会话和饼干,令牌

Session

Session is a technology that records user information on the server side. Generally, Session is used to share data between the server side and the client side.

Cookies

Cookie is a technology that records user information on the client side. Because the http protocol is stateless, cookies are generated to solve this problem.
Cookies are stored in the browser's built-in Cookies.As shown:

Cookie is a piece of small text data not exceeding 4KB, consisting of a name (Name), a value (Value) and several other optional attributes used to control the validity period, security, and scope of use of the cookie.
The client requests the server, and if the server needs to record the user status, it uses the response to issue a cookie to the client browser.The client browser will save the cookie.When the browser requests the website again, the browser submits the requested address to the server together with the cookie.The server checks the cookie to identify the user's status.The server can also modify the content of the cookie as needed.

Session and Cookies

Session generally relies on cookies. Sessions are created to pass the sessionId through cookies, and then passed to the server when the client requests.Therefore, it is necessary to confirm whether the browser has enabled cookie storage.

Server-based authentication is as follows:
1. The user sends a request with a username and password.
2. Program verification, if the client request does not contain sessionId, the server creates a session for this client and generates a sessionId associated with this session, and returns the SESSIONID to the client.
4. The client stores the SessionId in Cookies, and each time a request is made, the browser will automatically carry the Cookie to the server.
5. Server-side retrieval.If the retrieval is successful, the requested data will be returned, and if the retrieval fails, an error code will be returned.

As shown:

Token

Token-based authentication is stateless, we do not need to store user information in the server or session.

The process of Token-based authentication is as follows:
1. The user sends a request with a username and password.
2. Program verification, after the verification is successful, the Token will be returned to the client.
4. The client stores the Token, and each access to the API carries the Token to the server.
5. The server side uses the filter filter to verify.If the verification is successful, the request data will be returned, and if the verification fails, an error code will be returned.
Each request token should be sent in the HTTP header to ensure that the HTTP request is stateless.We can allow the server to accept requests from all domains by setting the server property Access-ControlAllow-Origin:* .

The process is shown in the figure:

Summary

Session, Cookie, and Token are both used for data sharing between the server and the client.

Session is a server-based authentication. With the rise of Web mobile terminals, some memory overhead, scalability, and cross-domain problems are gradually exposed. Token can just solve these problems, although the server involves more,But it also facilitates our front-end to solve cross-domain problems.

Reference:

https://www.cnblogs.com/moyand/p/9047978.html
https://blog.csdn.net/deft_mkjing/details/53762277