What is a Cookie?
A cookie is a small piece of text information (up to 4KB) that the server stores in the browser. The browser carries this cookie each time it visits the server.
Why cookies
When we surf the Web, we usually use HTTP, but HTTP is stateless. Does statelessness matter? To put it simply, I do not know whether you have logged in or expired, and I do not know whether this request and the last request are issued by the same browser, so there is a cookie. Cookies enable HTTP to carry state information, such as whether you are logged in or not. Cookie is mainly used for: 1, session state management (login, shopping cart, etc.) 2, personalized Settings (user’s personal web page skin) 3, browser behavior tracking
Create a cookie
Cookies can be created either on the server side or the client side.
Server Creation
Server pass
set-Cookie:foo=bar
Copy the code
The above code saves a cookie with key foo and value bar in the browser. Multiple set-cookies can be placed
// Save three cookies in the browser set-cookie: foo=bar set-cookie: test= OK set-cookie: try=noCopy the code
You can also set additional property values for cookies
set-Cookie: foo=bar; Max-age= 31536000; Secure; HttpOnly; Domain=test.com; path=/
Copy the code
Client Creation
Cookies can be turned off
/ / whether to open the browser's Cookie functionality, open the window. By default the navigator. CookieEnabledCopy the code
So how does a script create a Cookie
document.cookie = "bar=foo; Domain=test.com"
Copy the code
The attribute of the Cookie
Domain and Path
Domain and path mainly limit Cookie’s space range, and even a 39 meter broadsword can’t cut me from 40 meters away. Domain= WWW. = Domain=test.com So when you visit test.com/ or a.test.com/ or b.test.com, you put cookies on it. Path is the Path. The default Path is/root. So at test.com/login I will bring cookies, at test.com/register I will not bring cookies.
2. Expires and Max-age
These two goods mainly limit the time of Cookie, god gives it a deadline, when the expiration will be heaven. The Expires attribute represents a specific time, which is related to the local system’s time, so it’s not very accurate. Use UTC format, you can use the Date. The prototype. ToUTCString (). Max-age Indicates a time, in seconds, for example, 60 * 60 * 24 * 365 a year. The Cookie will expire after one year.
Secure and HttpOnly
Secure indicates that the browser sends the Cookie to the server only in HTTPS mode. The Secure attribute HttpOnly specifies that the Cookie cannot be obtained by script and is carried only when the browser makes a qualified Http request.
SameSite
The SameSite Cookie allows the server to request that a Cookie not be sent across sites. CSRF cross-site attacks can be prevented. SameSite values: 1, none, same as before, send cookies across or on the SameSite. Strict, the browser will only send cookies when visiting the same site. Is to prohibit all cross-site cookies. 3. Lax, similar to Strict, except when the user navigates from an external site to a URL (for example, via a link). In newer browsers, the default options are: (1) a link, (2) preload (3) Get form these send cross-site cookies
Refer to the link
Javascript.ruanyifeng.com/bom/cookie…. Developer.mozilla.org/zh-CN/docs/…