HTTP client identification and cookie mechanism

The Web server may be talking to thousands of different clients at the same time, which typically records who they are talking to and does not assume that all requests are from the anonymous user's client.

Below we will discuss the following user identification mechanisms:

1 HTTP header that hosts user identity information

2 Client IP address tracking, which is identified by the user's IP address

3 User login, using authentication method to identify users

4 Fat URLs, a technique for embedding identifying information in URLs.

5 cookies A powerful and efficient persistent identity recognition technology

　HTTP Header

Client IP Address

User Login

Fat URL

Cookies

Cookies are the best way to identify users today and to achieve a persistent session.

Type of cookie: You can generally divide a cookie into two categories, a session cookie and a persistent cookie, a session cookie is a temporary cookie, and he records the settings and preferences when the user visits the site, and when the user exits the browser, the cookie is deleted. Persistent cookies live longer, they are stored on the hard disk, the browser exits, they still exist when the computer restarts, and the persistent cookie is used to maintain the configuration file or login name of the site that a user periodically accesses.

How a cookie works:

Cookies are like stickers that the server gives to users, and when a user accesses a Web site, the Web site can read all the stickers that the server posted to the user. When the user first visited the Web site, the Web server knew nothing about the user, and the Web server wanted the user to come back again, so he wanted to "post" a unique cookie to the user, so that the user could be identified later. The cookie contains an arbitrary list of information consisting of a name = value, and it is posted to the user by the Set-cookiehttp response header.

Cookies can contain arbitrary information, but they usually contain only a unique identifier that is generated by a server for tracking purposes.

Cookie jar

The basic idea of a cookie is to have the browser accumulate a set of server-specific information that is provided to him each time it accesses the server, because the browser is responsible for storing the cookie information, so the system becomes the client side state, and the official name of the cookie specification is the HTTP state management mechanism.

Use different cookies for different sites

There can be hundreds or thousands of cookies in the cookie jar inside the browser, but the browser does not send each cookie to all sites, and in fact, it usually sends only 2-3 cookies to each site for the following reasons:

1 Transmission of all these cookie bytes can severely degrade performance.

2 cookies contain server-specific name-value pairs, so most cookies are simply unrecognized misuse data for most sites

3 Sending all cookies to all sites can lead to potential privacy issues.

In summary, the browser sends only those cookies that the server generates to the server.

Domain Properties for cookies

The server that generated the cookie can add a domain property to the Set-cookie response header to control which sites can see those cookies,

Cookie Path Properties

The cookie specification even allows users to associate cookies with some Web sites, which can be implemented through the Path property, where all cookies are valid under the URL path prefix listed in this property. So a cookie is a state fragment that is posted by the server to the client, maintained by the client, and only sent back to the appropriate sites, so let's look more closely at the technology and standards of the cookie.

Cookie ingredient:

There are two different versions of the cookie specification used now, the cookie version 0 and the cookie version 1, version 1 is the extension to version 0, and the application is not as extensive as the latter.

Version 0:

The cookie defines the Set-cookie response header, the cookie request header, and the field used to control the cookie

Set-cookie:name=value [; expires=date] [;p ath=path] [;d omain=domain] [; secure]

Detailed Explanation:

Name=value mandatory, name and value are sequence of characters, unless included in the OH double quotation marks, otherwise you cannot use semicolons, commas, etc.

Expires optional, this property specifies a date string that defines the actual lifetime of the cookie, which cannot be stored or published once the expiration date is reached.

Domain optional, the browser only sends cookies to servers in the specified domain, so that the server restricts the cookie to a specific domain, and only hosts in the specified domain can set cookies for a domain with at least two or three full periods.

Path optional This property allows you to assign a cookie to a specific document on the server, and if the Path property is a URL path prefix, you can attach a cookie.

Secure Optional If this property is included, the cookie is only sent when HTTP uses SSL secure links.

Cookie Session Tracking

Cookies can be used to keep track of users when they are doing multiple things with a Web site, and the e-commerce Web site uses session cookies to record the user's shopping cart information when the user browses.

HTTP client identification and cookie mechanism