HTTP cookies, also known as "cookies", have existed for a long time, but are still not fully understood. The primary problem is that there are many misunderstandings, that cookies are backdoor programs or viruses, or they do not know how they work. The second problem is the lack of a consistent interface for cookies. Despite these problems, cookies still play an important role in web development, so that if there is no alternative to cookies, many of our favorite Web applications will become useless.
I. cookie origin
Cookie was first invented by Lou Montulli, an employee of Netscape in March 1993 and adopted by W3C. Currently, cookies have become a standard and all mainstream browsers such as IE, Chrome, Firefox, and Opera are supported.
Cookie was born because of the inherent defect of HTTP. HTTP is a stateless protocol. once a simple Request and Response ends, the connection between the client and the server is closed, A new connection is required to exchange data again. This means that the server cannot trace sessions from the connection, that is, the server does not know which client it is.
Some typical applications, such as login/shopping cart, cannot be implemented. For example, all the items purchased by user A in the shopping mall should be placed in the shopping cart of user A. No matter when user A buys them, they belong to the same session, it cannot be placed in the shopping cart of user B or user C. This does not belong to the same session.
Basic principles
II. cookie operations
The following operations are performed on cookies:
1. Name)
2. Value)
3. Domain)
4. Path)
5. expiration date (Expires)
6. Secure)
7. HttpOnly (server only)
Note: cookies are mostly created on the server side. JS can also be used to create cookies, but HttpOnly JS cannot be created.
The cookie API (document. cookie) provided by the browser is too simple and can be slightly encapsulated. for example, the following uses the setter/getter method as the cookie function to make it much easier
/** JS write cookie and read cookie operations ** get cookie ** cookie (name) ***** write cookie ** cookie (name, value) * cookie (name, value, option) */var cookie = function (name, value, option) {var doc = entif (value! = Undefined) {// set option = option | {} if (value = null) {value = ''option. expires =-1} var expires = ''if (option. expires & (typeof option. expires = 'number' | option. expires. toUTCString) {var date = new Dateif (typeof option. expires = 'number') {date. setTime (date. getTime () + (option. expires * 24*60*60*1000)} else {date = option. expires} // for IEexpires = '; expires =' + date. toUT CString ()} var path = option. path? '; Path =' + option. path: ''var domain = option. domain? '; Domain =' + option. domain: ''var secure = option. secure? '; Secure': ''doc. cookie = [name, '=', encodeURIComponent (value), expires, path, domain, secure]. join ('')} else {// get var cookieValue = nullif (doc. cookie & doc. cookie! = '') {Var cookies = doc. cookie. split (';') for (var I = 0; I <cookies. length; I ++) {var cookie =$. trim (cookies [I]). split ('=') if (cookie [0] = name & cookie. length> 1) {try {cookieValue = decodeURIComponent (cookie [1])} catch (e) {cookieValue = cookie [1]} break }}} return cookieValue }};
Of course, there are more convenient https://github.com/florian/cookie.js and more convenient.
III. cookie type
1. common cookies can be created on both the server side and JS side, and can be accessed by JS
2. HttpOnly cookies can only be created by the server and cannot be read by JS. They are mainly based on security considerations.
3. secure cookies (only https) can be created on both the server side and JS side, and JS can be accessed only under HTTPS.
For example, on the Sina Cloud Test Page: http://snandy.sinaapp.com/php/cookie.php, I planted three cookies: c1, c2, and c3.
$ D1 = mktime (,); // common cookiesetcookie ("c1", "Jack", $ d1); // Secure cookie, only https, 6th parameter setcookie ("c2", "John", $ d1, NULL, NULL, TRUE); // HttpOnly cookie 7th parameter setcookie ("c3", "Resig ", $ d1, NULL, TRUE );
Access through Firefox
All three of them are available, and saeut is from Sina Cloud.
Enter document. cookie in the firebug console
As you can see, c2 and c3 are inaccessible. C2 is a secure cookie that needs to be accessed over https. c3 is httpOnly and JS cannot be accessed. note this.
Change the access protocol to https: switch the https://snandy.sinaapp.com/php/cookie.php,firebug to the console and then enter document. cookie, you can see that c2 can access
IV. cookie pitfalls
1. if the Cookie is too large or too many times, an error is reported during page access. for example, the following prompt is displayed:
Therefore, the site cookies need to be managed and cannot be planted at will. In addition, specify the path to limit the cookie to the specified range.
The browsercookielimits.squawky.net website records the cookie size of each browser.
2. Unicode encoding (encodeURIComponent) is required when saving Chinese characters; otherwise, garbled characters are stored.
Listener Cookie status management mechanism, which describes cookie HTTP cookies, also known as "cookies", which have existed for a long time but are still not fully understood. The first problem...
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
