cookie and session to understand it

Others 2019-11-03 13:32:18 views: null

 

  1. What Cookie and Session is?

  2. Thoroughly get to know the cookie runs reason?

  3. When not to use Cookie, when not to use Session

  4. at what time session creation, and session consistency

Cookie and Session difference:

The origin of 1.COOKIE: 
because there is no state in which HTTP requests, each request is independent, it is not affected by previous request directly affect the response, it will not directly affect the response of the latter request. 
2.cookie key is stored on the browser on the 
server controls the response in the response allows the browser to save key-value pairs locally, and then sends the next request when the cookie will automatically carrying value. The browser is closed, cookie on the failure 
3.cooie application: 1. 2. Log-free seven days to record the user's browser habits 3. Simple voting rules 
4. server: 
        1. Generate a string 
        2. With the response string reply to the browser 
        3. get the strings from the request sent by the browser's 
benefits: 
    the server do not exist, reducing the pressure on the server 
harm: 
    information insecurity 
session: the key is stored in the server, must rely on cookie 
on the server side present in the form sadsjhsjkcehhw: { "is_login": 1 , "user": "jerd"}

(1) in-depth understanding of Cookie

    A cookie is stored client browser KV value pairs, for receiving a set-cookie server response () string, you may be provided with cookie cookie domain Domain, specified path, Secure attribute set, only in the cookie https protocol will be sent to the server with encryption, the positive number would indicate persistence to a local file.

   The disadvantage is that cookie:

      1, the cookie can create a limited number of different sites, different browsers are different.

      2, security can not be guaranteed, cross-site scripting attacks often tend to exploit vulnerabilities implantation site script code or web pages referring to the third method script code in a website page, there may have cross-site scripting attacks, cross-site scripting attacks by the when the script command will read all the contents of the current site Cookie (Cookie scope restriction does not exist already), then submit Cookie content to the server specified (eg: AJAX) in some way. Once Cookie fall into the hands of the attackers, it will reproduce its value.

     3, the browser can disable the Cookie, the Cookie is disabled, you can not enjoy the convenience brought by Cookie.

 

    Recommended Reference blog: in-depth understanding of Cookie

(2) the Session brief

   Recommended blog: the session implementation principle

  

Guess you like

Origin www.cnblogs.com/2019wxw/p/11785870.html
Recommended
Ranking
SpringBoot-integrate redis
[Sword pointing to offer] Interview question 03: Repeated numbers in an array
Arrangement "Offer Penalty for prove safety" string
Browser prevent the automatic generation of fill and Echo have been saved account solutions
Work hard and never slacken——2022 Yinmai Information Year-End Summary
Install jdk7 on Linux system
App common dependency management tools
EduCoder-Web程序设计基础-html5— 给表单组件添加说明-第1关:label标签相关概念
Machine learning - clustering - density clustering algorithm notes
Ant's large model is exposed, AI+ finance enters the "big model" era
Daily
More
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)

Code World

© 2018 codetd.com