The 1,HTTP protocol is stateless. The server will not remember the last time the browser was processed, and if the last-known result (last state) is needed, the browser will need to return the processing value (last state) to the server again.
2,url value: Through the URL parameter or through the form form to carry out the value of the page parts (can not be very free access and read, and unsafe)
3,cookie: ①cookie can be used for more free access and reading of data.
②cookie is related to the site, its own domain name to write only their own domain name can be read.
③ a client sends a request to the server to process the form information and sends all cookies related to the site to the server, which is mandatory.
④ the data returned by the server, it returns the modified cookie, and the browser gets the modified cookie to be updated to the local cookie.
⑤ Server side Use cookie case, remember username function:
A, set page value: Response.setcookie (New HttpCookie ("UserName", UserName))
B, read the page face value: username=request.cookies["username"]. Value
⑥ the expiration of the cookie's declaration cycle after the browser is closed, the default life cycle of the cookie is the browser's lifecycle. You can set the expiration time of a Cookie by setting the Expires property: Cookie.expires=datetime.now.adddays (-1)
⑦cookie exists as a key value on the client
4,cookie Disadvantage: ① Client amount can be manually clear cookies so the information stored in the cookie is optional information
The ② browser has a limit on the size of the Cookie, so only no more than 4096 bytes are guaranteed to be accepted
③ Confidential information cannot be placed in cookies.
④cookie cannot cross browser
5,cookie Write and read: A, create a new cookietest.html page and add two buttons for cookie read and write respectively
<! DOCTYPE html>
<me ta http-equiv= "Content-type" content= "text/html; Charset=utf-8 "/>
<title></title>
<body>
<form>
<in put type= "submit" name= "read" value= "read cookies"/>
<in put type= "submit" Name= "write" value= "Write Cookie"/>
<br/>
Read cookies: $Model. cookievalue
</form>
</body>
B, create the corresponding COOKIETEST.ASHX page implementation Cookie's new write local and read the cookie value
Using System;
Using System.Collections.Generic;
Using System.Linq;
Using System.Web;
Namespace Httpnostatus
{
<summary>
Summary description of HttpCookie
</summary>
public class Cookietest:ihttphandler
{
public void ProcessRequest (HttpContext context)
{
Context. Response.ContentType = "text/html";
If else judgment is clicked on that button
if (!string. IsNullOrEmpty (context. request["Read"])
{
if (context. Request.cookies["age"]!= null)
{
HttpCookie cookie = context. Request.cookies["Age"];
String strvalue = cookie. Value;
var data = new {Cookievalue = strvalue};
Load the template page and pass the value of the Cookie value
String strhtml = common_nvelocity.renderhtml ("cookietest.html", data);
Context. Response.Write (strhtml);
}
Else
{
Context. Response.Write ("Cookie does not exist");
}
}
else if (!string. IsNullOrEmpty (context. request["Write"])
{
Write a new cookie
HttpCookie acookie = new HttpCookie ("Age");
Acookie. Value = "25";
Acookie. Expires = DateTime.MaxValue;
Context. RESPONSE.COOKIES.ADD (Acookie);
Cookie does not exist direct load template page
String strhtml = common_nvelocity.renderhtml ("cookietest.html", null);
Context. Response.Write (strhtml);
}
Else
{
Load page for the first time
String strhtml = common_nvelocity.renderhtml ("cookietest.html", null);
Context. Response.Write (strhtml);
}
}
public bool IsReusable
{
Get
{
return false;
}
}
}
}
6,cookie The main function is to save the user's login name, so that the next time the user login system can automatically fill in the name of the login
A, the new logincookie.html page, the page to add the user name we often see, user password, login
Landing page when the first load, set the default landing name is empty, landing successful and again when the system will automatically add the login user name
<! DOCTYPE html>
<me ta http-equiv= "Content-type" content= "text/html; Charset=utf-8 "/>
<title></title>
<body>
<form action= "Logincookie.ashx" method= "POST" >
<table>
<tr>
<td> Landing Name </td>
<td>
<in put type= "text" name= "UserName" value= "$Model. Loginuser"/></td>
</tr>
<tr>
<td> Password </td>
<td>
<in put type= "password" name= "password"/></td>
</tr>
<tr>
<td>
<in put type= "submit" name= "Login" value= "Login"/></td>
<td></td>
</tr>
</table>
</form>
</body>
B, create a new LOGINCOOKIE.ASHX page that reads the user name and writes it to the cookie "Ckloginuser"
Using System;
Using System.Collections.Generic;
Using System.Linq;
Using System.Web;
Namespace Httpnostatus
{
<summary>
Summary description of Logincookie
</summary>
public class Logincookie:ihttphandler
{
public void ProcessRequest (HttpContext context)
{
Context. Response.ContentType = "text/html";
Load page to display page directly
if (context. request.form["Login"] = = null)
{
String strhtml = "";
var data = new {Loginuser = ""}; Login account Default is empty
To determine whether a cookie exists, if there is a value of the cookie passed to the HTML page, if it does not exist is the default null
if (context. request.cookies["Ckloginuser"]!= null)
{
data = new {Loginuser = context. request.cookies["Ckloginuser"]. Value.tostring ()};
}
strHTML = common_nvelocity.renderhtml ("logincookie.html", data);
Context. Response.Write (strhtml);
}
Else
{
User login, save user name to Cookie
HttpCookie loginuser = new HttpCookie ("Ckloginuser");
Loginuser.value = context. request.form["UserName"];
Loginuser.expires = DateTime.Now.AddDays (30);
Context. RESPONSE.COOKIES.ADD (Loginuser);
Load page to display page directly
String strhtml = common_nvelocity.renderhtml ("logincookie.html", new {Loginuser = context. request.form["UserName"]});
Context. Response.Write (strhtml);
}
}
public bool IsReusable
{
Get
{
return false;
}
}
}
}
7, the above method of the login account in the form of cookies stored in the client, so that each time the request can be taken out of the user login name
There is a situation: users can visit the site after the success of all other pages, other pages need to first determine whether the user landing success.
