1.cookie
Storage: Client
Fields: cookie's contents include: name, value, expiration time, path and domain. Together constitute the path region of the cookie.
Session cookie: do not set an expiration time, stored in memory;
If the expiration time is not set, it means the lifetime of the cookie during the browser session, the browser window is closed, and the cookie disappears. The life cycle of the browser session cookie is called a session cookie.
Session cookie is typically not stored on the hard disk, but stored in memory.
General cookie:
Set an expiration time, cookie stored in the hard disk
If you set the expiration time, the browser cookie will be saved to the hard drive, close it and open the browser again. Prior to the expiration time exceeds the set, the cookie is still valid. Cookie stored on the hard disk can be shared between different browser process, e.g. IE two windows.
2.session
Session: In the computer, especially in network applications, known as "session control." Session object store particular user session configuration and the desired properties. In this way, when users jump between Web page application variables are stored in the Session object will not be lost, but always exist throughout the user session. When a user requests a Web page from the application, if the user has not session, the Web server automatically creates a Session object. When the session expires or is abandoned, the server will terminate the session. Session object of the most common usage is to store the user's preferences. For example, if the user does not like to see the graphic indicates, you can store this information in the Session object. For more information about using the Session object, see "ASP Applications" "Manage Sessions" section. Note Session state is only retained in support cookie browser.
3.x-auth-token
x-auth-token token way for APP, + certification authorization; for user authentication, authorization for the APP; safer
Within the company: session-id is the primary key of the session, before the session-id is placed in the cookie, now App, so we placed header, the name for the x-auth-token.
4.open_id
OpenID is a user-centric digital identification frame having open dispersibility.
The company explained that a development:
A user ID, OpenID attribute, the ID is generally not to other business systems. OpenId user is only disclosed a unique identifier., Other services are generally landing system data
definition:
OpenID is a decentralized online authentication system. For the site supports OpenID, users do not need to remember traditional authentication token such as a user name and password. Instead, they only need to pre-register on offer in a person as OpenID identity (identity provider, IdP) website. OpenID is decentralized, any website can use OpenID to log in users as a way of, any website can also be used as OpenID identity provider. OpenID only solve the problem but does not need to rely on the central website to confirm digital identity.
