Understanding the session mechanism

Understanding the session mechanism
The session mechanism is a server-side mechanism that uses a hash-like structure (or perhaps a hash table) to hold information.

When a program needs to create a session for a client's request, the server first checks to see if a session ID is included in the client's request-called the session ID. If itcontains a session The ID indicates that the session was previously created for this client, and the server retrieves the session using the session ID (if it is not retrieved, it may create a new one) if the client request does not include the session ID. Creates a session for this client and generates a session Id,session ID value associated with this session should be a string that is neither duplicated nor easily found to mimic the pattern, this session The ID will be returned to the client in this response to be saved. This session ID can be saved by using a cookie, so that the browser can automatically play the logo to the server during the interactive process. Generally the name of this cookie is similar to Seeesionid, and. For example, WebLogic for Web application generation cookie,jsessionid=byok3vjfd75apnrf7c2hmdnv6qzcebzwowibyenlerjq99zwpbng!- 145788764, its name is Jsessionid.

Each client, whether or not logged in, as long as the access to the server will produce a session (set the session server) with SessionID, and will be sent to the client;

Generally use a cookie to send SessionID, the user's cookie with SessionID, the user when accessing other pages, the following several things happen;

Server uses cookie SessionID to find session, attach session to req, so users go to other pages will also have req.session;

The above event action, regardless of whether the user has logged in will occur, design login site mode is to check whether there is user information in the session, according to user information display the corresponding page;

Only users without login, user information will not be saved to the session;

The user's information is stored in the session of the action, generally through the post method of the callback to complete;

If the user is logged in, the user information is searched through the parameters (Req.body.name,req.body.password) that are passed through by users, and the user information is saved to the session manually.

Req.session.user = user), user from, User.findone ({nam:ereq.body.name,password:req.body.password},function (Err,user) {

Req.session.user = user;

Save the user's information to req.session; Req.session is similar to an object, also known as a hash table (Hashtable, object literal);

})；

After performing the above actions, the user is logged on to another page, and the action is performed as follows:

1, through the cookie SessionID to find the session, and through the middleware to hang the session to Req (request);

2, verify the req.session is logged in, and according to Req.session.user which users display the corresponding information;

Understanding the session mechanism