cookie session jwt

cookie

yes Exist in the browser A voucher for

• When the browser first accesses the server , Will create a cookie
• Back to browser
• cookie It contains all the information of users
• When the user accesses the server again , Carry cookie( A voucher )
• According to the information carried by the server cookie Different users have different information

session

• When the browser accesses the server , The server creates a session , At the same time, a special cookie , （name by JSESSIONID Fixed value of ,value by session Object's ID） Send to browser side
• When the browser accesses the server again , With that fixed name Of cookie
• Server according to name Go to query session Inside id , So as to distinguish different users
  

cookie and session difference

• cookie Save in browser session Save on the server
• session want More secure If you intercept one cookie And forge a packet again , The server cannot distinguish , cookie There's a security problem
• session It will be saved on the server for a certain period of time . When visits increase , Will compare Occupy the performance of your server , If the main consideration is to reduce server performance , Should be used COOKIE
• Single cookie The limit on the client side is 3K, That is to say, a site is stored in the client COOKIE You can't 3K.
• therefore ： Store the login information and other important information as session; Other information if needed to be retained , Can be placed in cookie in

jwt

JSON Web Token（JWT）

• jwt The essence is that the server encrypts the user information and generates a string to return to the browser
• jwt There are clients , Generated by the backend , Pass it on to the front end , Local storage exists
• special JSON
• Every time you visit the server, you will bring
• jwt from jwt head , Payload , Signature composition
• jwt head It's a description JWT Metadata JSON object
• Valid fields It's information that users don't have sensitive words
• Signature It is to sign the contents of the first two parts , Ensure that the information will not be tampered

Reference resources Cookie and Session The difference between （ For the interview ）