HTTP and Cookie and session

1.HTTP is the rule for computers to communicate over a network
2.HTTP is a stateless protocol (does not establish a persistent connection, the server does not retain the relevant information about the connection, the browser makes the request and the response is a non-memory process)
3. A complete "HTTP request" process has 7 steps:
1> establishing a TCP connection
2>web Browser sends request command to Web server
3>web Browser sends request header information
4>web Server Answer
5>web server sends answer header information
6>web server sends data to browser
7>web server shuts down TCP connections

HTTP request:
1.HTTP method or action of the request, post or get
2. The URL being requested
3. Request header, including some client environment information, authentication information, etc.
4. Request body (request body), containing some string information to send, form information, etc.
There is a blank line between the request header and the request body, and the surface request header has ended
Get: Generally used for information acquisition, using the URL to pass parameters, the number of messages sent is also limited, generally in 2000 characters! The default way, commonly used for querying, getting operations, not very safe, anyone visible, information is displayed in the URL
POST: Typically used to modify resources on the server, no limit on the number of messages sent. Generally used to send form data, new, modify, delete and other operations, to be safe, not displayed in the URL, to other people do not display.
Idempotent: The effect of executing any number of times in an operation is the same as the effect of one execution. A GET request is a power-like operation.

An "HTTP response" is typically made up of 3 parts:
① A status code consisting of a number or text to indicate whether the request succeeded or failed
The ② response header, like the request header, contains many useful information, such as server type, datetime, content type and length, etc.
③ response body, which is a blank line between the response body//Response header and the response body

"HTTP status Code"
1XX: Information class, indicating receipt of Web browser request, is being further processed
2XX: Successful, indicating that the user request was received correctly
3XX: Redirect to indicate that the request was unsuccessful and the customer must take further action
4XX: Client error, indicating that the client submitted a request with an error, for example: 404 Not Found, which means that the document referenced in the request does not exist
5XX: Server error, indicating that the server could not complete the processing of the request, such as: 500

1.Ajax main function is to implement the browser-side asynchronous access to the server: through the browser's XMLHttpRequest object to emit a small amount of data, and the service side to interact with
The server returns a small amount of data and then updates some of the client's pages.
2.json is a lightweight data format that Ajax sends a small subset of data, which can be easily understandable to server or browser interaction data, including Jason objects, Jason array objects.
3. The principle of cross-domain is: protocol://subdomain. Primary Domain Name: port number/server address, in addition to the service-side address change is called redirect accident, a few other changeable parameters of any one of the changes is called cross-domain.

Cookie and session

Cookies and sessions are inseparable brothers, so: there will be a cookie sesssion, there will be a session of the cookie.
The cookie exists on the client side and the session exists on the server. The cookie matches with the session, realizes the user authentication function, solves the Zhang three is the Zhang San question.

We used to simulate a conversation between the client and the server:

Yes, the process is so simple that in the actual request process, and indeed, the cookie is created.

Summarized as follows:
1, when the browser first access to the server, is exactly a domain name, then there is no cookie information, and then the server will assign it a. As long as the server assigns a cookie to the browser, the browser will automatically bring this cookie to access us in future visits.
2, of course, we will also set an expiration time for this cookie, if more than this point in time, the browser to access the server, will be discarded this cookie, and then by the server to assign it another cookie.

Cookies are really sensitive information, because if the user has access to our cookie, it will be in our capacity to visit that site. Therefore, cookies are not able to cross-domain, that is, a server for the browser allocation of cookies, the browser when accessing site B, is not with a server for its assigned cookie.

In Firefox, we look at cookie information as follows.

In Chrome, we look at cookie information as follows.

Here, we are using some tools to view cookie information because the delivery of cookies is transparent to us. Because cookies are automatically passed by the browser, the cookie is automatically sent to the server by the browser, even if we do not write the code to send the cookie. Of course, the same cookie is sent to the browser by the server. This is why we often omit cookie data when we analyze some data streams.

Please open a few more sites to see what cookie information they are using.

As for the session, it can exist in the file, can exist in the data, but also can exist in other servers (a computer dedicated to the Memory object cache system) in memory, it is where the data exist, and how to store or read, not the focus of our study. All we need to know is that each cookie corresponds to a single session.

The session can simply be considered a small database system that can read, write, modify, and delete data with a credential called a cookie. Unlike a database system, the data it has is "valid", and it will destroy the data after it expires.

In this chapter, we take advantage of the uniqueness of the cookie and session to achieve user authentication. The basic verification process is as follows:

Cookies and sessions are also part of the security issue, and there is a good understanding that as we continue to learn, we will have the opportunity to learn in depth in this area.

HTTP and Cookie and session