Login, Cookie, session and other conceptual understanding

One of the most important modules in website or mobile development is the login login module.

For development, the most common sub-modules considered by the login module are:

1. Get the login user information from the database, getusercredential

such as userid, username, password, cookies, Lastlogintime, Iskeeplogin and other company or identity information.

2. After the user enters or gets username from the database, password, the login interface

Common interface Definitions and parameters Login (username, password, iskeeplogin)

To log in, the general process logic:

A. Delete the old cookie and userid information (the server will not receive a login request with a full cookie or userid);

B. Send information such as username, password, device time, etc. to the Server,post request method.

C. Server response: After validating Username,password, the server will return more information, most importantly the UserID and cookies, which will be included in the HTTP header each time the URL request is completed. is the key information that can be accepted by the server. How to log in failed, that nothing to get, nothing is recorded.

D. Add or update user identity information to the database, username, password, userid, cookies, iskeeplogin, etc.

3. Renewsession

When a user sends a URL request, it encounters 401 of the information. Indicates that the request was not authorized and that the user's identity was verified.

Causes of this problem are:

A. At the time of first landing, one or both of the user names and passwords are invalid, such as incorrect input, temporary deactivation of user name

B. The session expires and needs to be re-logged

At this point, you can try to login with the saved username and password, if the login is successful, re-refresh the user's identity information, and this attempt, only once.

4. Force to Web

In mobile development, you will also encounter a way of force to the web, directly with the open built-in browser to login, this time, the database needs to save WEB-based cookies.

5. Logout

Clears the UserID and cookie and password in the database, as these are key information that users need to enter when they log on again.

6. IsLogin

To determine if you have landed, you can judge the existence of Userid,cookie in the database.

8. For more information before login, such as company, school choice, etc., unrelated to personal information, more logic is needed to process the login process.

*. Other concepts that need to be familiar

What information is included in the Http header domain:

UserAgent

Cookies

ContentType

Acceptlanguage

UserAgent

A variety of software and hardware versions, in the HTTP protocol, the head domain component, through this logo, users visit the site can display different layout to provide users with better experience or information statistics, such as mobile phone access to Google and computer access is not the same, These are Google's judgments based on the UA of visitors.

Information such as:

"Platform": OS platform, such as iOS
"Platform_version", operating system version of OS
"Carrier_code": Code for mobile network operators
"Carrier_name"

"Device_name": hardware name, such as Iphone6
"device_id": Hardware Id,ios can be obtained from Identifierforvendor, and Android can be obtained from telephonymanagersecure.

"App_name": App Name
"App_version"

"TimeZone": time zone information, such as "gmt+8", "GMT-8" and other standard information

What is the function of cookies?

Now many sites are registered with new users, and sometimes registered, and then the next time you visit the site, will automatically identify Do you, and say hello to you, do not feel very kind? Of course, this is only a superficial phenomenon, and more importantly, the website can use cookies to track the user's access to the site's habits, such as when to visit, what pages visited, the duration of the stay on each page. The use of this information, on the one hand, can provide users with personalized

At present, the most widely used in cookies is to record user login information, so that the next visit can not need to enter their own user name, password-of course, this convenience is also a user information disclosure problem, especially when multiple users share a computer is very easy to appear such a problem.

such as cookie information can include USER_ID, sent to the server

The carrier of the session ID is a cookie, what is the difference between the expiration time of the session and the cookie?

session expiration is server expiration, and cookie expiration is guaranteed by the client (browser), even if you set a cookie expires, this can only guarantee that the standard browser expires, will not send this cookie (including the session ID), If you construct a request, you can still use the value of the session ID.

How do I set a 30-minute expiration session?

1. Set the cookie expiration time to 30 minutes and set the session's lifetime to 30 minutes.
2. Add a time stamp for each session value .

3. Before each visit, determine the timestamp.

Actual use of the scene, such as the 30-minute expired coupon

Login, Cookie, session and other conceptual understanding