Original: jingyesima (wechat official ID: jingyesima), welcome to share, please reserve the source of reprint.
I interviewed a candidate today, and when the topic of “browser native storage” came up, the candidate mentioned that cookies will soon be obsolete and will not be used in the near future.
So let’s talk about the past life of Cookie, see what kind of problem Cookie exists to solve, really can be eliminated?
The stateless feature of HTTP
HTTP is a stateless protocol that does not preserve the state of communication between clients and servers. This allows a large number of transactions to be processed and ensures the scalability of the HTTP protocol.
The stateless nature of the HTTP protocol means that the server has no way of knowing whether two requests are from the same browser, that is, the server does not know what the user did last time, and each request is completely independent of the other.
The early days of the Internet were simply for browsing information in documents, yellow Pages, portals, etc. There was no such thing as interaction. But with the slow development of the Internet, broadband, servers and other hardware facilities have been greatly improved, the Internet allows people to do more things, so the interactive Web slowly rise, and HTTP stateless characteristics are seriously hindered its development!
How do you record the user’s last action? There are usually two ways:
-
Carry tokens in the URL
The last request id is placed in the URL by adding additional fields to the URL.
-
Add hidden fields to the interactive form
<input type="hidden" name=" field_name "value ="value">Copy the code
Up until recent years, there were many websites that used this approach to solve various problems.
These two methods can solve the problem of recording the last operation of the user, but the operation is too complicated and very error-prone.
How did cookies come into being?
In 1994, NetScape employee Lou Montulli, who was trying to solve the Web’s first shopping cart application, applied the concept of “cookies” to network communications in order to solve the shopping cart history of users shopping online, NetScape browsers began supporting cookies in the first version, and they are now supported by all browsers.
What is a Cookie?
A cookie is a small text file that a browser stores on a user’s computer. Cookies are in plain text format and do not contain any executable code.
A Web page or server tells the browser to store this information according to certain specifications and sends the information to the server on subsequent requests, which can then use the information to identify different users. Most websites that need to log in will set a cookie after user authentication is successful. As long as the cookie exists and is available, users can browse any page of the website freely.
Cookies contain only data and are not harmful in themselves.
How do cookies solve the HTTP stateless problem
We call a user’s access to the service a session. When the server receives the session request for the first time, it generates a sessionID and stores it in the server. Then the HTTP set-cookie field tells the browser to store the sessionID in the browser (including which domain name, access path, and validity period). Then, the next time it initiates a request, it sends the sessionID stored in the browser cookie to the service through the cookie field, and the service matches the corresponding sessionID in the server through the HTTP request, so as to know the user who initiates the request.
The abuse of the cookie
The birth of cookie is mainly to solve the purpose of recording users, but many websites abuse cookies to store data, which brings some performance problems and security problems.
A large amount of personal data is stored in cookies, which leads to a large number of cookies. Therefore, every HTTP request will bring complete cookie information, causing great pressure on the service. At the same time, as personal data is stored in cookies in plaintext, it is easy to leak personal information once XSS vulnerability occurs on websites.
It defines the localStorage/sessionStorage, however, is dedicated to solve the problem of data stored on the browser, so that the Cookie can concentrate on to do the right thing.
The last
Cookies are not obsolete, at least not as long as the stateless nature of THE HTTP protocol remains unchanged.
Original: jingyesima (wechat official ID: jingyesima), welcome to share, please reserve the source of reprint.