对Session和Cookie的区分与解释
对Session和Cookie的区分与理解
先说session
对SESSION的争论好象一直没有停止过,不过幺麽能理解SESSION的人应该占90以上。但还是讲讲,别嫌老~
有一些人赞成用SESSION,有一些人不赞成。但这个问题到底要怎么说。不妨听听我的看法,如果有错误请不要朝丢东西,金条和硬币除外。
有些人应该知道我是做江湖程序的,而江湖程序做看中的就是效率,但这里不谈设计,而从一些比较实际的角度看SESSION。
首先要先说SESSION是干什么的,SESSION是可以存储针对与某一个用户的IE以及通过其当前窗口打开的任何窗口具有针对性的用户信息存储机制。为什么要这样说。看下边先研究SESSION是如何启动的,当打开IE以后浏览网站后会发出一个指令请求SESSIONID以及对各个类型数据的下载许可,如图片,声音以及FLASH。
数据实际传输内容:IE到服务器
GET / HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Accept-Language0: zh-cn
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Host: www.jh521.com
Connection: Keep-Alive
服务器会返回一个没有被使用的SESSIONID让IE使用,当时IE就对返回SESSIONID做存储
并同时返回相关页面的下载数据,如下:服务器到IE
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Sun, 30 Nov 2003 16:41:51 GMT
Content-Length: 21174..Content-Type: text/html
Set-Cookie: ASPSESSIONIDCACBBBRT=IBOMFONAOJFEEBHBPIENJFFC; path=/
Cache-control: private
然后就是页面HTML代码此时这个IE程序(不是客户机)的SESSIONID就为IBOMFONAOJFEEBHBPIENJFFC而当IE在访问任何这个站点的ASP程序的时候,就会把IBOMFONAOJFEEBHBPIENJFFC发送给服务器,服务器就会知道IBOMFONAOJFEEBHBPIENJFFC是表示你而在服务器上设置SESSION("name")="name"完全可以看成是SESSION("IBOMFONAOJFEEBHBPIENJFFC")("name")="name"
或者
SESSION(SESSIONID)("name")="name"
这样,SESSION就区分开用户了。
而当服务器反馈这个ID的时候会看这个ID有没有被使用。如果有在换一个
反正不会让你重复,如果想模拟某人的SESSION的ID来进行欺骗是可以的。不过要获取到对方IE传输信号,并且在保证当时这个SESSIONID没有被取消的情况下才可能实施。
不过要是我有那时间直接通过POST信号找他NAME和PASS了。我可不费这个劲,想必一些人明白了了SESSIONID到底是如何工作的,那么就在看看COOKIE,有人说SESSIONID就是COOKIE,按照技术上来讲他们不属于同类,但是属于一种工作模式,用户和服务器传输私有数据.当我设置COOKIE的时候,服务器会反馈给IE一个指令。IE通过这个网络指令生成COOKIE并存放,在特定的时候会取得这个这个信息如在访问这个站点并且COOKID有效的时候。
那么为什么要用COOKIE而不用SESSION呢
看下区别
有效时间以及存储方式 传输内容
COOKIE 可设置并在本地保留 明码信息
SESSION 在IE不关闭并服务器不超时 只有SESSIONID
当如果想让用户下次登入网站不需要输入用户名或者密码的时候就只能用COOKIE,
因为他可以保留相当长的时间(在COOKIE记录被删除或者失效日期之前)
而SESSION就不可以,他不会保留太长时间,而且IE在关闭后就自动清除了SESSIONID记录
在下次登入的时候会请求新的SESSIONID
而服务器想通过用户个人变量校验用户的状态的时候,就不能用COOKIE
如果用设置用户权限是USER。而IE访问的时候就把USER的明码传输到服务器。
那么如果我通过一定手段,比如直接修改COOKIE记录,把USER修改成ADMIN呢~~
就麻烦了。
但存储用户名和密码或者网站的配色方案这样的信息,用COOKIE是最好的
好,有点累了,在说说这个东西
Request.ServerVariables("HTTP_REFERER")
我想有一些人通过这个Request.ServerVariables("HTTP_REFERER")
来进行一些关键性限制,特别是对付远程提交以及非法侵入。
那么我就要提醒下服务器取得的HTTP_REFERER信息完全是IE传输给服务器的,可以模拟
而且难度不大,用不到半个小时就可以用VB做出一个针对HTTP_REFERER入侵程序。
(可惜我原先那他没干正经事情,做WEB游戏挂机程序来的)
附一个不错的回贴:
------------------------------------------------------------------------------------------------------
COOKIE 是本地文件,是40大盗在阿里巴巴家做的记号,
或者是送牛奶的人在你家门口钉的箱子。
SESSION 是服务器端内存,是你洗澡时浴池发给你的钥匙。
自己专用,可以开自己的好多箱子。
APPLICATION 是公共浴池。
在这里能看见所有人,包括ppmm哦:)。
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1386
52
How to set up the keyboard boot function on a GIGABYTE motherboard (enable keyboard boot mode on GIGABYTE motherboard)
Dec 31, 2023 pm 05:15 PM
How to set up keyboard startup on Gigabyte's motherboard. First, if it needs to support keyboard startup, it must be a PS2 keyboard! ! The setting steps are as follows: Step 1: Press Del or F2 to enter the BIOS after booting, and go to the Advanced (Advanced) mode of the BIOS. Ordinary motherboards enter the EZ (Easy) mode of the motherboard by default. You need to press F7 to switch to the Advanced mode. ROG series motherboards enter the BIOS by default. Advanced mode (we use Simplified Chinese to demonstrate) Step 2: Select to - [Advanced] - [Advanced Power Management (APM)] Step 3: Find the option [Wake up by PS2 keyboard] Step 4: This option The default is Disabled. After pulling down, you can see three different setting options, namely press [space bar] to turn on the computer, press group
The first choice for CS players: recommended computer configuration
Jan 02, 2024 pm 04:26 PM
1. Processor When choosing a computer configuration, the processor is one of the most important components. For playing games like CS, the performance of the processor directly affects the smoothness and response speed of the game. It is recommended to choose Intel Core i5 or i7 series processors because they have powerful multi-core processing capabilities and high frequencies, and can easily cope with the high requirements of CS. 2. Graphics card Graphics card is one of the important factors in game performance. For shooting games such as CS, the performance of the graphics card directly affects the clarity and smoothness of the game screen. It is recommended to choose NVIDIA GeForce GTX series or AMD Radeon RX series graphics cards. They have excellent graphics processing capabilities and high frame rate output, and can provide a better gaming experience. 3. Memory power
What is the analysis of 2.8k screen?