If the login succeeds in a cookie, such a client can tamper with false to true so that it can be illegally accessed as an authorization page, so it is not safe to put cookies.
If the landing is successfully put on the server side, then multiple pages of the site can be read directly to this value, and is safe from the client will not be tampered with.
8,session principle: Store The value of the data on the server side and store the ID of the value on the client. (id,value) are stored in the server to store the ID as a cookie in the form of the client. This allows you to grab the ID from the client cookie and then read the value from the server side to the corresponding ID.
10, the following example to the session principle to achieve the page to determine whether the user has a successful landing: The successful landing of the user can visit a specific page, if not successful landing on the jump to the landing page.
A. Add Class SessionMgr.cs store key values on the server side Id/value
Using System;
Using System.Collections.Generic;
Using System.Linq;
Using System.Web;
Namespace Httpnostatus
{
public class Sessionmgr
{
Define key-value pairs and store login information
private static Dictionary<guid, string> keyvalue = new Dictionary<guid, string> ();
Set the value of a key-value pair
public static void SetKeyValue (Guid ID, string value)
{
Keyvalue[id] = value;
}
<summary>
Checks whether the key value pairs passed by the client exist
</summary>
<param name= "id" ></param>
<returns></returns>
public static bool Ifidexist (GUID ID)
{
return KeyValue.Keys.Contains (ID);
}
Returns the value of the server-side ID
public static string GetValue (Guid ID)
{
Return Keyvalue[id]. ToString ();
}
}
}
B. Add loginsession.ashx to determine whether the user logged in successfully, if the login succeeded to store the value of the corresponding key value pairs
Using System;
Using System.Collections.Generic;
Using System.Linq;
Using System.Web;
Namespace Httpnostatus
{
<summary>
Summary description of Loginsession
</summary>
public class Loginsession:ihttphandler
{
public void ProcessRequest (HttpContext context)
{
Context. Response.ContentType = "text/html";
String strhtml = "";
Read user name and password
String strUserName = context. request.form["txtUserName"];
String strpwd = context. request.form["Txtpassword"];
if (strpwd = = "123456")
{
Login successful, set the corresponding key value pair
Guid id = guid.newguid (); produce a unique ID
Sessionmgr.setkeyvalue (ID, strusername);
The ID is saved in the client cookie
HttpCookie Logincookie = new HttpCookie ("Logincookie");
Logincookie.value = ID. ToString ();
Logincookie.expires = DateTime.Now.AddDays (7);
Context. RESPONSE.COOKIES.ADD (Logincookie);
Jump to Authorization page
Context. Response.Redirect ("Authorizationpage.ashx");
}
Else
{
Login failed, load landing page
strHTML = common_nvelocity.renderhtml ("loginsession.html", null);
Context. Response.Write (strhtml);
}
}
public bool IsReusable
{
Get
{
return false;
}
}
}
}
C. Templates folder add loginsession.html landing page
<! DOCTYPE html>
<me ta http-equiv= "Content-type" content= "text/html; Charset=utf-8 "/>
<title></title>
<body>
<form action= "Loginsession.ashx" method= "POST" >
<table>
<tr>
<td> Landing Name </td>
<td>
<in put type= "text" name= "txtUserName"/></td>
</tr>
<tr>
<td> Password </td>
<td>
<in put type= "password" name= "Txtpassword"/></td>
</tr>
<tr>
<td>
<in put type= "submit" name= "Login" value= "Login"/></td>
<td></td>
</tr>
</table>
</form>
</body>
D. Add Authorizationpage.ashx page, only after landing account access to this page
Using System;
Using System.Collections.Generic;
Using System.Linq;
Using System.Web;
Namespace Httpnostatus.templates
{
<summary>
Summary description of Authorizationpage
</summary>
public class Authorizationpage:ihttphandler
{
public void ProcessRequest (HttpContext context)
{
Context. Response.ContentType = "text/html";
To crawl the ID value of a client cookie
HttpCookie Logincookie = context. request.cookies["Logincookie"];
if (Logincookie!= null)
{
GUID id = new GUID (logincookie.value);
Read ID corresponding to value
string strvalue = Sessionmgr.getvalue (ID);
