of this method is to avoid the user password is stored in the user's local, and therefore more secure.