Nature of sessionid

1. The client saves the sessionid with the cookie

The client saves the sessionid with the cookie. When we request the server, the sessionid will be sent to the server together, and the server will search for the corresponding sessionid in the memory. If the corresponding sessionid is found, it indicates that we are logged on and have the corresponding permissions. If the corresponding sessionid is not found, it means that we have disabled the browser (which will be explained later ), if the session times out (no server is requested for more than 20 minutes) and the session is cleared by the server, the server will assign you a new sessionid. You must log on again and save the new sessionid in the cookie.
When the browser is not closed (if the sessionid has been saved in the cookie at this time), the sessionid will be stored in the browser all the time, this sessionid is submitted to the server every time a request is sent, so the server considers that we are logged on. Of course, if the server is not requested for a long time, the server will think that we have already disabled the browser. At this time, the server will clear the sessionid from the memory. At this time, if we request the server again, the sessionid will no longer exist, therefore, the server does not find the corresponding sessionid in the memory, so a new sessionid will be generated. In this case, we usually need to log on again.

II. The client does not use cookies to save the sessionid

At this time, if we request the server because sessionid is not submitted, the server will regard you as a brand new request, and the server will assign you a new sessionid, this is why every time we open a new browser (whether we have logged on or not), a new sessionid (or we will log on again) will be generated ).
When we turn off the browser and open the browser and then request the page, it will let us log on. Why? We have already logged on and haven't timed out. sessionid must be on the server. Why should we log on again now? This is because when we turn off browsing and then request, the information we submitted did not submit the sessionid we just submitted to the server together, so the server does not know that we are the same person, in this case, the server assigns us a new sessionid. For example, the browser is like a person who wants to open an account at a bank, and the server is like a bank, the account owner who wants to open an account in the bank obviously does not have an account (sessionid) at this time. Therefore, after arriving at the bank, the bank staff asked if there was an account and he said no, at this time, the bank will activate an account number for him. So it can be said that every time you open a new browser to request a page, the server will think that this is a new request, and it will assign you a new sessionid.