cookie

HTTP stateless protocol, can only be obtained in the same website (including multiple pages), stored in the client local information, to help us store information to get information. But there is also a risk: Cookies can be manipulated or set by ourselves in the browser.

const express = require('express') const cookieParser = require('cookie-parser') const app = express() App.use (CookieParser ()) app.get('/', (req,res)=>{res.send(' Welcome '+ req.cookies.username); }) app.get('/login', (req,res)=>{let username = req.query.username; res.cookie('username',username,{maxAge:99999, httpOnly:true}); // maxAge: the validity of the cookie; HttpOnly is set to true to protect against XSS attacks and can only be accessed by web serve, not res.send(' login successful ') via document.cookie; }) app.listen(80);

session

Session is implemented based on cookies, and it will disappear when the browser is closed. The session will store a sessionID in the client via a cookie. If cookies are disabled in the browser, the session will not be used.

const express = require('express') const session = require('express-session') const app = express() app.use(session({ // Reset session saveUninitialized on every request True // With or without session, })) app.get('/',(req,res)=>{if(req.session.username){res.send(' Welcome '+req.session.username)})}); res.send('<a href="/login? }) app.get('/login',(req,res)=>{req.session.username = req.query.username res.send('succ')}) app.listen(80)

MD5 encryption

const crypto = require('crypto'); function md5(pwd){ let md5 = crypto.createHash('md5'); let password = md5.update(pwd).digest('base64'); return password; } console.log(md5('12345678')); // even if different user passwords are the same console.log(md5('12345678')+parseInt(Math.random()*10000));