Cookie and Session in Node.js and PHP
Make a note about the cookie
Cookie
Cookie. The type is “small text file”, which refers to the data (usually encrypted) that some websites store on the user’s Client Side to identify the user.
Stateless protocol means that the protocol has no memory for transaction processing. The lack of state means that if the previous information is needed for subsequent processing, it must be retransmitted, which can result in an increase in the amount of data transferred per connection. On the other hand, the server responds faster when it doesn’t need the previous information.
HTTP is stateless, and cookies are one of the “extra ways” to get around HTTP’s statelessness. The server can set or read the information contained in Cookies to maintain the state of the user’s session with the server.
- Cookies are attached to every HTTP request, so they add traffic.
- Because cookies in HTTP requests are passed in plaintext, security is problematic unless hypertext Transfer Security is used.
- Cookie size is limited to about 4 KB, which is insufficient for complex storage requirements.
How do you bake a Cookie
As mentioned above, cookies are attached to every Http request and can be found in every Http header.
The Cookie is Set by the Server using set-cookie and delivered to the Client. (The front-end can but it is best not to set cookies)
Its existence forms are as follows:
Cookie: <cookie-list>
Cookie: name=value
Cookie: name=value; name2=value2; name3=value3
Copy the code
After a Session appears, cookies are also used to store Session ids so that the Server can quickly search user data.
How does JavaScript view cookies
document.cookie
Copy the code
You can actually modify the cookie value from the front end by modifying document.cookie, which is best not to do. Adding HttpOnly through the backend set-cookie invalidates the Document. Cookie query so that cookies cannot be modified.
Node.js natively sets cookies
Suppose we need to store the Session ID in a Cookie, just define set-cookie in the Response header
response.setHeader("Set-Cookie".`session_id=${random}; HttpOnly`);
Copy the code
PHP setting cookies
PHP setcookie() takes three parameters, name, value, and expired time
setcookie("<name>"."<value>", time()+3600);
? >
Copy the code
PHP reading cookies
$_COOKIE = $_COOKIE = $_COOKIE = $_COOKIE
$_COOKIE["user"];
? >
Copy the code
Session
Session is another mechanism for recording the client’s state, except that cookies are stored in the client browser, while sessions are stored on the server.
Each time a user logs in, a Session ID is generated and stored in the database. The server may destroy the Session if necessary.
In PHP Session
Like cookies, Session in PHP is a super global variable.
Use Session
Before using a session, the session_start() function must be used to start the session.
session_start();// store session data
$_SESSION['views'] =1;
? >
Copy the code
End of the Session
If you want to delete some session data, you can use the unset() or session_destroy() functions.
The session variable can be released using the unset() function:
unset($_SESSION['views']);
? >
Copy the code
You can also use the session_destroy() function to destroy the session completely, at which point all session data is destroyed
Session_destroy () is usually used for user logout.
session_destroy();? >
Copy the code
JSON Web Token instead of Session and Cookie (JWT)
Nodejs does not seem to have a separate section for sessions and cookies, but there is currently a JWT that can be used as an alternative to both.
May refer to: www.ruanyifeng.com/blog/2018/0…