Detailed HTTP cookie state management mechanism, detailed cookie_php tutorial

Detailed HTTP cookie state management mechanism, detailed cookie

HTTP cookies, often referred to as "cookies", have been in existence for a long time, but are still not fully understood. The first problem is that there are many misconceptions that cookies are backdoor programs or viruses, or that they do not know how it works. The second problem is the lack of a consistent interface for cookies. Despite these problems, cookies continue to play such an important role in web development that if cookies disappear without alternatives, many of our favorite Web applications will become useless.

First, the origin of the cookie

The cookie was first invented by Netscape employees Lou Montulli in March 1993, and has been adopted by the world's most popular cookies, which are now standard and supported by all major browsers such as IE, Chrome, Firefox, and Opera.

The birth of a cookie is due to the inherent flaw of the HTTP protocol, HTTP is a stateless protocol, simple requests and Response once the request/response is over, the client-server connection is closed, and exchanging the data again requires establishing a new connection. This means that the server is unable to track the session from the connection, that is, the server is not aware of which client.

Some typical applications, such as landing/shopping carts, cannot be achieved. For example, user A in the shopping mall purchases should be placed in a shopping cart, regardless of when user a purchased, this is the same session, not into user B or user C in the shopping cart, this does not belong to the same session.

The basic principle

Second, cookie operation

The operation of cookies includes the following

1. (name)
2. Values (value)
3. Domains (domain)
4. Paths (PATH)
5. Expiry date (Expires)
6. Safety Mark (Secure)
7.HttpOnly (server-side only)

Note that cookies are most often created by the server side, and JS can also create cookies, but the HttpOnly type of JS cannot be created.

The cookie API provided by the browser (document.cookie) is simply too simple to encapsulate, as the following cookie function with Setter/getter mode facilitates many

/** JS Write cookie and read Cookie operation * * * * * * * * * * * cookie*** Cookie (NAME) * * * Write cookie*** cookie (name, value) * Cookie (name, value, option) */ var cookie = function (name, value, option) {var doc = documentif (value! = undefined) {//SET option = Option | | {}if (value = = = NULL) {value = ' Option.expires = -1}var expires = ' if (option.expires && (typeof Option.expires = = ' Number ' | | option.expires.toUTCString) {var date = new Dateif (typeof option.expires = = ' number ') {Date.settime (Date.gettime () + (op Tion.expires *)} else {date = option.expires}//for ieexpires = '; Expires= ' + date.toutcstring ()}var path = Option.path? '; Path= ' + option.path: ' var domain = Option.domain? '; Domain= ' + option.domain: ' var secure = option.secure? ';  Secure ': ' Doc.cookie = [name, ' = ', encodeURIComponent (value), expires, path, domain, Secure].join (')} else {//get Var Cookievalue = Nullif (Doc.cookie && Doc.cookie! = ") {var cookies = Doc.cookie.split (';') for (var i = 0; i <Cookies.length;  i++) {var cookie = $.trim (Cookies[i]). Split (' = ') if (cookie[0] = = Name && cookie.length > 1) {try {Cookievalue  = decodeURIComponent (cookie[1])} catch (e) {cookievalue = Cookie[1]}break}}}return cookievalue}};

There are, of course, more convenient https://github.com/florian/cookie.js that provide more convenient functions.

Iii. Types of cookies

1. Ordinary cookie, server side and JS can be created, JS can access
2.HttpOnly cookies, can only be created by the server, JS is unreadable, mainly based on security considerations
3. Secure Cookies (HTTPS only), server-side and JS can be created, JS only under HTTPS access

For example, on the Sina Cloud test page: http://snandy.sinaapp.com/php/cookie.php, I planted 3 cookies, respectively C1, C2, C3

Access with Firefox

I planted three of them, Saeut is the Sina cloud species.

Enter Document.cookie in the Firebug console

As you can see, c2,c3 are not accessible. C2 is a secure cookie that needs to be accessed under the HTTPS protocol, C3 is HttpOnly and JS cannot be accessed, which needs attention.

Change the access protocol to Https:https://snandy.sinaapp.com/php/cookie.php,firebug switch to console and then input document.cookie, you can see C2 can access the

Iv. The pit of cookies

1. If the Cookie is too large or excessive in number, the page access error, for example, will appear the following prompt

Therefore, the site's cookies need to be managed, and cookies cannot be randomly planted. Also, specify path as much as possible to limit the cookie to the specified range.

Website Browsercookielimits.squawky.net, which records the size of each browser cookie

2. Unicode encoding (encodeuricomponent) is required for saving Chinese, otherwise garbled characters are stored.

Articles you may be interested in:

• Using the Microsoft.XMLHTTP control to send cookies
• ASP uses XMLHTTP to implement form submission and the code for the sending of cookies
• Androidhttpclient using cookies to apply analytics
• C # HttpClient Cookie validation Workaround
• Code for sending an HTTP request with a cookie, implemented with VBS
• . NET get browser cookies (including HttpOnly) instance sharing
• HttpClient Simulation Login implementation (using JS set cookie)
• Python mimics the way post submits HTTP data and uses cookie values

http://www.bkjia.com/PHPjc/1091854.html www.bkjia.com true http://www.bkjia.com/PHPjc/1091854.html techarticle detailed HTTP cookie state management mechanisms, detailed cookie HTTP cookies, often referred to as "cookies", have been around for a long time, but are still not fully understood. The first question ...

