The cookies.
1. The generation of cookies
Cookies are generated because the server cannot maintain state, and the server cannot distinguish whether two requests are from the same browser.2. What are cookies
Cookies are a small piece of data that the server adds and saves on the client -- a text file that the browser stores on the user's computer.3. Cookies
(1). Create Cookie <1>. After the server accepts the request from the client, it adds a Set-Cookie option in the response header
Eg: HTTP/1.0 200 OK Content-type: text/ HTML Set-cookie: yummy_cookie=choco Set-cookie: tasty_cookie=strawberry <2> The browser saves the cookie after receiving the response and sends the cookie to the server for each subsequent request. In addition, the expiration time, domain, path, validity period, and applicable site of the cookie can be specified according to the need. GET /sample_page.html HTTP/1.1 Host: www.example.org Cookie: yummy_cookie= Choco; tasty_cookie=strawberry(2) Cookie during the session
The browser session period exists. After the browser is closed, the cookie will be deleted automatically. During the session, there is no need to set the expiration time (Expires) and expiration time (max-age). Keep it in memory.(3). Persistent Cookie
Persistent cookies are stored on the hard disk. After being closed, the browser is opened again. These cookies are still valid until the Set expiration time is exceeded. Expires=Wed, 21 Oct 2015 07:28:00 GMT;(4). Secure and HttpOnly flags in cookies
The tag Secure needs to be encrypted over the HTTPS protocol channel and sent to the server, but because cookies are inherently insecure, the tag does not provide true security. Starting with Chrome 52 and Firefox 52, Unsecure sites (HTTP :) cannot use the Secure flag for cookies. To avoid cross-domain scripting (XSS) attacks via document. cookie, use the HttpOnly flag eg: set-cookie: id=a3fWa; Expires=Wed, 21 Oct 2015 07:28:00 GMT; Secure; HttpOnly(5). The domain option
Eg: set-cookie: name=PHPSESSID; eg: set-cookie: name=PHPSESSID; domain=segmentfault.com(6). Path option
The path option specifies which path can accept cookies and matches all subpaths below it. Set path =/docs and the following addresses will match: /docs/ docs/Web/ /docs/Web/HTTP4. Cookies application scenarios
Session state management (such as user login status, shopping cart, game score, or other information that needs to be recorded) Personalization (such as user customization, theme, etc.) Browser behavior tracking (such as tracking and analyzing user behavior, etc.)
2. LocalStorage and sessionStorage
1. The localStorage
Since the storage of cookies in the client is about 4K, too many cookies will lead to insufficient storage space, and a warehouse that can store a large amount of information is needed.
2. The localStorage is what
It is essentially a hash table stored on the client3. The localStorage API, rounding
(1). Set
Eg: // three ways to set the field f(! Window.localStorage){alert(" Browser supports localStorage "); return false; }else{ var storage=window.localStorage; // Storage ["a"]=1; // write a=1; // write to storage.setItem("c",3); console.log(typeof storage["a"]); console.log(typeof storage["b"]); console.log(typeof storage["c"]); }(2). Read
Eg: // Storage. A; storage.['b']; storage.getItem('c')(3). Remove
<1>. Deletes key-value pairs
storage.removeItem(key);<2>. Clear all
storage.clear();4. Cookie,localStorage and sessionStorage
Three sessions.
1. The generation of the session
Cookie is stored in the client, which is easy to be tampered with. In this case, a relatively secure storage method is needed, which is born of session application.
2. The definition of the session
Is a mechanism for storing information on the server side. When the client accesses the server for the first time, a session is generated on the server side, which is automatically saved to the server session when the user’s data needs to be saved
3. Workflow of Session
The client is the client and the server is the server (1). Generate sessionID: When the client visits the server for the first time, the server will generate a random number, namely sessionID, and put the sessionID in the response header and return it to the client in the form of cookie, which is roughly like this: Cookie: sessionID=1234567. (2). Save sessionID and user data: Server saves user data to sessionID, and then saves sessionID to memory (3). When the client accesses the server again, the client will bring the SessionID cookie obtained during the first visit to the server. The server will look for the SessionID in the cookie and return it to the client if it finds the SessionID. Java is stored in the server’s memory, restart the server, the session is gone PHP is stored in the server’s file, restart the server, the session is still in the server’s memory, restart the server, Sessino is gone
4. The difference between cookies and sessions
2. Cookie can be viewed and modified on the client side, but session cannot be. Session storage is more secure than cookie storage 3. The implementation of session is based on SessionID, and SessionID is stored in cookie. Therefore,session is a data storage method based on cookie