Cookie and Session in Node.js and PHP

Make a note about the cookie

Cookie

Cookie. The type is “small text file”, which refers to the data (usually encrypted) that some websites store on the user’s Client Side to identify the user.

Stateless protocol means that the protocol has no memory for transaction processing. The lack of state means that if the previous information is needed for subsequent processing, it must be retransmitted, which can result in an increase in the amount of data transferred per connection. On the other hand, the server responds faster when it doesn’t need the previous information.

HTTP is stateless, and cookies are one of the “extra ways” to get around HTTP’s statelessness. The server can set or read the information contained in Cookies to maintain the state of the user’s session with the server.

  1. Cookies are attached to every HTTP request, so they add traffic.
  2. Because cookies in HTTP requests are passed in plaintext, security is problematic unless hypertext Transfer Security is used.
  3. Cookie size is limited to about 4 KB, which is insufficient for complex storage requirements.

How do you bake a Cookie

As mentioned above, cookies are attached to every Http request and can be found in every Http header.

The Cookie is Set by the Server using set-cookie and delivered to the Client. (The front-end can but it is best not to set cookies)

Its existence forms are as follows:

Cookie: <cookie-list>
Cookie: name=value
Cookie: name=value; name2=value2; name3=value3
Copy the code

After a Session appears, cookies are also used to store Session ids so that the Server can quickly search user data.

How does JavaScript view cookies

document.cookie
Copy the code

You can actually modify the cookie value from the front end by modifying document.cookie, which is best not to do. Adding HttpOnly through the backend set-cookie invalidates the Document. Cookie query so that cookies cannot be modified.

Node.js natively sets cookies

Suppose we need to store the Session ID in a Cookie, just define set-cookie in the Response header

response.setHeader("Set-Cookie".`session_id=${random}; HttpOnly`);
Copy the code

PHP setting cookies

PHP setcookie() takes three parameters, name, value, and expired time


      
setcookie("<name>"."<value>", time()+3600);
? >
Copy the code

PHP reading cookies

$_COOKIE = $_COOKIE = $_COOKIE = $_COOKIE


      
$_COOKIE["user"];
? >
Copy the code

Session

Session is another mechanism for recording the client’s state, except that cookies are stored in the client browser, while sessions are stored on the server.

Each time a user logs in, a Session ID is generated and stored in the database. The server may destroy the Session if necessary.

In PHP Session

Like cookies, Session in PHP is a super global variable.

Use Session

Before using a session, the session_start() function must be used to start the session.


      session_start();// store session data
  $_SESSION['views'] =1;
? >
Copy the code

End of the Session

If you want to delete some session data, you can use the unset() or session_destroy() functions.

The session variable can be released using the unset() function:


      
  unset($_SESSION['views']);
? >
Copy the code

You can also use the session_destroy() function to destroy the session completely, at which point all session data is destroyed

Session_destroy () is usually used for user logout.


      session_destroy();? >
Copy the code

JSON Web Token instead of Session and Cookie (JWT)

Nodejs does not seem to have a separate section for sessions and cookies, but there is currently a JWT that can be used as an alternative to both.

May refer to: www.ruanyifeng.com/blog/2018/0…