What is a cookie
It’s just a piece of text that the server normally returns to the browser
What is a session
Session is a temporary object in the backend memory that stores some login information and is destroyed after the end of the connect, either by timeout or by the server itself
Set cookies for different domain names
Cookies can only be bound to a single domain name and can only be set to its own or parent domain name
Cookie cross-domain
By proxy, JSONP
csrf
Is to get a legitimate identity and fake a request
token
The token is a valid string returned by the server. The token consists of header, payload, and Signature
Const sign = HMACSHA256(base64.encode(header) +'. 'Const JWT = base64.encode(header) +'. ' + base64.encode(payload) + '. ' + sign
Copy the code