HTTP user identification mechanisms are divided into the following methods: 1) HTTP header carrying user identity 2) Client IP address tracking, identification based on Client IP address 3) User Login, set other users using authentication method 4). Use a fat URL, a technology embedded in the URL to identify information 5). Cookie, information about HTTP headers is listed in the following table.
HTTP Header
| Header name |
Header type |
Description |
| From |
Request |
User's email address |
| User-Agent |
Request |
User's browser software |
| Referer |
Request |
The user jumps from this page according to the link |
| Authorization |
Request |
Username and password |
| Client-IP |
Extension |
Client IP Address |
| X-forwarded- |
Extension |
Client IP Address |
| Cookie |
Extension |
ID tag generated by the server |
Generally, form stores users' email addresses in the HTTP header. However, due to network security concerns, the From header is now sent by automated robots or crawlers, therefore, it is unreliable to identify users by saving users' emails in from. The User-Agent does not need to be used to identify the information of the user's browser software. The Referer records that the user jumps from the page according to the link and cannot identify the user. Authorization is used for user login. The server sends a response code of http401 login required to the browser. In the pop-up window, the user is requested to log on. Then, the browser adds an Authorization header to provide the user's logon information. The Web server does not need to passively guess the user's identity based on the user's IP address. It can ask the user who is the user through user name and password authentication (LOGIN. To make logon to a Web site easier, HTTP contains a built-in mechanism that allows you to use the WWW-Authenticate header and Authorization header to send the user's username and password to the web site. After successful login, the browser can continuously send this login information in each sent request, so that you can confirm the user. Disadvantages of client-IP address 1). The client IP address description is a specific Identifier of the machine rather than the user. If multiple users share the same computer, they cannot recognize it. 2), many Internet services will not configure Dynamic IP addresses for users. 3) Many users access network content through the Network Address Translation (NAT) firewall. 4) The HTTP proxy or gateway will open a new TCP link to the original server. The web server will see the proxy IP address instead of the client. A fat URL is a unique identifier behind a URL. However, it is not a good decision in terms of the aesthetics and other accuracy of the URL. Cookie is the most commonly used tool to save the unique user identity and record the user's logon status. 1) cookie-type session cookie: a temporary cookie. After the user exits the browser, the persistent cookie is deleted: stored on the hard disk, used to maintain the configuration files or login session cookies that users access a website cyclically. The difference between session cookies and persistent cookies is their past time. The first request to Amazon's website
After successful login
The cookie stores session-ID, session-Token, and other related information. On the server side, session-ID generation can correspond to users one by one and cannot be changed for the same user.
