1. How is Cookie used in the front end?
The common scenario of cookies, no doubt, is to do login state maintenance. That is, we write the session of the server in the cookie of the front end, and then maintain the session state with the interface of the server through sesstion.
2. Do cookies slow DOWN HTTP requests?
So one might ask, why do a lot of people emphasize cookie optimization? Do cookies cause HTTP requests to slow down?
How can a small website slow down HTTP requests? It’s just a sesstion, and maybe the sesstion is just a string of a dozen characters.
3. We assume that the cookie is very large and may store dozens of pieces of information
Under this assumption, each request carries a cookie, at this time the HTTP burden is relatively heavy, dozens of messages how much? The bandwidth may be several times, or even tens of times, of the normal request. May result in a delay of more than 1 second per HTTP request.
4. So, how likely are cookies to store dozens of pieces of information?
In a small company, our main products may be only two or three, and these applications are all under the same domain name. Even if each application has its own account system, our cookies only maintain three or five sesstion states, which is really not very large.
But if this company is the headline, what about a company like Alibaba? There could be hundreds or even thousands of applications underneath the company. If you use cookies to maintain your own account system, it is very likely to become bloated cookies.
Some people think, well, wouldn’t it be better if I didn’t have a domain name? That’s one solution, of course, but is it possible for a business to do that? As the project continues to expand, so does the domain name?
5. What to do at this time?
Smart people, may think, why do we want an application, on their respective implementation of a set of account system? Isn’t there single sign-on in the industry now? All of our apps, we just use one set of accounts.
Yes, this solves the problem of login status maintenance! However, new problems arise, different projects, different business, although the same account solves the problem of login mode, but can not solve the problem of the same account under different business, or to put it another way, the same account, under different business, the role is not the same.
Taobao shop owners, for example, his own account login, he is the seller, the use of taobao is a service system, but he also have a need to shopping, he again use the taobao account to purchase goods, it is obvious that this sense of fragmentation, as a result of business, even if not account through the significance, taobao this domain name, Again, you have to deal with the permissions that arise from these different roles.
At this point, what’s the alternative?
In fact, there is, we can use the same login system, but we can bind it to different roles in different businesses. A typical example is Boss Zhipin App. You can be a recruiter or a job seeker and switch at will, representing different businesses.
So, what conclusions have we reached?
In fact, my conclusion is empty: in different business scenarios, use the right solution.
For example, if our daily office systems, such as GitLab, Wiki, Jira, RAP, Jenkens, etc. are all deployed under the same domain name, there is no need to have a separate login system, just use single sign-on.
If for two different businesses, such as the company’s stall shop is very large, do take-out business, also do other irrelevant such as online shopping business, actually really do not need to get through each other account.
Does that irrelevant business account really get through meaningless? Not all of them. For example, wechat and JINGdong, one for finance and the other for online shopping, position wechat as a traffic service and define Jingdong as the real shopping needs of users. In this way, it is also good to realize value mutation directly by guiding the flow.
7. If the cookie is really large, how to optimize it?
What is introduced above is to prove that cookies can become very large, which is different from the situation that we usually think of when only one sesstion is stored. It really can become very large, which is a real problem.
So, how do you optimize?
There are two ways to solve the problem:
1. We do not carry cookies. We can add fields in the header to solve the problem for the maintenance of login status. This solves the problem of HTTP requests.
2, resource request, hosting CDN, not the same domain name to load resources. This solves the problem of resource loading speed.