The content of this article is about what are cookies in node? how to use? It has certain reference value. Friends in need can refer to it. I hope it will be helpful to you.
Why do we need cookies
We know that http
is a stateless protocol. What does stateless mean?
Let me give a small example to illustrate: For example, Xiao Ming is shopping online. He browses multiple pages and purchases some items. These requests are completed in multiple connections. If no additional means are used, the server cannot We know exactly what he purchased, because the server simply doesn’t know whether the person requesting each time is Xiao Ming, unless Xiao Ming has a identification
to prove that he is Xiao Ming.
So, in order to identify the user's identity and perform session tracking, cookies appear.
What is a cookie
Simply put, a cookie is an identifier.
Strictly speaking, a cookie is some information stored on the client
. It is submitted by the browser to the server every time it is connected, and the server also initiates a request to the browser to store the cookie, relying on this method. , the server can identify the client.
Specifically, when the browser initiates a request to the server for the first time, the server will generate a unique identifier
and send it to the client browser. The browser will store this unique identifier in Cookie. In each request initiated, the client browser transmits this unique identifier to the server, and the server uses this unique identifier to identify the user.
Having said so much, open the browser and let’s take a look at this product first.
In the picture above, it is a cookie stored in the browser. Its name is name and its value is abc.
Regular cookie
It’s not enough to just look at it. Next, let’s use node to make a regular cookie.
First, install the express framework and cookieParser middleware
npm i express --save npm install cookie-parser --save
The main uses of cookieParser middleware are as follows:
Parse cookies from the browser and put them in req. In cookies;
For signed cookies, sign and unsign cookies
The code is as follows:
var express = require('express'); var cookieParser = require('cookie-parser'); var app = express(); app.use(cookieParser()); app.use(function (req, res) { if (req.url === '/favicon.ico') { return } // 设置常规cookie, 有效期为20s, 客户端脚本不能访问它的值 res.cookie('name', 'abc', { signed: false, maxAge: 20 * 1000, httpOnly: true }); console.log(req.cookies, req.url, req.signedCookies); res.end('hello cookie'); }) app.listen(4000)
After running, Open http://localhost:4000/
in the browser. Taking chrome as an example, open the browser debugging tool with f12, and you can find the cookie you defined among the cookies in the application.
The req.cookies and req.signedCookies attributes are the parsing results of the cookies in the request header sent with the http request.
Among them, req.cookies corresponds to ordinary cookies, and req.signedCookies corresponds to signed cookies.
If there is no cookie in the request, both objects will be empty.
Signed cookie
Signed cookie is more suitable for sensitive data, because it can verify the integrity of the cookie data and help prevent man-in-the-middle attacks.
Valid signed cookies are placed in the req.signedCookies
object.
The code is as follows:
var express = require('express'); var cookieParser = require('cookie-parser'); var app = express(); // 设置密钥,用来对cookie签名和解签, Express可以由此确定cookie的内容是否被篡改过 app.use(cookieParser('a cool secret')); app.use(function (req, res) { if (req.url === '/favicon.ico') { return } // 设置签名cookie, 并且有效期为1min res.cookie('name', 'efg', { signed: true, maxAge: 60 * 1000, httpOnly: true }); console.log(req.cookies, req.url, req.signedCookies); res.end('signed cookie'); }) app.listen(4000)
After running, open http://localhost:4000/
Take chrome as an example, f12 to open the browser debugging tool, in the application You can find the signed cookie you defined in the cookies, the format is as follows: s:efg.7FJDuO2E9LMyby6+o1fGQ3wkIHGB9v1CDVWod8NQVAo
. The left side of the number is the value of the cookie, and the right side is the encrypted hash value generated by SHA-1 HMAC on the server.
If the value of this signed cookie is tampered with, the decryption of the cookie on the server will fail, and the req.signedCookies output in the node will be false. As follows:
And if the cookie is passed intact, it will be parsed correctly:
Summary
You can store any type of text data in a cookie, but usually a session cookie
is stored on the client side so that you can Preserve full user state on the server side.
Related recommendations:
Detailed explanation of Promise in jQuery, Angular, and node
##How to use the cluster cluster in node
The above is the detailed content of What are cookies in node? how to use?. For more information, please follow other related articles on the PHP Chinese website!

去掉重复并排序的方法:1、使用“Array.from(new Set(arr))”或者“[…new Set(arr)]”语句,去掉数组中的重复元素,返回去重后的新数组;2、利用sort()对去重数组进行排序,语法“去重数组.sort()”。

本篇文章给大家带来了关于JavaScript的相关知识,其中主要介绍了关于Symbol类型、隐藏属性及全局注册表的相关问题,包括了Symbol类型的描述、Symbol不会隐式转字符串等问题,下面一起来看一下,希望对大家有帮助。

怎么制作文字轮播与图片轮播?大家第一想到的是不是利用js,其实利用纯CSS也能实现文字轮播与图片轮播,下面来看看实现方法,希望对大家有所帮助!

本篇文章给大家带来了关于JavaScript的相关知识,其中主要介绍了关于对象的构造函数和new操作符,构造函数是所有对象的成员方法中,最早被调用的那个,下面一起来看一下吧,希望对大家有帮助。

本篇文章给大家带来了关于JavaScript的相关知识,其中主要介绍了关于面向对象的相关问题,包括了属性描述符、数据描述符、存取描述符等等内容,下面一起来看一下,希望对大家有帮助。

方法:1、利用“点击元素对象.unbind("click");”方法,该方法可以移除被选元素的事件处理程序;2、利用“点击元素对象.off("click");”方法,该方法可以移除通过on()方法添加的事件处理程序。

本篇文章给大家带来了关于JavaScript的相关知识,其中主要介绍了关于BOM操作的相关问题,包括了window对象的常见事件、JavaScript执行机制等等相关内容,下面一起来看一下,希望对大家有帮助。

foreach不是es6的方法。foreach是es3中一个遍历数组的方法,可以调用数组的每个元素,并将元素传给回调函数进行处理,语法“array.forEach(function(当前元素,索引,数组){...})”;该方法不处理空数组。


Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

AI Hentai Generator
Generate AI Hentai for free.

Hot Article

Hot Tools

DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software

SublimeText3 Mac version
God-level code editing software (SublimeText3)

PhpStorm Mac version
The latest (2018.2.1) professional PHP integrated development tool

Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.

Zend Studio 13.0.1
Powerful PHP integrated development environment
