当前位置:网站首页>The differences and connections among cookies, sessions, JWT, and tokens
The differences and connections among cookies, sessions, JWT, and tokens
2022-07-05 06:45:00 【Wei Yunshu】
Cookie、Session、JWT、Token Differences and connections
List of articles
http Stateless request
- Network communication uses http agreement , There is no correlation between each request
Access interface requires authentication
- The back-end interface cannot be exposed to the outside , Only authenticated requests can be accessed , Common authentication methods such as : User name, password 、 SMS verification code , but http It's stateless , Every request requires authentication ;
- You don't want to enter your user name and password every time you send a request , You can put the user name and password in the browser , But once the browser is attacked , All passwords will be revealed ;
Cookie
- There is a store in the browser Cookie The place of ,Cookie It can store <key,value> This key value pair , You can also store the corresponding expiration date , And the corresponding access domain address , When the user accesses the domain name , Just get the corresponding cookie;
- When the user accesses the establishment request with the user name and password for the first time , The server can put the user name and password in cookie among , When the browser is next used , You can log in directly , But this is no different from streaking , It's very unsafe ;
Session
- The server memory stores the client status information , After client access , Create a unique identifier session_id And other corresponding information , Stored locally , And put this session_id Put it in the returned cookie among , Return to browser ; The next time the browser accesses the service , Just take it session_id As identification , Server and storage session_id compare ; When... In the server session_id The expiration date is up , The corresponding expired , If the user exits , In the browser cookie Delete accordingly
JWT
JWT(Json web token) It's made up of three parts :
- Header : describe JWT Metadata . Defines the algorithm to generate the signature and Token The type of .
- Payload( load ): It is used to store the data that needs to be transferred
- Signature( Signature ): Server pass Payload、Header And a key (secret) Use Header The signature algorithm specified in ( The default is HMAC SHA256) Generate .
After the user logs in , Server generation JWT, Put some insensitive information on JWT Of Payload among , Send it back to the user ;
The user will get JWT As your own identity information , Direct login ; But such JWT User controlled , Before it fails , The server has no control permission ;
Token
- A string that does not carry specific information , Store user information in Redis or Mysql Wait in memory ,Token As its key
- The user login , take Token Return to the user , After each login, first pass token Read user information , Then check it ;
Refresh Token
- Token Have time limit ,Refresh Token The actual effect is slightly longer ,Token After the failure , use Refresh Token Refresh Token, keep Token The continuity of
Three questions :
Cookie Store as a client 、session Store as a server , take Session_id As the association between client and server , Client pass Session_id Verify your login status ;Cookie( user name + Encrypted password ) And JWT So like ;Cookie/session And token So like , What is the main difference between them ?
Session Stored in a single server , When users are online at the same time, the amount is ,Session It takes up more memory ; And when the website adopts cluster deployment , Multiple servers need to share user login status . That will Session Put it in mysql Don't you just store it in ?
Cookie There will be cross domain problems ,token There is no cross domain problem , Then why not Cookie As a token The use of ?
边栏推荐
猜你喜欢
All English in the code
Speedtree01 generator properties
[moviepy] unable to find a solution for exe
vsCode创建自己的代码模板
[MySQL 8.0 does not support capitalization of table names - corresponding scheme]
3.Oracle-控制文件的管理
Get class files and attributes by reflection
Database mysql all
使用paping工具进行tcp端口连通性检测
Orin 安装CUDA环境
随机推荐
Redis-02.Redis命令
Vscode creates its own code template
数据库Mysql全部
Game theory acwing 893 Set Nim game
Chinese remainder theorem acwing 204 Strange way of expressing integers
[learning] database: MySQL query conditions have functions that lead to index failure. Establish functional indexes
Orin 两种刷机方式
LSA Type Explanation - lsa-5 (type 5 LSA - autonomous system external LSA) and lsa-4 (type 4 LSA - ASBR summary LSA) explanation
Redis-01.初识Redis
Some classic recursion problems
Integer to 8-bit binary explanation (including positive and negative numbers) scope of application -127~+127
Sum of two numbers, the numbers in the array are converted to decimal, added, and output inversely
. Net core stepping on the pit practice
CGroup CPU group source code analysis
5. Oracle TABLESPACE
Huawei bracelet, how to add medicine reminder?
Install opencv -- CONDA to establish a virtual environment and add the kernel of this environment in jupyter
Vant Weapp SwipeCell設置多個按鈕
微信小程序路由再次跳轉不觸發onload
H5 module suspension drag effect