Technical Summary of the news publishing system (I) Cookies and sessions, cookies and sessions

Source: Internet
Author: User

Technical Summary of the news publishing system (I) Cookies and sessions, cookies and sessions

This article is followed by the previous blog, the Niuke news and publishing system-the technical summary. I always feel that there is a lot of knowledge in Niuke, and there are too many things to chew carefully. Although it has increased our knowledge, understand the B/S framework, but the actual knowledge should be solid, in order to make yourself steadfast at this stage.

The previous blog is a big summary, just a list of knowledge, and I didn't think much about it. Below is a list of sublimation articles.

The following is a technical summary of the previous blog.

I) Cookie and Session

In the system, the user login is described. First, the user information in the Session is verified and the login is verified. However, Session and Cookie are closely related. Next we will analyze how they are connected.

(1) Session

Session represents the Session between the server and the client. The reason why we use the term "Session" is that, similar to the call in our daily life, a Session can be used as a Session in the period of time. When the call fails, the "Session" ends, the information to be remembered and retained automatically disappears. When a user logs on from the client, the Session retains the user's information until the user leaves the site, so you can use this to determine whether the user has logged on. This process is a "session ". Because a user needs to switch to multiple pages during logon, the user does not need to enter login information every time with the values in the Session, by referencing Session, a user can switch over multiple pages to retain the user information.

When multiple users log on, the system reserves an independent Session for each user to store information without interfering with each other.

 

A "misunderstanding": The session disappears as long as the browser is closed. This statement is incorrect.

 

(2) Cookie

We will clean up the computer from time to time. We will see the following picture when we clean up the commonly used 360 garbage. What are the cookies?


After cleaning, you will find that some webpages have to re-enter their passwords, and the history of some shopping websites you have browsed will disappear. Why? Yes. Because we cleared Cookies.

You must have logged on to a webpage that requires a user name and password. you can log on without having to enter the user name and password. This is the first time the user's information is stored in the local Cookie, it is equivalent to the password stored in the local machine, the next login directly called from the local machine. It is also a memory function.

The Cookie is stored in the memory or hard disk. The Cookie stored in the memory disappears as the browser is closed. The validity period of the Cookie is still valid when the browser is opened again on the hard disk.

Of course, to ensure Internet security, we can set cookies and adjust their security levels.

 

(3) Cookie and Session connection

Cookie is kept on the client, and Session is kept on the server. Because the server maintains the status on the client, you also need to save an identifier, so the Session needs to use cookies to save the identifier. The browser sends messages to the server in the background according to certain principles.

 

For example, the barber shop handles membership cards.

Barber shops often do some activities, such as giving a "valuable" nutrition when they are full of hair. But how can I know if a student is full for five times! We can regard students as clients and barber shops as servers. Barber shops are very smart and adopt card recording methods:

1. Give the student a card with the valid date specified above, which must be used up to five times during this period. If a student does not make a purchase, he or she will record it on this card. The number of student purchases is stored on the student himself. This is equivalent to maintaining the status on the client. It is equivalent to a local cookie. The effective date is the effective time set by Cookies.

2. Give the student a membership card, and the student will not be able to see the information stored in the card. Each time the student consumes the card, the barber shop will be able to see how many times the student has consumed in the card number, if it is used for five times, you will receive a free nutrition. This is to maintain the status on the server side. It is saved in the Session.

After saving your information in the barber shop, you still have a card in your hand. You know the card number, so the barber shop requires your own ID (card number, therefore, the Session mechanism requires the Cookie mechanism. There are other options. In this way, the Cookie is very closely related to the Session.

In your opinion, my understanding may not be very profound. You are welcome to communicate with each other and point out my shortcomings.

We look forward to a brief introduction to the general processing program in the next blog.




Describes the functions of Cookie and Session, the different application scopes, and the working principle of Session.

Purpose:
The server can filter and regularly maintain the information contained in Cookies or sessions to determine the status during HTTP transmission. Their most typical application is to determine whether a registered user has logged on to the website, and the user may be prompted to determine whether to keep the user information when entering the website for the next time to simplify the login procedures. Another important application scenario is "Shopping Cart. Users may select different items on different pages of the same website within a period of time. These information will be written into Cookies or sessions for information extraction at the final payment. All in all, cookies and sessions are technologies that can record the status of customers. Even though they are different technologies, sessions can do the same as cookies.

Differences and connections, working principles, and so on:
For example, when I was in Henan province, I often went to a deli to buy pig ducks. In order to promote sales, the store's boss offered a free offer for every 10 purchases. In addition to the family's red and white invitations, should no one buy 10 roast ducks at a time? Therefore, the boss has to find a way to record the customer's consumption quantity. There are three solutions in total:
I. The boss remembers the consumption quantity of each customer, and will automatically send one when the customer consumes 10 items. This is like the HTTP protocol itself is stateful. You can remember the customer's activity behaviors. Unfortunately, for various considerations, the http protocol itself cannot be stateful, and the boss does not have such extraordinary memory, so this solution won't work!
II. The boss sends a credit card to the customer, which records the consumption quantity and generally has a validity period. Every time you buy roast duck, if the customer shows this card, the boss will know that the customer has visited the store. This approach is to maintain the status on the client, such as cookie technology. Open (windows System) C: \ Documents ents and Settings \ User Name \ Cookies, you will find some *. small txt files, which are cookies sent to you When you browse some websites ).
III. The boss sends a membership card to the customer. No information except the card number is recorded. If the customer shows the card every time he buys the roast duck, the boss moves out of the store's roster, find your card number and Add 1 point. This approach is to maintain the status on the server side.
It is like session technology.
The biggest difference between a cookie and a session is that a cookie sends a credit card to a customer, which records all the consumption information of the customer. Session is to send the accumulation token with only the card number (session id) to the customer, which records all the customer's consumption information. The Cookie is saved on the client, the session is saved on the server, and the session id is saved on the client, which is usually a small cookie file, this small file has nothing except the session id (like the card number), so it is much safer than cookie.

Specifically, the cookie mechanism adopts the client-side persistence scheme, while the session mechanism adopts the server-side persistence scheme. At the same time, we can also see that because the server-side persistence scheme also needs to save an identifier on the client, the session mechanism may need to use the cookie Mechanism to save the identifier, but in fact it has other options.

Cookie Mechanism. The orthodox cookie distribution is implemented by extending the HTTP protocol. The server prompts the browser to generate the corresponding cookie by adding a special line in the HTTP response header. However, pure client scripts such as JavaScript or VBScript can also generate cookies. Cookies are automatically sent to the server in the background by the browser according to certain principles. The browser checks all stored cookies. If the declared range of a cookie is greater than or equal to the location where the requested resource is located, the cookie is attached to the HTTP request header of the requested resource and sent to the server.
Cookie content mainly includes: name, value, expiration time ...... remaining full text>
 
Let's talk about the higher security of session and cookies?

For large applications, cookies are recommended.
Server Load balancer is usually used by large Server Operators. As the name implies, a session is composed of multiple servers. When you access a page, the session is on one server. When you jump to another page, the accessed server may change, so the session cannot be found, the consequences should be clear to everyone.
However, if it is a personal server, two or more servers are usually not set up, so it is unnecessary to consider which security is good.
But I recommend cookies for long-term projects.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.