w

https://www.zhihu.com/question/35307626

w

0-客户端(附加用户信息)首次请求服务端---》服务端生成session(有唯一性)、session_id,cookie(可能含有用户名、登录密码、浏览历史),并且设定cookie的生命周期、适用域名、适用域名下的路径

1-上述客户端(附加用户信息)再次请求服务端
1-0-客户端禁用cookie,客户端页面跳转或者post/get至服务端时,会同时request session_id至服务端
1-1-客户端不禁用cookie,此时客户端不向服务端传送session_id,客户端仅发送cookie
:无论客户端是否禁用cookie,服务端都可以成功识别客户端

客户端,不仅仅限于浏览器?qq PC mobile 聊天的历史列表

发问:

客户端存储路径:浏览器内存、硬盘,谁决定的?

https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=en

w

-1-cookie服务于session,用于标识客户端请求者;

0-cookie由服务端产生,送至客户端;

1-客户端浏览器

  1-0-允许

 在浏览器所耗内存或硬盘存储cookie;

  1-1-拒绝

则服务端在响应客户端请求时,将session_id返回客户端,而客户端再次请求时,将session_id附加到请求中;

2-服务端在识别客户端请求者的同时,可以存储请求者信息,如登录帐名、货品浏览记录等:可以直接存储到cookie中,也可以直接存储到服务端文件、数据库中。

3-服务端决定客户端cookie生命周期、可用域名、可用路径,而客户端浏览器存储cookie是在关闭浏览器即消失浏览器所耗的内存中,或是硬盘中:这个哪个因素决定的?

w

HTTP The Definitive Guide

11.6.4 Different Cookies for Different Sites
A browser can have hundreds or thousands of cookies in its internal cookie jar, but browsers don't
send every cookie to every site. In fact, they typically send only two or three cookies to each site.
Here's why:

Moving all those cookie bytes would dramatically slow performance. Browsers would
actually be moving more cookie bytes than real content bytes!

Most of these cookies would just be unrecognizable gibberish for most sites, because they
contain server-specific name/value pairs.

Sending all cookies to all sites would create a potential privacy concern, with sites you don't
trust getting information you intended only for another site.
In general, a browser sends to a server only those cookies that the server generated. Cookies generated
by joes-hardware.com are sent to joes-hardware.com and not to bobs-books.com or marys-
movies.com.
Many web sites contract with third-party vendors to manage advertisements. These advertisements are
made to look like they are integral parts of the web site and do push persistent cookies. When the user
goes to a different web site serviced by the same advertisement company, the persistent cookie set
earlier is sent back again by the browser (because the domains match). A marketing company could
use this technique, combined with the Referer header, to potentially build an exhaustive data set of user profiles and browsing habits. Modern browsers allow you to configure privacy settings to restrict
third-party cookies.

11.6.4.1 Cookie Domain attribute

A server generating a cookie can control which sites get to see that cookie by adding a Domain
attribute to the Set-Cookie response header. For example, the following HTTP response header tells
the browser to send the cookie user="mary17" to any site in the domain .airtravelbargains.com:
Set-cookie: user="mary17"; domain="airtravelbargains.com"
If the user visits www.airtravelbargains.com, specials.airtravelbargains.com, or any site ending in
.airtravelbargains.com, the following Cookie header will be issued:
Cookie: user="mary17"
11.6.4.2 Cookie Path attribute

The cookie specification even lets you associate cookies with portions of web sites. This is done using
the Path attribute, which indicates the URL path prefix where each cookie is valid.
For example, one web server might be shared between two organizations, each having separate
cookies. The site www.airtravelbargains.com might devote part of its web site to auto rentals—say,
http://www.airtravelbargains.com/autos/—using a separate cookie to keep track of a user's preferred
car size. A special auto-rental cookie might be generated like this:
Set-cookie: pref=compact; domain="airtravelbargains.com";
path=/autos/
If the user goes to http://www.airtravelbargains.com/specials.html, she will get only this cookie:
Cookie: user="mary17"
But if she goes to http://www.airtravelbargains.com/autos/cheapo/index.html, she will get both of
these cookies:
Cookie: user="mary17"
Cookie: pref=compact
So, cookies are pieces of state, slapped onto the client by the servers, maintained by the clients, and
sent back to only those sites that are appropriate. Let's look in more detail at the cookie technology
and standards.

最新文章

  1. Xcode 运行程序,左侧memory 不显示内存
  2. Python开发入门与实战21-订阅事件(subscribe)
  3. 64位系统如何导入excel
  4. Promises与Javascript异步编程
  5. error: qrc_qml.obj: requires unsupported dynamic reloc R_ARM_REL32; recompile with -fPIC解决办法
  6. SQL Server Data Tool 嘹解(了解)一下 SSDT -摘自网络
  7. Delphi 第三方组件
  8. Java GC CMS 日志分析
  9. 分布式一致性算法Raft
  10. 【IOS 开发】Object - C 语法 之 流程控制
  11. Hibernate 5 入门指南-基于JPA
  12. mongodb4.0.2 复制集主从部署
  13. mysql、oracle分库分表方案之sharding-jdbc使用(非demo示例)
  14. echarts画中国地图并上色
  15. find和find_if
  16. Linux界面交互与目录结构
  17. SnowFlake 生成全局唯一id
  18. 斐讯K2P配置文件破解笔记
  19. MySQL数据库(3)----设置和使用自定义变量
  20. POJ3495 Bitwise XOR of Arithmetic Progression

热门文章

  1. Ubuntu/Debian交叉编译安装ARM平台版本的ffmpeg
  2. ubuntu 16.04 安装 ITDB
  3. ERROR C3848:具有类型"const XXX" 的表达式会丢失一些 const-volatile 限定符以调用"YYY" with"ZZZ"
  4. Js 省市联动
  5. getAttribute()方法
  6. [转]基于Storm的实时数据处理方案
  7. 安全 流程服务器开新机器 内外网 iptables 安全组 用户安全root用户的使用.
  8. NPOI导入Excel日期格式的处理 - 附类型格式匹配表
  9. 【转】H5页面的测试点总结
  10. php if语句判定ms查询是否为空