Cookie and status mechanism cookie_PHP tutorial for HTTP status management mechanism

Cookie of the HTTP status management mechanism and cookie of the status mechanism. Cookie of the HTTP status management mechanism. status mechanism cookie 1. cookie origin cookie was first invented by LouMontulli, an employee of Wangjing company in March 1993 and adopted by W3C. Currently, cookie of the HTTP status management mechanism is Cookie, status mechanism cookie
I. cookie origin

Cookie was first invented by Lou Montulli, an employee of Netscape in March 1993 and adopted by W3C. Currently, cookies have become a standard and all mainstream browsers such as IE, Chrome, Firefox, and Opera are supported.

Cookie was born because of the inherent defect of HTTP. HTTP is a stateless protocol. once a simple Request and Response ends, the connection between the client and the server is closed, A new connection is required to exchange data again. This means that the server cannot trace sessions from the connection, that is, the server does not know which client it is.

Some typical applications, such as login/shopping cart, cannot be implemented. For example, all the items purchased by user A in the shopping mall should be placed in the shopping cart of user A. No matter when user A buys them, they belong to the same session, it cannot be placed in the shopping cart of user B or user C. This does not belong to the same session.

Basic principles

II. cookie operations

The following operations are performed on cookies:

Note: cookies are mostly created on the server side. JS can also be used to create cookies, but HttpOnly JS cannot be created.

The cookie API (document. cookie) provided by the browser is too simple and can be slightly encapsulated. for example, the following uses the setter/getter method as the cookie function to make it much easier

/** JS write cookie and read cookie operations ** get cookie ** cookie (name) ***** write cookie ** cookie (name, value) * cookie (name, value, option) */var cookie = function (name, value, option) {var doc = entif (value! = Undefined) {// set option = option | {} if (value = null) {value = ''option. expires =-1} var expires = ''if (option. expires & (typeof option. expires = 'number' | option. expires. toUTCString) {var date = new Dateif (typeof option. expires = 'number') {date. setTime (date. getTime () + (option. expires * 24*60*60*1000)} else {date = option. expires} // for IEexpires = '; expires =' + date. toUT CString ()} var path = option. path? '; Path =' + option. path: ''var domain = option. domain? '; Domain =' + option. domain: ''var secure = option. secure? '; Secure': ''doc. cookie = [name, '=', encodeURIComponent (value), expires, path, domain, secure]. join ('')} else {// get var cookieValue = nullif (doc. cookie & doc. cookie! = '') {Var cookies = doc. cookie. split (';') for (var I = 0; I <cookies. length; I ++) {var cookie =$. trim (cookies [I]). split ('=') if (cookie [0] = name & cookie. length> 1) {try {cookieValue = decodeURIComponent (cookie [1])} catch (e) {cookieValue = cookie [1]} break }}} return cookieValue }};

Of course, there are more convenient https://github.com/florian/cookie.js and more convenient.

　　

III. cookie type

For example, on the Sina Cloud Test Page: http://snandy.sinaapp.com/php/cookie.php, I planted three cookies: c1, c2, and c3.

$ D1 = mktime (,); // common cookiesetcookie ("c1", "Jack", $ d1); // Secure cookie, only https, 6th parameter setcookie ("c2", "John", $ d1, NULL, NULL, TRUE); // HttpOnly cookie 7th parameter setcookie ("c3", "Resig ", $ d1, NULL, TRUE );

Access through Firefox

All three of them are available, and saeut is from Sina Cloud.

Enter document. cookie in the firebug console

As you can see, c2 and c3 are inaccessible. C2 is a secure cookie that needs to be accessed over https. c3 is httpOnly and JS cannot be accessed. note this.

Change the access protocol to https: switch the https://snandy.sinaapp.com/php/cookie.php,firebug to the console and then enter document. cookie, you can see that c2 can access

IV. cookie pitfalls 1. when a Cookie is too large or too many pages are accessed, an error is reported. for example, the following prompt appears:

Therefore, the site cookies need to be managed and cannot be planted at will. In addition, specify the path to limit the cookie to the specified range.

The browsercookielimits.squawky.net website records the cookie size of each browser.

2. Unicode encoding (encodeURIComponent) is required when saving Chinese characters; otherwise, garbled characters are stored.

Tip 1: cookie origin cookie was first invented by Lou Montulli, an employee of Netscape in March 1993 and adopted by W3C. currently cookie...