Detailed HTTP cookie state management mechanism, detailed cookie_php tutorial

Source: Internet
Author: User
Tags http cookie send cookies set cookie

Detailed HTTP cookie state management mechanism, detailed cookie


HTTP cookies, often referred to as "cookies", have been in existence for a long time, but are still not fully understood. The first problem is that there are many misconceptions that cookies are backdoor programs or viruses, or that they do not know how it works. The second problem is the lack of a consistent interface for cookies. Despite these problems, cookies continue to play such an important role in web development that if cookies disappear without alternatives, many of our favorite Web applications will become useless.

First, the origin of the cookie

The cookie was first invented by Netscape employees Lou Montulli in March 1993, and has been adopted by the world's most popular cookies, which are now standard and supported by all major browsers such as IE, Chrome, Firefox, and Opera.

The birth of a cookie is due to the inherent flaw of the HTTP protocol, HTTP is a stateless protocol, simple requests and Response once the request/response is over, the client-server connection is closed, and exchanging the data again requires establishing a new connection. This means that the server is unable to track the session from the connection, that is, the server is not aware of which client.

Some typical applications, such as landing/shopping carts, cannot be achieved. For example, user A in the shopping mall purchases should be placed in a shopping cart, regardless of when user a purchased, this is the same session, not into user B or user C in the shopping cart, this does not belong to the same session.

The basic principle


Second, cookie operation

The operation of cookies includes the following

1. (name)
2. Values (value)
3. Domains (domain)
4. Paths (PATH)
5. Expiry date (Expires)
6. Safety Mark (Secure)
7.HttpOnly (server-side only)

Note that cookies are most often created by the server side, and JS can also create cookies, but the HttpOnly type of JS cannot be created.

The cookie API provided by the browser (document.cookie) is simply too simple to encapsulate, as the following cookie function with Setter/getter mode facilitates many

/** JS Write cookie and read Cookie operation * * * * * * * * * * * cookie*** Cookie (NAME) * * * Write cookie*** cookie (name, value) * Cookie (name, value, option) */ var cookie = function (name, value, option) {var doc = documentif (value! = undefined) {//SET option = Option | | {}if (value = = = NULL) {value = ' Option.expires = -1}var expires = ' if (option.expires && (typeof Option.expires = = ' Number ' | | option.expires.toUTCString) {var date = new Dateif (typeof option.expires = = ' number ') {Date.settime (Date.gettime () + (op Tion.expires *)} else {date = option.expires}//for ieexpires = '; Expires= ' + date.toutcstring ()}var path = Option.path? '; Path= ' + option.path: ' var domain = Option.domain? '; Domain= ' + option.domain: ' var secure = option.secure? ';  Secure ': ' Doc.cookie = [name, ' = ', encodeURIComponent (value), expires, path, domain, Secure].join (')} else {//get Var Cookievalue = Nullif (Doc.cookie && Doc.cookie! = ") {var cookies = Doc.cookie.split (';') for (var i = 0; i <Cookies.length;  i++) {var cookie = $.trim (Cookies[i]). Split (' = ') if (cookie[0] = = Name && cookie.length > 1) {try {Cookievalue  = decodeURIComponent (cookie[1])} catch (e) {cookievalue = Cookie[1]}break}}}return cookievalue}};

There are, of course, more convenient https://github.com/florian/cookie.js that provide more convenient functions.

Iii. Types of cookies

1. Ordinary cookie, server side and JS can be created, JS can access
2.HttpOnly cookies, can only be created by the server, JS is unreadable, mainly based on security considerations
3. Secure Cookies (HTTPS only), server-side and JS can be created, JS only under HTTPS access

For example, on the Sina Cloud test page: http://snandy.sinaapp.com/php/cookie.php, I planted 3 cookies, respectively C1, C2, C3

Access with Firefox


I planted three of them, Saeut is the Sina cloud species.

Enter Document.cookie in the Firebug console


As you can see, c2,c3 are not accessible. C2 is a secure cookie that needs to be accessed under the HTTPS protocol, C3 is HttpOnly and JS cannot be accessed, which needs attention.

Change the access protocol to Https:https://snandy.sinaapp.com/php/cookie.php,firebug switch to console and then input document.cookie, you can see C2 can access the

Iv. The pit of cookies

1. If the Cookie is too large or excessive in number, the page access error, for example, will appear the following prompt

Therefore, the site's cookies need to be managed, and cookies cannot be randomly planted. Also, specify path as much as possible to limit the cookie to the specified range.

Website Browsercookielimits.squawky.net, which records the size of each browser cookie


2. Unicode encoding (encodeuricomponent) is required for saving Chinese, otherwise garbled characters are stored.

Articles you may be interested in:

    • Using the Microsoft.XMLHTTP control to send cookies
    • ASP uses XMLHTTP to implement form submission and the code for the sending of cookies
    • Androidhttpclient using cookies to apply analytics
    • C # HttpClient Cookie validation Workaround
    • Code for sending an HTTP request with a cookie, implemented with VBS
    • . NET get browser cookies (including HttpOnly) instance sharing
    • HttpClient Simulation Login implementation (using JS set cookie)
    • Python mimics the way post submits HTTP data and uses cookie values

http://www.bkjia.com/PHPjc/1091854.html www.bkjia.com true http://www.bkjia.com/PHPjc/1091854.html techarticle detailed HTTP cookie state management mechanisms, detailed cookie HTTP cookies, often referred to as "cookies", have been around for a long time, but are still not fully understood. The first question ...

  • Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.