cookie和session

cookie:存储在浏览器，请求服务器时顺便发给服务器。不安全的

session:存储在服务器，不是独立存在的，基于cookie。安全问题:session劫持

token：存在cookie里的session-ID

 

cnpm i cookie-parser -D
const express = require('express);
const cookieParser = require('cookie-parser');

let server = express();
server.listen(8520);

server.use(cookieParser());

server.get('/a',(req,res)=>{
    console.log(req.cookies);
    res.cookie('amount',99.8,{
        maxAge:14*86400*1000,
    });
})

---

cookie不跨域
子域名可以访问父级，但父级不能访问子级
www.baidu.com -> baidu.com
baidu.com -x> www.baidu.com
domain:'baidu.com'
path:'/'

 

签名：需要一个秘钥。

cnpm i cookie-parser -D
const express = require('express);
const cookieParser = require('cookie-parser');

let server = express();
server.listen(8520);

server.use(cookieParser('asdfasdfasdfasdfasdfaasdfasdfasdfas'));

server.get('/a',(req,res)=>{
    console.log('cookie',req.cookies);    //未签名
    console.log('signed:',req.signedCookies);    //签名的
    res.cookie('amount',99.8,{
        httpOnly:true,
        //secure:true,    //只有https才能使用
        signed:true,        
        maxAge:14*86400*1000,
    });
})

 

cookie————大小4k
cookie不是独立存在的

 

cnpm i cooke-session -domain
const cookieSession = require('cookie-session');

let server=express();
server.listen(8520);

server.ues(cookieSession({
    keys:[
        'asdfa1234s','asdfasdf','adsfasdff1f2','fasdfweqrf123'
    ] //循环秘钥,
    maxAge:20*60*1000   //20分钟
}))

server.get('/a',(req,res)=>{
    console.log(req.session);
    if(!req.session['view']){
        req.session['view']=1;
    }else{
        req.session['view']++;
    }

    req.session['amount']=99.8;

    res.send(`欢迎您第${req.session['view']}次到访本站，你的余额是:${req.session['amount']}`);
})

serssion的本质上还是cookie