Cookie and Session usage

One.Why are cookies needed?

A and B both have their own Jingdong accounts, and they have successfully logged in locally (7 days password-free login). At this time, A will send his shopping cart to level up.For B, B cannot view the contents of A's shopping cart by accessing the link with a browser. B may directly enter his own shopping cart or prompt B to log in again and jump to the login page.This scenario shows that the server knows who the client is accessing.But we all know that http is stateless, we need to use cookies to mark who the client is and send it to the server.

II.Cookies and Sessions

A cookie is a set of key-value pairs stored locally.How Cookie works: it is a set of key-value pairs generated by the server and sent to the client and saved locally on the client when the client accesses the server.definition).When the browser visits again, the browser will automatically bring the cookie, so that the server can determine who the server is based on the content of the cookie.

Although the cookie solves the requirement of "maintaining state" to a certain extent and makes up for the stateless defect of the http protocol, the cookie itself only supports a maximum of 4096 bytes; and the cookie itselfIt is stored locally on the client and can be intercepted or intercepted, but there is no guarantee of security.Therefore, at this time, it is necessary to use the session to help solve the problem of maximum bytes and the security problem of saving locally. The session saves the user information on the server.

So, if the session is kept to the server, how does the client bridge the session of the server through the cookie?

This raises the question of how cookies and sessions help?We can assign a unique id to each client's cookie, so that when the user accesses, through the cookie, the server knows who is coming.Then we save the user's private information on the server for a period of time according to the id of different cookies.

In summary: cookie makes up for the lack of stateless http, letting the server know who is coming; but the cookie is stored locally in the form of text, which is more secure.Poor; so we use cookies to identify different users, and correspondingly save the user's private information in the session and the text that can exceed 4096 bytes.

Three.Single use of cookies​?

Four.The combined application of Cookie and Session?