First, Cookie increase, delete, change, check and configure encryption

A brief understanding of cookies

HTTP requests are stateless, but at development time, there are situations where you need to know who is making the request. To solve this problem, the HTTP protocol designs a special request header: Cookie. The server can send a small amount of data to the client through set-cookie. The browser will keep the data according to the protocol and carry it with it the next time it requests the same service.

1. Add cookies

In fact, Egg already provides us with a way to manipulate cookies. Just use it. /app/controller/cookieTest.js

/ / add a Cookie
  async add() {
    const { ctx } = this;
    ctx.cookies.set('user'.'12345789');
    ctx.body = {
      status: 200.data: 'Cookie added successfully! '}; }Copy the code

The routing configuration

  router.post('/add', controller.cookieTest.add);
Copy the code

access127.0.0.1:7001 / add

2. Delete cookies

Deleting cookies requires only a small change in the code that adds the Cookie operation.

  / / delete the Cookie
  async del() {
    const { ctx } = this;
    ctx.cookies.set('user'.null); // Set value to null to delete
    ctx.body = {
      status: 200.data: 'Cookie deleted successfully! '}; }Copy the code

3. Modify cookies

As with adding cookies, you only need to change different values

/ / modify the Cookie
  async editor() {
    const { ctx } = this;
    ctx.cookies.set('user'.'asdfghj'); // Modify to change value
    ctx.body = {
      status: 200.data: 'Cookie modified successfully! '}; }Copy the code

4. View cookies

To query cookies, use the ctx.cookie.get () method

/ / query cookies
  async show() {
    const { ctx } = this;
    const user = ctx.cookies.get('user');
    console.log(user);
    ctx.body = {
      status: 200.data: 'Cookie query successful! '}; }Copy the code

5. Perform other configuration operations for cookies

The ctx.cookie.set () method takes three parameters. The first parameter is key, the second parameter is value, and the third parameter can be configured. For example, if you need to configure the validity period of cookies, you can use the maxAge property. (The time is milliseconds.)

ctx.cookies.set('user'.'12345789', {
      maxAge: 2000.// Wait 2 seconds to refresh the page, and the Cookie disappears automatically, i.e., the maximum validity time is reached.
    });
Copy the code

Forgery cookies to circumvent login is a common tactic used by hackers, so for security purposes, egg.js default allows only the server to manipulate cookies.

Cookies are not available (you need to type in the browser console to get cookies). When we want to manipulate cookies from the client side, we can set this up with the following code.

ctx.cookies.set('user'.'12345789', {
      maxAge: 2000.httpOnly: false.// For security, the default is true
    });
Copy the code

If you set Chinese in Cookie, the server will directly report an error. For example, if we set Chinese in the add() method and try again, we will get an error of 500. Encrypt :true to set Chinese. Encrypt :true

ctx.cookies.set('user'.'hello! ', {
      encrypt: true});Copy the code

Get () directly through the ctx.cookie.get () method, undefind, that is, unretrievable. In this case, you need to configure decryption again to use it.

const user = ctx.cookies.get('user', {
      encrypt: true});Copy the code

You can also use Base64 to encrypt and decrypt strings.

Session-related operations

A Cookie is very similar to a Session. The Session in an Egg is stored in a Cookie, but a Session is more secure than a Cookie. Therefore, cookies are often used in development to store whether or not to log in, while Session is used to store login and user information. Public information can be stored in cookies temporarily, but important private information can be stored in Session and can only be operated on the server.

1. Add the Session

/ / add the Session
ctx.session.username='123456' 
// Change the value
Copy the code
//Session directly supports Chinese
ctx.session.username='hello! '
Copy the code

2. Get the Session

/ / get the Session
  const username= ctx.session.username
Copy the code

3. Delete the Session

/ / delete the Session
ctx.session.username=null
Copy the code

4. Configure items related to Session

Some Session options need to be configured in the config.default.js file.

config.session = {
    key :"Test_SESS".// Set the default value for Key
    httpOnly:true.// Set the server operation
    maxAge:1000*60  ,   // Set the maximum validity period
    renew: true.// The page has access action to refresh the session automatically
}
Copy the code

Study date: 2021/12/24

Video reference: www.bilibili.com/video/BV1s3…

Documentation: jspang.com/detailed?id…

For personal study and recording only