What Java EE needs to understand: 2. Graphic cookies (cookies) and javaeecookies

What Java EE needs to understand: 2. Graphic cookies (cookies) and javaeecookies

Writer: BYSocket)

Weibo: BYSocket

Bean flap: BYSocket

FaceBook: BYSocket

Twitter: BYSocket

In the previous illustration, the Http protocol continued to use cookies in the Http family. The bricklayer recently saw a good article in the blog Park,

This is because the browser Cookie is too large, resulting in the Request Header domain being too large, resulting in sending failure. Next we will learn about cookies. According to the previous ideas, I wrote XX.

I. Overview

First of all, starting with HTTP, what is Cookie in Http?

What is a Cookie?

Self-Answer: Cookie is the request header field and response header field. In short, it is the text and small text of a set of key-value pairs that accompany requests and responses. Therefore, it is called a Cookie. The Cookie is generated on the server. First, the client requests the server. At this time, the request is the first time without Cookie parameters. At this time, the server setCookie is sent to the client. Remember, the Cookie is from the server.

What is the use of cookies?

Q: The Cookie is from the server and serves the customer. Like your and my sessions, text is transmitted between us. Therefore, cookies are used for sessions between the server and the client. Because the Http protocol is stateless, the Cookie is used to maintain the session. To put it bluntly, it is an additional medium for data transmission.

Next we will visit the Baidu address.

① Response generated on the server, in the Response Header domain:

② The request header field is like this: (you can find it on the Cookie Tab page, which is the same as the response)

The following describes in detail the transfer process of cookies in requests and responses.

Ii. Details Cookie transmission process

For more information, see. Write a CookieServlet to simulate the lifetime of the Cookie. The Code is as follows:

?

1234567891011121314151617181920212223242526272829303132333435363738

package org.bysocket.http; import java.io.IOException;import java.io.PrintWriter; import javax.servlet.ServletException;import javax.servlet.annotation.WebServlet;import javax.servlet.http.Cookie;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse; @WebServlet(urlPatterns="/cookie")public class CookieServletT extends HttpServlet{    private static final long serialVersionUID = 1L;     @Override    protected void doGet(HttpServletRequest req, HttpServletResponse resp)            throws ServletException, IOException    {        // Obtain the Cookie        Cookie[] cookies = req.getCookies();        for (Cookie cookie : cookies)            System.out.println(cookie.getName() + " " + cookie.getValue());         // Create a Cookie        Cookie cookie = new Cookie("CookieName", "CookieValue");        cookie.setMaxAge(10);        cookie.setHttpOnly(true);        resp.addCookie(cookie);                 // Response        PrintWriter pw = resp.getWriter();        pw.print("<html><body><h1>Hello,Cookie!</h1></body></html>");    }     }

① Client access, no Cookie written by the server.

Code new Cookie ("CookieName", "CookieValue"); you can see that the server generates a new key-Value Pair Cookie and sets it to indicate the first request, the requested Request Header Domain Cookie does not exist. There is no Cookie value for CookieName = CookieValue.

② The Cookie on the server is sent to the browser.

In the code, HttpServletResponse. addCookie (cookie); then, the response adds the key-Value Pair Cookie. How can I transfer it to a browser (client? In the same F12,

The Cookie is sent to the browser through the HTTP Response Header domain. Each set of cookies has a header corresponding to the Set-Cookie. In addition, the time indicates the Cookie survival time. HttpOnly indicates the read-only mode of the Cookie.

③ The browser parses the Cookie and saves it to the browser file.

You can directly open Internet Options of IE:

Where the file is stored in the Cookie. Where is it, The bricklayer will find it.

Open the page and check whether the Cookie information and URL Information and the time are stored.

?

123456789

CookieNameCookieValuelocalhost/servletBYSocket/9728 3416923392 30449698 3325104969 30449698 *

In this way, we fully understand how cookies are written into browsers.

④ Client access, with the Cookie written by the server.

In this way, when the same URL is accessed again, F12:

Not much explanation, see the picture.

⑤ Server acquisition

What about the server? You can retrieve the Cookie list by simply getCookies ., The server console is printed as follows:

The bricklayer's memory cheat sheet: Cookie transmission Summary

① Client access, no Cookie written by the server

② Write the Cookie on the server to the browser

③ The browser parses the Cookie and saves it to the browser file.

④ Client access, with the Cookie written by the server

⑤ Server acquisition

Iv. Talk about the role of cookies to XSS (cross-site scripting attacks)

Cookies are not as dangerous as viruses, but contain sensitive information. For example, remember the most common password or some web page data that users often browse.

Users do not want such leaks or even attacks. But in fact, this attack actually exists. How can it be attacked? I also gave a detailed introduction to cross-script XSS attacks and proposed solutions.

Full name: Cross Site Script, Chinese name: Cross-Site scripting attack. As the name implies, "HTML injection" refers to an attack that changes the webpage and inserts malicious scripts to control the browser when users browse the webpage. General attack routines:

V. Summary

In the full text, Cookie is a session mechanism in the HTTP protocol. I understand the following two questions.

1. What is a Cookie?

2. How to Use the Cookie?

Writer: BYSocket)

Weibo: BYSocket

Bean flap: BYSocket

FaceBook: BYSocket

Twitter: BYSocket