Cookie and session in Nodejs

Cookies

HTTP is a stateless protocol. Simply put, when you browse a page and then go to another page of the same site, the server cannot recognize that this is the same browser that is visiting the same website. Every visit has nothing to do with it.

Then the world is a mess, such as my last visit, landed, the next visit, let me land, there is no landing this thing.

Cookie is a simple to explode idea: when accessing a page, the server in the downstream HTTP message, the command browser to store a string; When the browser accesses the same domain, This string will be carried to the upstream HTTP request.

the first time a server is accessed, it is not possible to carry cookies. Must be the server gets this request, in the downstream response header, carries the cookie information, each time the browser sends the request to this server thereafter, will carry this cookie.

Characteristics

Cookies are not encrypted and users are free to see them;

The user can delete the cookieor disable it

Cookies can be tampered with

Cookies can be used to attack

cookies are stored in small amounts. The future is actually replaced by localstorage , but the latter is IE9 compatible.

Express in the cookie, you can certainly think of. Res is responsible for setting cookies, req is responsible for identifying cookies .

Session

session. The Session is not a natural technology, it relies on cookies.

Session relies on cookies, when a browser disables cookies , the login effect disappears, or the user clears the cookie , the landing also disappeared.

The session is different than the cookie. Session issued is garbled, and the server itself cache something, the next browser request with garbled up, at this time with the cache to compare, see who is.

So, a garbled, can correspond to infinite data.

in any language,the use of the session is "mechanism transparent". He's set up cookies for you , but it's easy enough to make you feel like it's not about cookies .

4.3 session

1 var session = require ("express-session"); 2 3 App.use (Session ({ 4 Secret: ' Keyboard Cat ', 5 Resave:false, 6 Saveuninitialized:true 7})) 8 9 App.get ("/", function (req,res) { if (req.session.login = = "1") { Res.send (" Welcome " + req.session.username); }else{ Res.send (" No successful landing "); 14} 15}); 16 App.get ("/login", function (req,res) { Req.session.login = "1"; set this session Req.session.username = " koala "; Res.send (" You have successfully landed "); 21});

encryption is used by MD5 encryption.

1 c4ca4238a0b923820dcc509a6f75849b

2 c81e728d9d4c2f636f067f89cc14862c

I love Beijing Tian An no and small oranges :

97afba2ee71de6a78b61149a391a378f

I love Beijing Tian an not with small oranges:

ccb721c1e26067bbf4bb49dfdbfa0c9e

I love Beijing Tian ' an gate and little oranges :

C3d110d2441ef9323d3f1e6082e708f8

no matter how big a thing you encrypt, even 10M text, will be encrypted as a string, that is the password. and magical, mathematically guaranteed, even if you change 1 words, can greatly change. So MD5 can also be used in comparison versions.

MD5 is mathematically impossible to crack. Cannot reverse the hack.

In other words, c4ca4238a0b923820dcc509a6f75849b does not have a function that translates into 1 .

However, some people do database, that is , 1~999999 All the numbers are encrypted with MD5 , and then a list, so there is the possibility of cracking.

Cookie and session in Nodejs