Poptest Lao Li share the safety and difference of Session,cookie 2

Four, session and Cookie who is more secure

Personally, I think the session is a little safer, and I have a few points of view.

1, if the session and the cookie is as safe, the two will not and to exist at the same time, as long as the cookie is good, let the client to the burden of the server, and for the user is transparent. Why not.

2,session's SessionID is placed in a cookie, to break the session, the first to break the cookie. After breaking the cookie, you want to get Sessionid,sessionid is to have someone login, or start Session_Start to have, you don't know when someone will log in. Second, the SessionID is encrypted, the second time Session_Start, the previous sessionid is no use, the session expires SessionID will also expire, want to in a short time the internal strength of a dense sessionid difficult. Session is for the purpose of a communication, the end of sessions will disappear, and the real cookie exists on the client hard disk of a text file, who security is obvious.

3, if the session is so easily broken, so unsafe, I think most of the existing sites are not safe.

1. Scope Control Object

(1) function

Represents the existence scope of an object

(2) Classification

A: Current JSP file (the class file generated by the current JSP compilation)

The page default

Exception: Contains the object declared in the contained file when the instruction implementation contains an effect.

B: Two JSP files with an explicit request-pass relationship

Request: Object storage implemented using attributes (one-key-one-value).

The object information stored in the Request property is automatically purged after the requested file execution is completed .

Use the scene: when the page forwards the effect, the value is passed.

C: How client information is stored

The first kind: the User (client) information storage way: The user information All by the client implementation storage and management.

The second type: server-side information storage. Information is stored uniformly on the server.

Technical implementation:

Client Storage method: Cookie

Server-side Information Store: Session application

2. Cookies

(1) Understanding

"Cookie." A temporary text file stored in the client machine browser Temp directory that implements the user's basic information store.

(2) characteristics

A: is a text file

B: It's a temporary text file.

C: The file size generally does not exceed 1K

D: Stored in a temporary directory in the browser

E: By default, cookies are not compatible with the browser and are shared with the Web application .

F:cookie stores the user's basic information in the form of a name and value .

G: The scope of storing information is: multiple pages accessed by a browser

H:cookie will disclose the privacy of your users

I:cookie is disabled by the client

(3) Application

A: Create A Cookie

Cookie Cookie=new Cookie ("name", "value");

A cookie can store only one value, and a cookie file may store multiple cookies

B: Specify the effective period of the cookie

Clear the existence time of the cookie file.

Classification of Cookies: session-level Ccokie and persistent cookies.

Session-Level Cookies:cookies exist in the cache only during the current user access process. Once the user exits, the cookie is automatically cleared. Program: does not specify the time to save the cookie.

Persistent Cookie: A cookie is created in the client machine when the time of the existence of the cookie is clear. Once created, it is considered to be permanent.

cookie.setmaxage (int)---> Seconds

C: Output Cookie

Creating text on the client

Response.addcookie (Cookie)

D: Obtaining cookies from the client

request.getcookies ()----> Array. A collection of all the cookies in the client's current browser.

Poptest Lao Li share the safety and difference of Session,cookie 2