w

https://www.zhihu.com/question/35307626

w

0-客户端(附加用户信息)首次请求服务端---》服务端生成session(有唯一性)、session_id,cookie(可能含有用户名、登录密码、浏览历史),并且设定cookie的生命周期、适用域名、适用域名下的路径

1-上述客户端(附加用户信息)再次请求服务端
1-0-客户端禁用cookie,客户端页面跳转或者post/get至服务端时,会同时request session_id至服务端
1-1-客户端不禁用cookie,此时客户端不向服务端传送session_id,客户端仅发送cookie
:无论客户端是否禁用cookie,服务端都可以成功识别客户端

客户端,不仅仅限于浏览器?qq PC mobile 聊天的历史列表

发问:

客户端存储路径:浏览器内存、硬盘,谁决定的?

https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=en

w

-1-cookie服务于session,用于标识客户端请求者;

0-cookie由服务端产生,送至客户端;

1-客户端浏览器

  1-0-允许

 在浏览器所耗内存或硬盘存储cookie;

  1-1-拒绝

则服务端在响应客户端请求时,将session_id返回客户端,而客户端再次请求时,将session_id附加到请求中;

2-服务端在识别客户端请求者的同时,可以存储请求者信息,如登录帐名、货品浏览记录等:可以直接存储到cookie中,也可以直接存储到服务端文件、数据库中。

3-服务端决定客户端cookie生命周期、可用域名、可用路径,而客户端浏览器存储cookie是在关闭浏览器即消失浏览器所耗的内存中,或是硬盘中:这个哪个因素决定的?

w

HTTP The Definitive Guide

11.6.4 Different Cookies for Different Sites
A browser can have hundreds or thousands of cookies in its internal cookie jar, but browsers don't
send every cookie to every site. In fact, they typically send only two or three cookies to each site.
Here's why:

Moving all those cookie bytes would dramatically slow performance. Browsers would
actually be moving more cookie bytes than real content bytes!

Most of these cookies would just be unrecognizable gibberish for most sites, because they
contain server-specific name/value pairs.

Sending all cookies to all sites would create a potential privacy concern, with sites you don't
trust getting information you intended only for another site.
In general, a browser sends to a server only those cookies that the server generated. Cookies generated
by joes-hardware.com are sent to joes-hardware.com and not to bobs-books.com or marys-
movies.com.
Many web sites contract with third-party vendors to manage advertisements. These advertisements are
made to look like they are integral parts of the web site and do push persistent cookies. When the user
goes to a different web site serviced by the same advertisement company, the persistent cookie set
earlier is sent back again by the browser (because the domains match). A marketing company could
use this technique, combined with the Referer header, to potentially build an exhaustive data set of user profiles and browsing habits. Modern browsers allow you to configure privacy settings to restrict
third-party cookies.

11.6.4.1 Cookie Domain attribute

A server generating a cookie can control which sites get to see that cookie by adding a Domain
attribute to the Set-Cookie response header. For example, the following HTTP response header tells
the browser to send the cookie user="mary17" to any site in the domain .airtravelbargains.com:
Set-cookie: user="mary17"; domain="airtravelbargains.com"
If the user visits www.airtravelbargains.com, specials.airtravelbargains.com, or any site ending in
.airtravelbargains.com, the following Cookie header will be issued:
Cookie: user="mary17"
11.6.4.2 Cookie Path attribute

The cookie specification even lets you associate cookies with portions of web sites. This is done using
the Path attribute, which indicates the URL path prefix where each cookie is valid.
For example, one web server might be shared between two organizations, each having separate
cookies. The site www.airtravelbargains.com might devote part of its web site to auto rentals—say,
http://www.airtravelbargains.com/autos/—using a separate cookie to keep track of a user's preferred
car size. A special auto-rental cookie might be generated like this:
Set-cookie: pref=compact; domain="airtravelbargains.com";
path=/autos/
If the user goes to http://www.airtravelbargains.com/specials.html, she will get only this cookie:
Cookie: user="mary17"
But if she goes to http://www.airtravelbargains.com/autos/cheapo/index.html, she will get both of
these cookies:
Cookie: user="mary17"
Cookie: pref=compact
So, cookies are pieces of state, slapped onto the client by the servers, maintained by the clients, and
sent back to only those sites that are appropriate. Let's look in more detail at the cookie technology
and standards.

combined with the Referer header, to potentially build an exhaustive data set of user profiles and browsing habits Client Identification的更多相关文章

  1. 每日英语:Google Scraps Plan to Build Hong Kong Data Center

    Internet giant Google Inc. has scrapped a plan to build its own data center in Hong Kong and will in ...

