Quick Question: When you login to your account on a website what does it do to keep you logged in so you don't login again and again when you visit another page?
4条回答 默认 最新
- dougua4836 2016-12-25 09:54已采纳
It is all about sessions.
In computer science, in particular networking, a session is a semi-permanent interactive information interchange, also known as a dialogue, a conversation or a meeting, between two or more communicating devices, or between a computer and user Web server session management ... Hypertext Transfer Protocol (HTTP) is stateless: a client computer running a web browser must establish a new Transmission Control Protocol (TCP) network connection to the web server with each new HTTP GET or POST request. The web server, therefore, cannot rely on an established TCP network connection for longer than a single HTTP GET or POST operation. Session management is the technique used by the web developer to make the stateless HTTP protocol support session state. For example, once a user has been authenticated to the web server, the user's next HTTP request (GET or POST) should not cause the web server to ask for the user's account and password again. For a discussion of the methods used to accomplish this see HTTP cookie and Session ID
In situations where multiple web servers must share knowledge of session state (as is typical in a cluster environment) session information must be shared between the cluster nodes that are running web server software. Methods for sharing session state between nodes in a cluster include: multicasting session information to member nodes (see JGroups for one example of this technique), sharing session information with a partner node using distributed shared memory or memory virtualization, sharing session information between nodes using network sockets, storing session information on a shared file system such as a distributed file system or a global file system, or storing the session information outside the cluster in a database.
If session information is considered transient, volatile data that is not required for non-repudiation of transactions and does not contain data that is subject to compliance auditing then any method of storing session information can be used. However, if session information is subject to audit compliance, consideration should be given to the method used for session storage, replication, and clustering.
In a service-oriented architecture, Simple Object Access Protocol or SOAP messages constructed with Extensible Markup Language (XML) messages can be used by consumer applications to cause web servers to create sessions.
In raw php (most well known frameworks has session management middleware, so you shouldn't worry about it) if you want to manage a session, you have to include
procedure on top of your pages. When you do this, you are creating a 24 minutes (1440 seconds) session (by default).
You can modify it to any integer from your php.ini file.
All session data in php stored in
$_SESSIONglobal. Hence, it is an array, so you can set session variables (aanything you want) like,
$_SESSION['user_name'] = 'ernesto'; $_SESSION['foo'] = 'bar'; ...
At any time of your application, you can remove $_SESSION variables,
Assume, you've already set variables above,
will print empty array as you've removed variables by unset procedure.
If you want completely to destroy a session,
will do it for you.点赞 评论分享
- donglv9116 2016-12-25 09:28
Html pages are stateless, meaning when you refresh a page, all data came from server previously, are gone and have to be requested again.
there are different ways to store data in browser, i.e
When you login for the first time, The page stores your login
Datain browser, so when you change the page or refresh, the page tries to log you in with that
Data, if exists! Otherwise you have to type your login data again!
you can simply test this by clearing your browser cache.点赞 评论分享
- doushou6480 2016-12-25 10:39
Cookies and Session are some of the traditional ways that authentication details are stored in browser. However through these approaches server has to keep track of logged in users and their cookies to validate. So there is some server operation in managing logged in users.
However there's a new approach known as JSON Web Token aka JWT. Here server will generate an user specific token and sends into browser client on logging moment. Browser will store this token in HTML5 Local Storage or Session Storage and will be sending this token with every request!
So here for every refresh browser code can check for the availability of this token in Local Storage or Session Storage. Advantage of this approach is that the server doesn't have to keep track of issued token and is able to extract data from token if needed.