Output value and indicate that the account is already logged in
Context. Response.Write (strvalue + ", you have landed this site, have access to this page");
}
If the cookie does not exist, jump directly to the page
Else
{
Context. Response.Redirect ("Loginsession.ashx");
}
}
public bool IsReusable
{
Get
{
return false;
}
}
}
}
------------------------------------------------------------gif Animation Demo----------------------------------------------------------------
11, the above example is the session principle. ASP.net has built-in session mechanism, below we directly with ASP.net session implementation to determine whether the user has landed success:
(General Handler HttpHandler operation session, to implement IRequiresSessionState interface)
Add the page separately: loginsessionnew.ashx (log in the general processing program), loginsessionnew.html (login template), Authorizationpagenew.ashx (login only after access to the page).
A,loginsessionnew.ashx (log in to General processing program)
Using System;
Using System.Collections.Generic;
Using System.Linq;
Using System.Web;
Using System.Web.SessionState;
Namespace Httpnostatus
{
<summary>
Summary description of Loginsessionnew
</summary>
public class Loginsessionnew:ihttphandler, IRequiresSessionState
{
public void ProcessRequest (HttpContext context)
{
Context. Response.ContentType = "text/html";
String strhtml = "";
Read user name and password
String strUserName = context. request.form["txtUserName"];
String strpwd = context. request.form["Txtpassword"];
if (strpwd = = "123456")
{
Login success, save session value directly
Context. session["loginusername"] = strUserName;
Jump to Authorization page
Context. Response.Redirect ("Authorizationpagenew.ashx");
}
Else
{
Login failed, load landing page
strHTML = common_nvelocity.renderhtml ("loginsessionnew.html", null);
Context. Response.Write (strhtml);
}
}
public bool IsReusable
{
Get
{
return false;
}
}
}
}
B,templates template under new loginsessionnew.html (login template)
<! DOCTYPE html>
<me ta http-equiv= "Content-type" content= "text/html; Charset=utf-8 "/>
<title></title>
<body>
<form action= "Loginsessionnew.ashx" method= "POST" >
<table>
<tr>
<td> Landing Name </td>
<td>
<in put type= "text" name= "txtUserName"/></td>
</tr>
<tr>
<td> Password </td>
<td>
<in put type= "password" name= "Txtpassword"/></td>
</tr>
<tr>
<td>
<in put type= "submit" name= "Login" value= "Login"/></td>
<td></td>
</tr>
</table>
</form>
</body>
C,AUTHORIZATIONPAGENEW.ASHX (page with access only after landing)
Using System;
Using System.Collections.Generic;
Using System.Linq;
Using System.Web;
Using System.Web.SessionState;
Namespace Httpnostatus
{
<summary>
Summary description of Authorizationpagenew
</summary>
public class Authorizationpagenew:ihttphandler, IRequiresSessionState
{
public void ProcessRequest (HttpContext context)
{
Context. Response.ContentType = "Text/plain";
Check if session exists
OB ject obj = context. session["Loginusername"];
if (obj!= null)
{
session exists, reads the session value, and prompts the account to be logged in
Context. Response.Write (obj. ToString () + ", you have landed this site, have access to this page");
}
If the session does not exist, jump directly to the login page
Else
{
Context. Response.Redirect ("Loginsessionnew.ashx");
}
}
public bool IsReusable
{
Get
{
return false;
}
}
}
}
· Asp. NET built-in session mechanism also realizes to the user whether the landing Success judgment: Loginsessionnew.ashx page Headers We saw many cookies Asp.net_sessionid
The session mechanism is stored on the client Asp.net_sessionid
· Permission access page, the Asp.net_sessionid in the client cookie is read in the request header
ASP. NET session mechanism: The session relies on cookies, the ID is recorded in the client browser with cookies, and the value is stored on the server side.
The value of the 13,session is placed in the server memory, so the session holds small data.
Session (sessions) have automatic destruction mechanism, if the browser does not interact with the server for a period of time, it will be automatically destroyed.
Login account, a period of time if not the operating system will automatically exit, this is the session automatically destroyed.