当前位置:网站首页>Understand the session, cookie and token at one time, and the interview questions are all finalized
Understand the session, cookie and token at one time, and the interview questions are all finalized
2022-07-07 22:55:00 【Xiaowu knock code】
01、 What are they respectively ?
session:
session In the middle ⽂ The translation is “ conversation ”, When ⽤ User opens a web Should be ⽤ when , And web Server production ⽣⼀ Time session. The server makes ⽤session hold ⽤ The information of the user is temporarily saved on the server ,⽤ Leave ⽹ Post station session Will be destroyed . such ⽤ User information storage ⽅ The formula is relative to cookie It's safer , But session Yes ⼀ A flaw : If web The server Load balancing is done , So ⼀ An operation request arrived at another ⼀ When it comes to servers session Will lose .
cookie:
cookie It is the data stored in the local terminal .cookie By the server ⽣ become , Send it to the browser , Browser handle cookie With kv Save the form to a ⽬ Recorded ⽂ Ben ⽂ In piece , Next ⼀ This request is the same as ⼀⽹ When you stand, you will cookie Send to the server . because cookie It's on the client side , So the browser adds ⼊ 了 ⼀ Some restrictions ensure that cookie Will not be maliciously used to ⽤, Same as Will not take up too much disk space , So for each domain cookie The quantity is limited .
cookie The composition of is : name (key)、 value (value)、 Effective domain (domain)、 route ( Path to domain ,⼀ Set as global :“”)、 Failure time 、 Safety signs ( After designation ,cookie Only in making ⽤SSL Send to server when connected (https)).
token:
token It means “ token ”, yes ⽤ Household ⾝ Validation of copies ⽅ type , The simplest token form :uid(⽤ Huwei ⼀ Of ⾝ Copy identification )、time( Timestamp of current time )、sign( Signature , from token Before ⼏ position + Salt is hashed into ⼀ Fixed length ⼗ Hex string , It can prevent ⽌ Malicious third ⽅ Splicing token Request server ). You can also put constant parameters into the token, Avoid checking the library many times .
02、 What's the relationship between them ?
cookie,session It can be token A way to store .
cookie For data stored locally , When requested, the data will be submitted to the server for verification .
session For memory data stored on the server , As long as the session is not interrupted , Then the data remains valid .
toke Generally speaking, it belongs to token ,cookie,session It is a way of data storage and use , Tokens can be stored in cookie,session, But actually through url Parameters or form parameters can achieve the same effect . But the cost is high for development and maintenance , Once the backend requests to modify parameters , Such use is a headache for modification .
03、 Their essential differences ?
session The way to use is the client cookie Li Cun id, Server side session Save user data , When the client accesses the server , according to id Find user data .
and token The use of is stored in the client id( That is to say token)、 User information 、 Ciphertext , There is nothing on the server , The server has only one piece of encryption code , It is used to judge whether the current encrypted ciphertext is consistent with the ciphertext passed by the client , If it's not consistent , That is, the user data of the client has been tampered , If the same , It means that the user data of the client is normal and correct .
technological process :
session, Register login -> The server will user Deposit in session-> take sessioni In the browser cookie-> Visit again according to cookie Inside sessionid find session Inside user.
token, Register login -> The server generates a based on user information and key token-> take token+user Back to the browser -> When you visit again token+user+ Ciphertext data , The background will be used again user And key generation token, And passed on token Compare , Consistent is correct .
session、cookie、token These concepts often appear in interviews , Because through this concept, you can basically know whether you have any understanding and practical application of network request or permission management .
Finally, thank everyone who reads my article carefully , The following online link is also a very comprehensive one that I spent a few days sorting out , I hope it can also help you in need !
These materials , For those who want to change careers 【 software test 】 For our friends, it should be the most comprehensive and complete war preparation warehouse , This warehouse also accompanied me through the most difficult journey , I hope it can help you ! Everything should be done as soon as possible , Especially in the technology industry , We must improve our technical skills . I hope that's helpful ……
If you don't want to grow up alone , Unable to find the information of the system , The problem is not helped , If you insist on giving up after a few days , You can click the small card below to join our group , We can discuss and exchange , There will be various software testing materials and technical exchanges .
Click the small card at the end of the document to receive it |
Typing is not easy , If this article is helpful to you , Click a like, collect a hide and pay attention , Give the author an encouragement . It's also convenient for you to find it quickly next time .
Self study recommendation B Stop video :
Zero basis transition software testing : Self taught software testing , Got the byte test post offer, Is the B The best video station !
Advanced automation testing : Huawei has landed , Salary increase 20K,2022 Most suitable for self-study python Automated test tutorial , Spend it yourself 16800 Bought , Free sharing
边栏推荐
- Details of the open source framework of microservice architecture
- 详解全志V853上的ARM A7和RISC-V E907之间的通信方式
- 关于海康ipc的几个参数
- 微服務遠程Debug,Nocalhost + Rainbond微服務開發第二彈
- Revit secondary development - shielding warning prompt window
- 新版代挂网站PHP源码+去除授权/支持燃鹅代抽
- Robot autonomous exploration series papers environment code
- Revit secondary development - wall opening
- Leetcode19. Delete the penultimate node of the linked list [double pointer]
- Redis官方ORM框架比RedisTemplate更优雅
猜你喜欢
Time convolution Network + soft threshold + attention mechanism to realize residual life prediction of mechanical equipment
Apple further entered the financial sector through the 'virtual card' security function in IOS 16
Yarn开启ACL用户认证之后无法查看Yarn历史任务日志解决办法
Signal feature extraction +lstm to realize gear reducer fault diagnosis -matlab code
Digital transformation: five steps to promote enterprise progress
Ni9185 and ni9234 hardware settings in Ni Max
面试百问:如何测试App性能?
ASP. Net core introduction V
IP网络主动测评系统——X-Vision
How to choose the appropriate automated testing tools?
随机推荐
Sword finger offer 27 Image of binary tree
Aspose. Word operation word document (II)
Nx10.0 installation tutorial
php 记录完整对接腾讯云直播以及im直播群聊 所遇到的坑
Ueeditor custom display insert code
What is ADC sampling rate (Hz) and how to calculate it
Class implementation of linear stack and linear queue (another binary tree pointer version)
php 获取图片信息的方法
Line test - graphic reasoning - 2 - black and white lattice class
Yarn cannot view the historical task log of yarn after enabling ACL user authentication. Solution
Debezium series: support the use of variables in the Kill Command
行测-图形推理-4-字母类
【测试面试题】页面很卡的原因分析及解决方案
vite Unrestricted file system access to
Revit secondary development - modify wall thickness
ADC采样率(HZ)是什么怎么计算
The author of LinkedList said he didn't use LinkedList himself
UnicodeDecodeError: ‘gbk‘ codec can‘t decode byte 0xf9 in position 56: illegal multibyte sequence
The PHP source code of the new website + remove authorization / support burning goose instead of pumping
Why is network i/o blocked?