Cookies and sessions

After we log in on the web , You can log in again for a long time , For example, bleep bleep 、CSDN

however http It's stateless , After closing the web page , Then the server doesn't know you at all

So for the better experience of the client , With Cookie and Session

Cookie

cookie Key value pair （key-value） Express

cookie Yes 2 Storage methods , One is conversational , One is persistence .

Conversational ： If cookie For conversational , that cookie It will only be saved in the memory of the client , When we close the customer service terminal cookie It's not working .
persistence ： If cookie For persistence , that cookie Will be saved on the user's hard disk , Until the end of its lifetime or the user actively destroys it .

Cookie Just some data , It is used to store the information returned by the server to the customer service side , The client saves . The next time you visit the site , The client will save it cookie Send it to the server together , Server reuse cookie Do something . utilize cookie We can achieve automatic login , Save your tour history , Authentication and other functions .

The process ：

The browser initiates to the server HTTP request

Server run Set-Cookie（Cookie Name and value attributes , The server fills the contents of the two attributes completely ）

Server will Cookie After sending it to the browser , Browser save

In the future, each request of the browser will be automatically attached Cookie（ namely Cookie Is the data stored in the browser ）

but Cookie Very unsafe （ Open the browser and you will see ）

Session conversation

Browser access to the server is the beginning of the session , The end time of the session is vague , So the server sets the time （ Time the session ended ） And the only ID（Session ID）

After receiving the user name and password, the server verifies that it is correct

Will create a Session ID And session end time , Open up a piece of memory to store all of the server session

Set up Cookie, take Session ID Add to Cookie in , Then set the end time of the session to Cookie The validity of the

Every session Will have a unique identification session ID, According to the client cookie Medium session ID, Find the corresponding server side session.

In order to prevent server-side session Too much leads to memory overflow ,web By default, the server will give each session Set an expiration date , （30 minute ） If the client has not accessed the within the validity period session, The server considers the client offline and deletes the session.