What is a cookie

It’s just a piece of text that the server normally returns to the browser

What is a session

Session is a temporary object in the backend memory that stores some login information and is destroyed after the end of the connect, either by timeout or by the server itself

Set cookies for different domain names

Cookies can only be bound to a single domain name and can only be set to its own or parent domain name

Cookie cross-domain

By proxy, JSONP

csrf

Is to get a legitimate identity and fake a request

token

The token is a valid string returned by the server. The token consists of header, payload, and Signature

Const sign = HMACSHA256(base64.encode(header) +'. 'Const JWT = base64.encode(header) +'. ' + base64.encode(payload) + '. ' + sign

Copy the code