Every time the browser opens a page, does it count as establishing a new session?
Reply content:
Every time the browser opens a page, does it count as establishing a new session?
Session maintains certain continuous access status, HTTP is stateless, you first open http://www.xxx.com/1/ and then http://www.xxx.com/2/ or you refresh Check the page. How do I know on the server side that you are the same person? IPv4 is unreliable. Your company may only have one external IP. If it goes through several levels of non-transparent proxies, it will be even less reliable.
But this need to maintain status is a hard need, and it can be solved in general. If so, I figured out that as long as every request is brought with an ID that indicates a unique identity, it will be done. If it is not brought with it the first time, just assign it to him. In the specific implementation, it is usually passed on the URL through Cookie or appended. This ID is also the SessionID. Usually different server environments have fixed names, such as PHP, which is usually called PHPSESSID, Servlet, which is usually called jsessionid, etc., of course. You can choose another name, as long as it achieves the purpose of passing "identifying ID".
Let’s talk about the SESSION on the server side. For SESSION, the server is equivalent to having a Key-Value database. This library can be a file system, or other relational database or key-value database. Through the SessionID sent by the browser, the corresponding Session data is retrieved. This data is commonly referred to as session data.
You mentioned "Every time the browser opens a page, does it count as establishing a new session?" This is a good question. Let's talk about the life cycle of the session. In fact, it should be discussed in two parts. One is the life of the session ID. Cycle, one is the life cycle of session data.
Life cycle of session ID: At present, the more common method of passing SessionID is to pass it through Cookie. A Cookie record probably has several attributes: name, value, path, domain name, expiration time, etc. You mentioned "open" "A page", I think it should be corrected to "open the browser". This expiration time is usually called the session period, that is, when the browser is closed and reopened, the original cookie will become invalid (that is, it will no longer be delivered). But not all SessionID expiration must be like this. You can set the validity period for your sessionid cookie, and you can extend this time every time you visit, so that even if you close and reopen the browser, the user can continue as long as they do not manually clear the cookie. Pass on and keep remembering your status.
Life cycle of session data: On the server side, we can also set an expiration time for the Session. If there is no reading or writing for more than 30 minutes, it will become invalid (that is, deleted or not returned). Of course, different server software environments may have different default settings and setting methods for this time.
Let’s talk about logging in.
What does user login have to do with this Session? To put it simply, logging in means recording your user identity in your Session data, which directly associates the current SessionID with the user (ID). Of course, if you like, your SessionID can be exactly the same as the user ID (preferably encryption or obfuscation).
Session is not necessarily related to the login status. For example, if you go to an e-commerce website, you can still put the products in your shopping cart without logging in. For the e-commerce website, he can put your shopping cart data. It can be used in Session, Cookie, LocalStoreage or SesisonStoreage. The first one is on the server side, the second one is delivered synchronously on the client side and the server side, and the last two are pure client side. No matter what method, at this time, the e-commerce website only needs to know that a temporary customer ABCDEF (SessionID) has taken this bunch of things. When you want to check out, you need to log in to identify yourself so that you can pay and ship. Go to the address you already filled in. If this e-commerce merchant feels that he won’t have many transactions with you in the future (one-time sale) and doesn’t want to know who you are, and the payment process is very simple (scan the QR code), he doesn’t need you to log in at all.
The most obvious example is that many advertising platforms embed codes everywhere to track your cookies (actually, they record and analyze some of your browsing status and browsing history), so that they know which websites you have visited and what content you like. Then we can push targeted advertisements to you. But in order to avoid unnecessary trouble, he doesn’t want to know who you are (or doesn’t want you to know his existence), so he doesn’t need to show you the login dialog box; in this case, you are in his The platform is "anonymous", but he can still learn a lot about you.
Because I have been developing in the field of Internet advertising for many years, every time I explain the example of advertising to others, others are very scared. How can I "plant" a cookie to "track" my browsing history?
That’s not the case.
The advertising platform will cooperate with the content website and let the content website embed a small piece of code. This code can be a js, or
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
