Who can vividly explain how to understand conversation? Can you give an example~

Every time the browser opens a page, does it count as establishing a new session?

Reply content:

Every time the browser opens a page, does it count as establishing a new session?

Session maintains certain continuous access status, HTTP is stateless, you first open http://www.xxx.com/1/ and then http://www.xxx.com/2/ or you refresh Check the page. How do I know on the server side that you are the same person? IPv4 is unreliable. Your company may only have one external IP. If it goes through several levels of non-transparent proxies, it will be even less reliable.

But this need to maintain status is a hard need, and it can be solved in general. If so, I figured out that as long as every request is brought with an ID that indicates a unique identity, it will be done. If it is not brought with it the first time, just assign it to him. In the specific implementation, it is usually passed on the URL through Cookie or appended. This ID is also the SessionID. Usually different server environments have fixed names, such as PHP, which is usually called PHPSESSID, Servlet, which is usually called jsessionid, etc., of course. You can choose another name, as long as it achieves the purpose of passing "identifying ID".

Let’s talk about the SESSION on the server side. For SESSION, the server is equivalent to having a Key-Value database. This library can be a file system, or other relational database or key-value database. Through the SessionID sent by the browser, the corresponding Session data is retrieved. This data is commonly referred to as session data.

---

You mentioned "Every time the browser opens a page, does it count as establishing a new session?" This is a good question. Let's talk about the life cycle of the session. In fact, it should be discussed in two parts. One is the life of the session ID. Cycle, one is the life cycle of session data.

Life cycle of session ID: At present, the more common method of passing SessionID is to pass it through Cookie. A Cookie record probably has several attributes: name, value, path, domain name, expiration time, etc. You mentioned "open" "A page", I think it should be corrected to "open the browser". This expiration time is usually called the session period, that is, when the browser is closed and reopened, the original cookie will become invalid (that is, it will no longer be delivered). But not all SessionID expiration must be like this. You can set the validity period for your sessionid cookie, and you can extend this time every time you visit, so that even if you close and reopen the browser, the user can continue as long as they do not manually clear the cookie. Pass on and keep remembering your status.

Life cycle of session data: On the server side, we can also set an expiration time for the Session. If there is no reading or writing for more than 30 minutes, it will become invalid (that is, deleted or not returned). Of course, different server software environments may have different default settings and setting methods for this time.

---

Let’s talk about logging in.

What does user login have to do with this Session? To put it simply, logging in means recording your user identity in your Session data, which directly associates the current SessionID with the user (ID). Of course, if you like, your SessionID can be exactly the same as the user ID (preferably encryption or obfuscation).

Session is not necessarily related to the login status. For example, if you go to an e-commerce website, you can still put the products in your shopping cart without logging in. For the e-commerce website, he can put your shopping cart data. It can be used in Session, Cookie, LocalStoreage or SesisonStoreage. The first one is on the server side, the second one is delivered synchronously on the client side and the server side, and the last two are pure client side. No matter what method, at this time, the e-commerce website only needs to know that a temporary customer ABCDEF (SessionID) has taken this bunch of things. When you want to check out, you need to log in to identify yourself so that you can pay and ship. Go to the address you already filled in. If this e-commerce merchant feels that he won’t have many transactions with you in the future (one-time sale) and doesn’t want to know who you are, and the payment process is very simple (scan the QR code), he doesn’t need you to log in at all.

The most obvious example is that many advertising platforms embed codes everywhere to track your cookies (actually, they record and analyze some of your browsing status and browsing history), so that they know which websites you have visited and what content you like. Then we can push targeted advertisements to you. But in order to avoid unnecessary trouble, he doesn’t want to know who you are (or doesn’t want you to know his existence), so he doesn’t need to show you the login dialog box; in this case, you are in his The platform is "anonymous", but he can still learn a lot about you.

---

Because I have been developing in the field of Internet advertising for many years, every time I explain the example of advertising to others, others are very scared. How can I "plant" a cookie to "track" my browsing history?

That’s not the case.

The advertising platform will cooperate with the content website and let the content website embed a small piece of code. This code can be a js, or <script> tag, or <iframe> tag, or <img / alt="Who can vividly explain how to understand conversation? Can you give an example~" > tag. In short, it needs to be done When you open this page, the browser will also request a URL address from the advertising platform. The advertising platform will use the parameters, Referer, etc. brought by this request to analyze what type of content you are watching, how long you will stay, etc. Wait, record the required information, and analyze your interests and hobbies. For example, if you often read mobile phone review webpages, the advertising platform can draw the conclusion that you like smartphones recently. It can even analyze whether you like low-priced or high-priced mobile phones based on this, and then tag you so that you can receive ads. You can then focus on pushing ads that match your interests. </script>

In other words, a website without tracking code cannot track your movements.

The bad news is, do you think it’s all for nothing?

So is there any way to "defend"? The answer is yes, because generally speaking, the domain name of the website you visit is not consistent with that of the advertising platform, so... I am too lazy to type, see: http://baike.sogou.com/v63400314.htm?fromTitle= Do+Not+Track

Of course, as the saying goes, "The devil is as high as the Tao". This "war" will not end easily.

---

Brother, is it easy for me to write so much? Please give me a thumbs up ^________^.

You met a girl on the street. Note that it was a meeting, not a meeting, or a conversation. Because there was contact (that is, session_id), and then you left the phone number, then the session will have value. If it is just If you touch the girl's clothes but not her skin, it means that the girl has turned off cookies. You don't have a session_id. Unless that girl is your girlfriend, you have already modified the configuration on her

You can understand session instead of session, although they may mean the same thing
Then understand session + cookie

My understanding is that when you open a browser and visit a website, a session is opened, and then your subsequent visits to the website are counted in this session until you close the browser and end.

This is not calculated whether it is possible or not, but written by the backend itself. If you enter the website and add a session in the backend, then it counts as a session. But most of them don’t do this. They usually add a session based on your username after logging in (so most websites want you to log in to prevent them from forgetting your information). It is used to record all your data (backend You need to put the required data into the session according to your needs (you have to write the code yourself). These data are public data for this person and can be used directly in most places