  2. dm层 集市层 四层 Build a multi-level data strategy

    集市层 四层模型 ODS(临时存储层) MID(中间层) DM(数据集市层) APP(应用层) http://www.datamartist.com/data-warehouse-vs-data-ma ...

  3. PE Header and Export Table for Delphi

    Malware Analysis Tutorial 8: PE Header and Export Table 2. Background Information of PE HeaderAny bi ...

  4. Build Telemetry for Distributed Services之OpenTracing实践

    官网:https://opentracing.io/docs/best-practices/ Best Practices This page aims to illustrate common us ...

  5. HTTP Referer二三事---转

    授权方式:署名,非商业用途,保持一致,转载时请务必以超链接(http://www.fwolf.com/blog/post/320)的形式标明文章原始出处和作者信息及本声明. 什么是HTTP Refer ...

  6. Referrer 还是 Referer?

    上回我写了一篇文章介绍「Referrer Policy」,有小伙伴看完后问我:Referrer 这个单词到底怎么拼,为什么有时候中间有两个 r,有时候只有一个? 是的,这是一个很有趣的问题,这里就给有 ...

  7. php下载远程图片方法总结(curl手动解析header)curl跳转问题解决

    常用方法一般有:. file_get_contents file_put_contents readfile($file) //效率很高. 一般代码: /** * 抓取远程图片 * * @param ...

  8. Swagger2 header 添加token

    @Bean public Docket apiDocument() { return new Docket(DocumentationType.SWAGGER_2) .groupName(" ...

  9. visual c++ build tools的安装与使用

    https://visualstudio.microsoft.com/zh-hans/thank-you-downloading-visual-studio/?sku=BuildTools&r ...

随机推荐

  1. 数据库填充DataSet,逐行访问

    DataSet 对象是 Microsoft .NET 框架中数据访问的关键部分,是可保存表.视图和关系的内存中对象.本文介绍如何使用一个或多个数据库查询的结果填充 DataSet 对象,以及在将这些数 ...

  2. PHP之文件大小的转换函数

    直接看代码: <?php function tosize($size){ $s = $size; $dw = "";#pow(2,40)是2的40次方. if($s > ...

  3. [TI-Sitara]启动流程

    前段时间在准备AM437x启动相关的一些事情,对MLO.SPL等事情也是有些糊涂,于是分享下面这篇文章 转自:http://blog.csdn.net/psvoldemort/article/deta ...

  4. 服务器操作系统应该选择 Debian/Ubuntu 还是 CentOS?

    早期,我们使用 Debian 作为服务器软件,后来转向了CentOS,主要原因如下: 1.CentOS/RHEL的生命周期是7年,基本上可以覆盖硬件的生命周期,也就意味着一个新硬件安装以后,不用再次安 ...

  5. nodejs入门开发与常用模块

    npm:NodeJs包管理器 express:服务器端比较流行的MVC框架,处理服务请求,路由转发,逻辑处理 http://socket.io:实现服务端和客户端socket通信解决方案 ); // ...

  6. ASP.NET MVC4 权限验证

    在ASP.NET MVC4 中继承ActionFilterAttribute 类,重写OnActionExecuting方法 /// <summary> /// 权限拦截 /// < ...

  7. JavaScript匿名类整理学习笔记

    以下为总结在开源的JavaScript框架中能看到很多这样语法结构(function(){})()比如我最近看的jQuery,及chediter.刚开始的时候我看到这样的结果有点奇怪,它是怎么执行的, ...

  8. 输出JS代码中的变量内容

    一. 输出JS代码中的变量内容 1. 可以直接以提示框的形式输出 alert("输出的内容"); 2. 可以输出到网页的某个位置 a. 在显示输出的位置放一个标签 <a id ...

  9. JAVA 并发编程-多个线程之间共享数据(六)

    多线程共享数据的方式: 1.假设每一个线程运行的代码同样.能够使用同一个Runnable对象,这个Runnable对象中有那个共享数据,比如,卖票系统就能够这么做. 2,假设每一个线程运行的代码不同. ...

  10. 手机游戏运营主要的指标是什么? 7天活跃, 14天活跃 ARPU ?如何提升游戏 app 的虚拟道具的收入?

    数据采集越细,手段越丰富,所获得的数据也就更加详实,虽然手机游戏没有网游那么复杂,但也需要数据化运营,而且是必要的,是优化游戏收入的关键,大家最主要关心的是下面三类数据的指标 1. 用户数量首先,在移 ...