HTTP The Definitive Guide

Cookies are the best current way to identify users and allow persistent sessions. They don't suffer
many of the problems of the previous techniques, but they often are used in conjunction with those
techniques for extra value. Cookies were first developed by Netscape but now are supported by all
major browsers.
Because cookies are important, and they define new HTTP headers, we're going to explore them in
more detail than we did the previous techniques. The presence of cookies also impacts caching, and
most caches and browsers disallow caching of any cookied content. The following sections present
more details.

11.6.1 Types of Cookies
You can classify cookies broadly into two types: session cookies and persistent cookies. A session
cookie is a temporary cookie that keeps track of settings and preferences as a user navigates a site. A
session cookie is deleted when the user exits the browser. Persistent cookies can live longer; they are
stored on disk and survive browser exits and computer restarts. Persistent cookies often are used to
retain a configuration profile or login name for a site that a user visits periodically.
The only difference between session cookies and persistent cookies is when they expire. As we will
see later, a cookie is a session cookie if its Discard parameter is set, or if there is no Expires or Max-
Age parameter indicating an extended expiration time.

11.6.2 How Cookies Work
Cookies are like "Hello, My Name Is" stickers stuck onto users by servers. When a user visits a web
site, the web site can read all the stickers attached to the user by that server.
The first time the user visits a web site, the web server doesn't know anything about the user (Figure
11-3a). The web server expects that this same user will return again, so it wants to "slap" a unique
cookie onto the user so it can identify this user in the future. The cookie contains an arbitrary list of
name=value information, and it is attached to the user using the Set-Cookie or Set-Cookie2 HTTP
response (extension) headers.
Cookies can contain any information, but they often contain just a unique identification number,
generated by the server for tracking purposes. For example, in Figure 11-3b, the server slaps onto the
user a cookie that says id="34294". The server can use this number to look up database information
that the server accumulates for its visitors (purchase history, address information, etc.).
However, cookies are not restricted to just ID numbers. Many web servers choose to keep information
directly in the cookies. For example:
Cookie: name="Brian Totty"; phone="555-1212"
The browser remembers the cookie contents sent back from the server in Set-Cookie or Set-Cookie2
headers, storing the set of cookies in a browser cookie database (think of it like a suitcase with stickers
from various countries on it). When the user returns to the same site in the future (Figure 11-3c), the
browser will select those cookies slapped onto the user by that server and pass them back in a Cookie
request header.

Figure 11-3. Slapping a cookie onto a user

Cookies Client Identification的更多相关文章

  1. Technical analysis of client identification mechanisms

    http://www.chromium.org/Home/chromium-security/client-identification-mechanisms Chromium‎ > ‎Chro ...

  2. Cookies and Session Tracking Client Identification cookie与会话跟踪 客户端识别

    w HTTP The Definitive Guide Cookies can be used to track users as they make multiple transactions to ...

  3. Cookies, Security, and Privacy Client Identification

    w HTTP The Definitive Guide Cookies themselves are not believed to be a tremendous security risk, be ...

  4. Cookies and Caching Client Identification

    w HTTP The Definitive Guide 11.6.9 Cookies and Caching You have to be careful when caching documents ...

  5. The Personal Touch Client Identification 个性化接触 客户识别

    w服务器要知道和谁在交谈. HTTP The Definitive Guide Web servers may talk to thousands of different clients simul ...

  6. combined with the Referer header, to potentially build an exhaustive data set of user profiles and browsing habits Client Identification

    w https://www.zhihu.com/question/35307626 w 0-客户端(附加用户信息)首次请求服务端--->服务端生成session(有唯一性).session_id ...

  7. Fat URLs Client Identification

    w在每个URL后面都附加一个用户特有的标识码. HTTP The Definitive Guide Some web sites keep track of user identity by gene ...

  8. Client IP Address Client Identification

    HTTP The Definitive Guide Early web pioneers tried using the IP address of the client as a form of i ...

  9. HTTP Headers Client Identification

    用户信息通过HTTP头部承载:不能实现用户唯一性标识. w HTTP The Definitive Guide Table 11-1 shows the seven HTTP request head ...

随机推荐

  1. 56. Two Sum【easy】

    Given an array of integers, find two numbers such that they add up to a specific target number. The ...

  2. yii2 ContentDecorator 和 block 挂件

    在做网站的过程中,大部分的页面结构都是相似的.如都有相同的头部和底部.各个页面这样仅仅是中间的部分不同. Yii中的布局文件就是用来实现这样的功能.如: 布局文件:@app/views/layouts ...

  3. 兼容浏览器的min-height和min-width

    http://www.cnblogs.com/pigtail/archive/2012/06/28/2568646.html CSS 子元素宽度变宽时,如何撑开父元素https://zhidao.ba ...

  4. 组建一台计算机5_硬件5 多位存储器&累加器&初始汇编(1)

    转载请遵循GNU开源宣言.Copyleft ! <2013>, <http://www.cnblogs.com/sciencefans from buaa 华罗庚班> 阅读此文 ...

  5. ES6学习笔记(1,let和const)

    在介绍let和const之前我们先复习一下相关的知识点. 关于函数作用域 开发过程中,在ES6(ECMA2015)标准推出之前,声明变量的方式一直都是var,而变量的作用域一般也只在函数内部,即函数作 ...

  6. Lua中的字符串函数库

    字符串库中的一些函数是非常简单的: string.len(s)          返回字符串s的长度:string.rep(s, n)      返回重复n次字符串s的串:你使用string.rep( ...

  7. crontab中运行python程序出错,提示ImportError: No module named解决全过程

    将一个python脚本放入crontab执行时,提示如下错:ImportError: No module named hashlib但是在shell中直接执行时没有任何问题,google之后,得到线索 ...

  8. 代码大全(code complete) 有感

    软件开发的工作内容 问题定义 需求分析 实现计划 总体设计 详细设计 创建即实现(编码和调试) 系统集成 单元测试 校正性维护 功能强化 隐喻 好比监听器看做是某单位的看门老大爷 这里的类比: 通过把 ...

  9. mysql -- 创建存储过程 往数据表中新增字段

    需求: 往某数据库的某个表中新增一个字段(若该字段已存在,则不做操作:若该字段不存在,则新增) 百度了n久,没有符合要求的例子,只有参考加自己琢磨,最终终于给弄出来了,以下是几个版本的更迭 第一版: ...

  10. 漫游Kafka设计篇之性能优化(7)

    Kafka在提高效率方面做了很大努力.Kafka的一个主要使用场景是处理网站活动日志,吞吐量是非常大的,每个页面都会产生好多次写操作.读方面,假设每个消息只被消费一次,读的量的也是很大的,Kafka也 ...