• HTTP protocol is used for content transfer between web pages in the network. HTTP protocol uses stateless, and all requests must have corresponding hypertext transfer protocol.
• The HTTP protocol is automatically managed after the request and corresponding process is complete.
• Stateless means that a server that provides services based on HTTP cannot determine whether multiple requests are sent from the same client or from multiple clients.
• In order to identify whether the client is the same client in the process of multiple requests, session tracking technology emerges, and session control technology, also called session persistence or session tracking technology, is needed.

The session

• Session refers to a complete communication process between the client and the server
• In the field of Web development: a web request begins with a browser URL access and ends atClosing the browser
• Centrally created session control techniques
  • Url: Address bar parameters that record the user’s identity (rarely, rarely)
  • Cookie: A small file that is automatically read and written by the browser to save user information. The data that can be stored is limited to about 10 MB. Out of date, Google is slowly shutting down the cookie technology in 2021.
  • Session: A small file that holds user information on the server. The amount of data that can be stored is limited. It depends on the server configuration
  • Token: A string that records and identifies a user. Save in the client language [JS/Android /ios]

cookie

Cookie is a small text saved in the browser, which is automatically managed and sent and received by the browser. Therefore, do not store sensitive user information in cookies, such as passwords. In addition, the user can turn off the cookie function in the browser. If cookies are turned off, there are only two things the server can do :1. Prompt the user to enable the cookie function, 2. Do not use cookies.

Cookie implements session control

1. The client (browser) initiates a URL web page request and the server identifies the user
2. The server generates a cookie, saves it in the response header and sends it back to the client.
3. The browser recognizes the cookie in the response header and records it in the file. We can view the cookie information of the website through the application option of F12

4. The browser automatically adds a cookie to the request header when it initiates the same web page request next time, and the client receives the cookie.

Users. Urls. Py, code:

from django.urls import path
from . import views
urlpatterns = [
    path("set_cookie", views.set_cookie),
    path("get_cookie", views.get_cookie),
    path("del_cookie", views.del_cookie),  # CTRL + D Copies the line where the cursor is
]
Copy the code

Save the cookie

Generate cookies on the server side, send to the client browser for saving, view code:

from django.http.response import HttpResponse
# Create your views here.
def set_cookie(request) :
    """ Identify the user first. ""

    """ Correct identity, cookie generated """
    response = HttpResponse("Setting cookies")
    # generate cookies
    "" Parameter list: key, # key/variable value= ", # value/content max_age=None, # Set cookie validity time, unit: Second expires = None, # datetime.now().timestamp() get the timestamp # int(time.time() * 1000) get the milliseconds timestamp # datetime.now().timestamp() obtain the millisecond timestamp path=None, # whether the current cookie can only be used in the specified public path, None indicates the same domain, Domain =None specifies whether the current cookie can only be used in the same domain. None indicates whether the current cookie can only be used in HTTPS protocol. Httponly =False, # cookies can only be used under HTTP. False: cookies can be used under HTTP.
    Set cookies to expire after 30 seconds
    The cookie will remain in the browser until the expiration date. This process will not change even if the browser is closed, except that the client deletes it
    response.set_cookie("uname"."xiaoming",max_age=5)
    response.set_cookie("uid".100, max_age=180)
    The default cookie validity period is deleted when the browser closes.
    response.set_cookie("is_login".True.)return response
Copy the code

Read the cookie

Cookies are sent in the client and received and read by the server

def get_cookie(request) :
    COOKIES can be obtained by request.COOKIES sent by the client.
    print(request.COOKIES) Get all cookies
    print(request.COOKIES.get("uname")) Get cookie with specified name
    return HttpResponse("Get the cookie")
Copy the code

Delete the cookie

Delete cookies on the server and delete cookies on the client as prompted by the server

def del_cookie(request) :
    "" Delete the cookie, we can't do that on the server, because the cookie is on the client, so we need to tell the client to delete it itself. ""
    # tell the browser that the cookie has expired
    response = HttpResponse("Tell the client to delete the cookie.")
    response.set_cookie("uid"."",max_age=0) # set the validity period to 0 seconds. When the browser accepts the response, 0 seconds is already reached, so it will be deleted automatically
    return response
Copy the code

session

• It is mainly stored in files on the server

Because a session stores data on the server, it is relatively more secure than a cookie. But because the user’s data is stored in the server, when the user base is large, the storage pressure of the server will come. Therefore, session data is generally not considered to be stored in a file, but in a storage solution, such as redis or mysql database.

The principle of

token