Who can vividly explain how the session is understood? can you give an example ~

Does a browser create a new session every time it opens a page? Does a browser create a new session every time it opens a page?

Reply content:

Does a browser create a new session every time it opens a page?

Session is to maintain some continuous access status, HTTP is stateless, you open the http://www.xxx.com/1/ first and then open the http://www.xxx.com/2/ or you refresh the page, on the server side, how do I know that you are the same person? IPv4 is not reliable. a company may have an external IP address. if it goes through several non-transparent proxies, it is even more likely.

However, this kind of requirement to maintain the status is a hard requirement. the overall solution is correct. If this is the case, you just need to add a unique ID for each request. if this is not the case for the first time, you can specify a unique ID for the request. In a specific implementation, it is usually transmitted through a Cookie or append on a URL. this ID is SessionID. generally, different server environments have fixed names. for example, PHP is usually called PHPSESSID, servlet is usually called jsessionid. of course, you can take another name, as long as the "ID marked with identity" is passed.

Let's talk about the server SESSION. The server has a Key-Value database for Sessions. this database can be a file system, another relational database, or a Key-Value database. The SessionID sent by the browser is used to retrieve the corresponding Session data, which is usually the Session data.

You mentioned, "does a browser create a new session every time it opens a page ?", This is a good question. here we will talk about the session lifecycle. In fact, we should talk about it in two parts: the session ID and the session data.

Session ID lifecycle: currently, SessionID is passed through cookies. a Cookie record has the following attributes: name, value, path, domain name, Expiration Time, etc. the "open a page" you mentioned should be changed to "open a browser", which is usually called the session period, that is, when the browser is closed or re-opened, the original cookie becomes invalid (that is, it is no longer transmitted ). However, not all SessionID expiration is required. you can set a validity period for your sessionid cookie and extend the validity period for each access, even if you close the session and open a browser, as long as you do not manually clear the cookie, you can continue to pass and remember your status.

Session Data life cycle: on the server end, we can also set an expiration time for the Session. If no read/write occurs for more than 30 minutes, the Session will expire (that is, the Session will be deleted or not returned ). Of course, different server software environments may have different default settings and settings for this time.

Let's talk about logon.

What is the relationship between user logon and this Session? Simply put, login records your user identity in your Session data, and the current SessionID is directly associated with the user (ID). of course, if you are happy, your SessionID can be exactly the same as the user ID (preferably encrypted or confused ).

The Session has nothing to do with the login status. for example, if you go to an e-commerce website and you do not log on, you can also put the items in your shopping cart. for e-commerce websites, you can store your shopping cart data in sessions, cookies, LocalStoreage, and SesisonStoreage. The first is on the server, the second is on the server, and the last two are pure clients. No matter what the solution is, for an e-commerce website, you only need to know that a temporary customer ABCDEF (SessionID) has taken this pile of things, and you only need to log on to indicate your identity when you want to settle the bill, so that you can pay and send it to the address you have already filled in. If this e-commerce company thinks there are not many transactions with you (a hammer sale), they don't want to know who you are, and the payment process is very simple (scan the QR code), and they can log on without you.

The most obvious example is that many advertising platforms embed codes everywhere to track your cookies (in fact, it is to record and analyze some of your browsing statuses and browsing history ), in this way, he will know which websites you have visited and what you like, and then he will be able to push ads to you. But to avoid unnecessary troubles, he does not want to know who you are (or do not want you to know his existence), so he does not need to play such a login dialog box for you; in this case, you are "Anonymous" on his platform, but he can still understand you a lot.

Because I have been developing the Internet advertising field for many years before, every time I explain an advertisement to someone, others are very scared, how can I "track" my browsing records by "planting" cookies?

This is not the case.

The ad platform will work with the content website to embed a small piece of code into the content website. this code can be a js, script tag, orTags, or tags. In short, when you open this page, the browser will also request a URL address of the ad platform, through which the ad platform uses parameters and Referer, analyze what type of content you see, how long you stay, and so on, record the required information, and analyze your interests and hobbies. For example, if you often look at the Web page of mobile phone evaluation, the advertising platform draws a conclusion that you like smart phones recently. you can even analyze whether you like low-price or high-price mobile phones, and then tag you, in this way, you can focus on pushing ads that suit your interests. </P> <p> that is to say, websites that do not embed tracing code cannot follow your steps. </P> <p> The bad news is, do you think it's all white? </P> <p> Is there any way to "defend? The answer is yes, because the domain name of the website you visit is not the same as that of the advertising platform, so ...... I am too lazy to think about it. see: http://baike.sogou.com/v63400314.htm?fromTitle=Do+Not+Track </P> <p> of course, as the saying goes, the war is not so easy to end. </P> <p> dude, is it easy for me to write so much? Please give me a compliment ^ ________ ^. </P> <p class = "answer fmt" data-id = "1020000005954106"> <p> you met a girl on the street, it is a session. because of the contact (session_id) and the phone number, there will be a value in the session. if only the girl's clothes are met and the skin is not touched, this indicates that the girl has disabled the cookie. you do not have session_id unless the girl is your girlfriend, you have modified the configuration on her. </p> <p class = "answer fmt" data-id = "1020000005952987"> <p> You can understand the session instead of the session, although they may mean <br> and then understand session + cookie </p> <p> I understand that when you open a browser and access a website, you can enable a session, then, when you visit this website in the future, it is included in this session Close the browser. </P> <p class = "answer fmt" data-id = "1020000005953323"> <p> This is not an algorithm, but a self-written background. if you enter the website, A session is added in the background, even if a session is added. But most of them do not do this. generally, a session is added based on your username after logon (so most websites want you to log on to prevent it from forgetting your information ), it is used to record all your data (the backend should put the required data into the session as needed, and write the code by itself). The data is public data for this person, it can be used directly in most places.