preface
Cookie is often used in Web development, is also a piece of technology interviewers like to ask, a lot of people and I may be the same before, only know one or the other, when talking about web storage, will answer localStorage, sessionStorage, and cookie, and then some differences ah what back to the flow, Cookies are the advantages and disadvantages of this too, but when you read this content, you can have another original ideas for cookies, hope I asked about the technology, or project encountered in this you can handle, in the process of internship, I have been in use, so it really is not so simple talk, let’s enter the world of cookies
What is a cookie
This talk is very simple, HTTP classmates know, must know, HTTP is not a save state agreement, what is not saved state, is a server is not clear whether the same browser on a visit to him, before the cookies, there is another technology can be solved, simple talk about here, is to insert a token in the request, And then when you send the request, you bring this thing to the server, which is error prone, and that’s where the cookie comes in
What is a cookie? A cookie is a file that the browser manages. It has a name, it has a value, and the ones that aren’t visible are domains, paths, and so on, which we’ll talk about later
Principle of cookies
When visiting the website for the first time, the browser sends a request, the server responds to the request, the cookie will be put into the response request, when the browser sends a request for the second time, the cookie will be brought to the past, the server will identify the user identity, of course, the server can also modify the cookie content
Cookies cannot cross domains
I just have a few examples for you to understand, when I open baidu’s web page, I want to set a cookie, my instructions are as follows
javascript:document.cookie='myname=laihuamin; path=/; domain=.baidu.com';
Copy the code
javascript:document.cookie='myname=huaminlai; path=/; domain=.google.com';
Copy the code
One thing you’ll notice when I run both of these statements on the browser console is that, notice, the cookie values are different. See
The attribute of the cookie
Cookie attributes, we can take a look at the following diagram, and then we analyze one by one
name
The cookie bound under a domain name cannot have the same name. The value of the same name will be overwritten. If you are interested, you can have a try
value
This is an attribute that each cookie has, and it represents the value of the cookie. However, THIS is not what I want to say here, because I read two statements on the Internet, as follows: 1. The value of the cookie must be url-encoded 2. Encoding the value of the cookie is not required, and as mentioned in the original document, only three symbols must be encoded: semicolons, commas, and Spaces
This thing has to be split in two, so let’s look at the graph below
I read a saying on the Internet:
Since cookies do not allow names/values to contain semicolons, commas, and Spaces, any data stored in cookies should be encoded for server compatibility purposes to avoid user trouble.
domain
This refers to the domain name, this represents, the cookie binding domain name, if not set, will automatically bind to the current execution of the statement, there is a point of note, unified domain name under the secondary domain is not exchangable to use cookies, such as, You set www.baidu.com and image.baidu.com, is still not public
path
The default path attribute is ‘/’, which matches a Web route. For example:
// Default path www.baidu.com/ /blog path www.baidu.com/blogCopy the code
Why do I say match, when you set the path to /blog, it actually gives binding cookies to /blog, /blogabc, etc.
Cookie validity period
When the browser closes the session, the cookie will be deleted. This is called session.
If you want a cookie to exist for a certain period of time, you can set Expires, which represents the current time, to a point in the future, and is gradually being replaced by our hero, Max-age
When max-age is positive, cookies will be deleted after max-age seconds. When max-age is negative, cookies will be temporarily stored and will not be generated. Cookie files will only be stored in the browser memory and will be valid only in open browser Windows or child Windows. Once the browser is closed, the cookie will disappear. When max-Age is 0, what will happen? Delete cookies.
secure
HTTP is not only stateless, but also an insecure protocol, which can easily be hijacked. For example, if you are browsing the web on your mobile phone, do you ever see a China Mobile icon? When this attribute is set to true, the cookie will only be transmitted over secure protocols such as HTTPS and SSL
- Tip: This property does not encrypt the client’s cookie and cannot guarantee absolute security
HttpOnly
If this attribute is set to true, the value of the cookie cannot be obtained by javascript, which can effectively prevent XSS attacks.
About javascript manipulation cookies
Document. cookie can read and write cookies. Take a look at two instructions:
Console.log (document.cookie); // Write cookie document.cookie='myname=laihuamin; path=/; domain=.baidu.com';
Copy the code
How do servers set cookies
To see how to set cookies, just open the console and look at the HTTP request and response headers:
The server uses setCookie to set the cookie. Note that if you want to set multiple cookies, you need to write more setCookies. As you can see from the figure above, the request can carry the cookie to the back end.
conclusion
Cookie talked so much, I also gained a lot, also hope to share with you, maybe write not good enough, please forgive me, if you think I write good friends, give a star, Github address
push
At present, only entering large companies, fresh graduates can have a good guarantee. If a small company cannot survive, lay off or become a permanent employee, it will be very passive to be forced to recruit.
The author works at Ali retail pass. If you want to do that, you can send it to [email protected]. Massive HC!! You can also add q group: 912253914. In your spare time.