Jan 02, 2024 pm 12:21 PM
We often see the introduction of how many K screens we have when buying TVs, computers or mobile phones, such as 2.8K screens. At this time, there will be friends who don’t know much about electronic devices and will be curious about what this 2.8K screen means and what the resolution is. What does 2.8k screen mean? Answer: 2.8k screen means that the screen resolution is 2880*18002K, which means the number of horizontal pixels is greater than 2000. For the same size screen, the higher the resolution, the better the picture quality. Introduction to resolution 1. Since the points, lines and surfaces on the screen are all composed of pixels, the more pixels the monitor can display, the finer the picture, and the more information can be displayed in the same screen area. 2. The higher the resolution, the greater the number of pixels, and the sharper the sensed image.
Digital audio output interface on the motherboard-SPDIF OUT
Jan 14, 2024 pm 04:42 PM
SPDIFOUT connection line sequence on the motherboard. Recently, I encountered a problem regarding the wiring sequence of the wires. I checked online. Some information says that 1, 2, and 4 correspond to out, +5V, and ground; while other information says that 1, 2, and 4 correspond to out, ground, and +5V. The best way is to check your motherboard manual. If you can't find the manual, you can use a multimeter to measure it. Find the ground first, then you can determine the order of the rest of the wiring. How to connect motherboard VDG wiring When connecting the VDG wiring of the motherboard, you need to plug one end of the VGA cable into the VGA interface of the monitor and the other end into the VGA interface of the computer's graphics card. Please be careful not to plug it into the motherboard's VGA port. Once connected, you can
Glodon Software's computer configuration recommendations; Glodon Software's computer configuration requirements
Jan 01, 2024 pm 12:52 PM
Glodon Software is a software company focusing on the field of building informatization. Its products are widely used in all aspects of architectural design, construction, and operation. Due to the complex functions and large data volume of Glodon software, it requires high computer configuration. This article will elaborate on the computer configuration recommendations of Glodon Software from many aspects to help readers choose a suitable computer configuration processor. Glodon Software requires a large amount of data calculation and processing when performing architectural design, simulation and other operations. Therefore, the requirements for the processor are higher. It is recommended to choose a multi-core, high-frequency processor, such as Intel i7 series or AMD Ryzen series. These processors have strong computing power and multi-thread processing capabilities, and can better meet the needs of Glodon software. Memory Memory is affecting computing
ASUS motherboard options compatible with R55600 (including R55600u and 5600h)
Jan 02, 2024 pm 05:32 PM
Which ASUS motherboard should be paired with the R55600? The ASUS ROGStrixB550-FGaming motherboard is an excellent choice. It is perfectly compatible with Ryzen55600X processor and provides excellent performance and features. This motherboard has a reliable power supply system, can support overclocking, and provides a wealth of expansion slots and ports to meet daily use and gaming needs. ROGStrixB550-FGaming is also equipped with high-quality audio solutions, fast network connections and reliable heat dissipation design to ensure that the system remains efficient and stable. In addition, this motherboard adopts a gorgeous ROG style and is equipped with gorgeous RGB lighting effects, adding visual enjoyment to your computer. All in all, ASUS ROGStri
Which one is better, Celeron g4900 or i36100? (Which one is better, Celeron g4900 or i34170?)
Jan 01, 2024 pm 06:01 PM
Which one is better, Celeron g4900 or i36100? When it comes to the two processors Celeron G4900 and I36100, there is no doubt that the performance of I36100 is superior. Celeron processors are generally considered low-end processors and are primarily used in budget laptops. The I3 processor is mainly used for high-end processors, and its performance is very good. Whether you are playing games or watching videos, you will not experience any lagging when using the I3 processor. Therefore, if possible, try to buy Intel I-series processors, especially for desktop computers, so that you can enjoy the fun of the online world. How is the performance of the Celeron G4900T? From a performance perspective, the Pentium G4900T performs well in terms of frequency. Compared with the previous version, the CPU performance is
Detailed explanation of where browser cookies are stored
Jan 19, 2024 am 09:15 AM
With the popularity of the Internet, we use browsers to surf the Internet have become a way of life. In the daily use of browsers, we often encounter situations where we need to enter account passwords, such as online shopping, social networking, emails, etc. This information needs to be recorded by the browser so that it does not need to be entered again the next time you visit. This is when cookies come in handy. What are cookies? Cookie refers to a small data file sent by the server to the user's browser and stored locally. It contains user behavior of some websites.
