Cookies and sessions

Cookie

Why does it show up Cookie

as everyone knows ,http Protocol is stateless , Without services, users cannot be identified only from the network connection , There will be a problem , When we log in to a website, we have to log in again every time we refresh the page , Such an experience is undoubtedly very bad , Just imagine ： We were robbing goods on the double 11 , Each time you refresh one, you will log in again , It may be that the page is refreshed and then the goods are sold out

To make up for it http Request stateless deficiency , There is cookie, You can put cookie Understood as a pass , After the user's browser accesses the server, the server issues a pass to the browser , Then the browser carries the pass to the server , The server can identify the user .

Session

if Cookie It is the pass used to confirm the user's identity , that Session It's equivalent to a “ User details ”,Session Save on the server , Set up Cookie And put SessionID Save to Cookie Send to browser , When the browser accesses again, it only needs to start from the Session To find the status of the customer , and SessionID Is a string of irregular strings , There is no great risk of being captured by hackers , At the same time, the server is sending Cookie Previously, the SessionID Of Cookie To sign , If the hacker modifies SessionID Then the server will not recognize SessionID

Token

When we send out a HTTP Request to server A Get one Cookie + SessionID, When requesting again , This is load balancing that forwards requests to the server B On , The server B There is no corresponding Session At this point, the user status cannot be verified , To solve this situation, we can use Token

The server signs the data , Make the data and signature into one token Send to send to client , The server does not save token take token Send it to the client for saving , Client with token For the request , The server only needs to get the corresponding token And then decrypt it ,