This is a creation in Article, where the information may have evolved or changed.
Cookies are data stored in the browser side in the form of Key,value.
Ii. Working principle & Application Scenario
At the time of Request, the browser places the cookie information in the http-request headers.
In Response, the browser saves the cookie information in the Http-response headers information.
The core information of a cookie consists of three parts: Name, Value, expiration time.
The cookie is overwritten, so the addition, update, and deletion of the cookie are performed by the browser, which is the setting (set) action.
- Remember user name
- Shopping Cart Information
Third, the characteristics
1. Storage Features
- (1) Limited storage size, related to browser version
- (2) Limited number of storage bars, related to browser version
- (3) Character encoding is Unicode and does not support direct storage of Chinese
- (4) Storage content can be easily viewed, and it is not recommended to store sensitive information
- (5) Poor reliability, may be removed for various reasons at any time
- (6) Storage properties In addition to name, Value, expiration time, and Domian, Path, the current domain can manipulate the current domain subdomain, the parent domain's cookie, the current path, you can manipulate the current path and the current path child, the parent path under the cookie.
Domian:www.ken.io is the subdomain of Ken.io, the parent domain of Test.www.ken.io, and also the sibling domain name of Blog.ken.io. Apps under Www.ken.io can access cookies under Ken.io and *.www.ken.io, but cannot access cookies under Blog.ken.io
Path: For example page: Http://ken.io/home/about path is/home/about, this path can be accessed to the root path/and/home/* under the path of the cookie, then cannot access the cookie under the/category
2. Transmission characteristics
- (1) Each request client complies with Domian and the cookie requested by path will be transmitted to the server via the request headers
- (2) The size of the transmitted cookie is limited by the browser and the Web server
3. Safety features
- The information in the cookie is easily viewable and is recommended for storage after encryption
- Cookies are easily exploited by XSS attacks, can be set httponly=true, do not allow client access (99.9% of browsers are valid)
Iv. use of experience/advice
- Do not store unencrypted sensitive information (security)
- If you do not need to access the client, set Httponly=true (security)
- Set a reasonable expiration time (transfer efficiency)
- Do not store too much content (transfer efficiency)
- Do not store too many entries (transfer efficiency)
- Set reasonable Domian, path, reduce unnecessary cookie transmission (transfer efficiency)
- Do not store non-Unicode characters (availability)
- Do not store non-recoverable information (reliability)