2016-12-25 09:16
浏览 197


Quick Question: When you login to your account on a website what does it do to keep you logged in so you don't login again and again when you visit another page?

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

4条回答 默认 最新

  • dougua4836
    dougua4836 2016-12-25 09:54

    It is all about sessions.


    In computer science, in particular networking, a session is a semi-permanent interactive information interchange, also known as a dialogue, a conversation or a meeting, between two or more communicating devices, or between a computer and user Web server session management ... Hypertext Transfer Protocol (HTTP) is stateless: a client computer running a web browser must establish a new Transmission Control Protocol (TCP) network connection to the web server with each new HTTP GET or POST request. The web server, therefore, cannot rely on an established TCP network connection for longer than a single HTTP GET or POST operation. Session management is the technique used by the web developer to make the stateless HTTP protocol support session state. For example, once a user has been authenticated to the web server, the user's next HTTP request (GET or POST) should not cause the web server to ask for the user's account and password again. For a discussion of the methods used to accomplish this see HTTP cookie and Session ID

    In situations where multiple web servers must share knowledge of session state (as is typical in a cluster environment) session information must be shared between the cluster nodes that are running web server software. Methods for sharing session state between nodes in a cluster include: multicasting session information to member nodes (see JGroups for one example of this technique), sharing session information with a partner node using distributed shared memory or memory virtualization, sharing session information between nodes using network sockets, storing session information on a shared file system such as a distributed file system or a global file system, or storing the session information outside the cluster in a database.

    If session information is considered transient, volatile data that is not required for non-repudiation of transactions and does not contain data that is subject to compliance auditing then any method of storing session information can be used. However, if session information is subject to audit compliance, consideration should be given to the method used for session storage, replication, and clustering.

    In a service-oriented architecture, Simple Object Access Protocol or SOAP messages constructed with Extensible Markup Language (XML) messages can be used by consumer applications to cause web servers to create sessions.

    In raw php (most well known frameworks has session management middleware, so you shouldn't worry about it) if you want to manage a session, you have to include


    procedure on top of your pages. When you do this, you are creating a 24 minutes (1440 seconds) session (by default).

    You can modify it to any integer from your php.ini file.

    All session data in php stored in $_SESSION global. Hence, it is an array, so you can set session variables (aanything you want) like,

    $_SESSION['user_name'] = 'ernesto';
    $_SESSION['foo'] = 'bar';

    At any time of your application, you can remove $_SESSION variables,


    Assume, you've already set variables above,


    will print empty array as you've removed variables by unset procedure.

    If you want completely to destroy a session,


    will do it for you.

    点赞 评论
  • donglv9116
    donglv9116 2016-12-25 09:28

    Html pages are stateless, meaning when you refresh a page, all data came from server previously, are gone and have to be requested again.

    there are different ways to store data in browser, i.e Cookies.

    When you login for the first time, The page stores your login Data in browser, so when you change the page or refresh, the page tries to log you in with that Data, if exists! Otherwise you have to type your login data again!

    you can simply test this by clearing your browser cache.

    点赞 评论
  • douhuan1257
    douhuan1257 2016-12-25 09:30

    use cookie you can learn: Cookie or Session you can learn Session

    点赞 评论
  • doushou6480
    doushou6480 2016-12-25 10:39

    Cookies and Session are some of the traditional ways that authentication details are stored in browser. However through these approaches server has to keep track of logged in users and their cookies to validate. So there is some server operation in managing logged in users.
    However there's a new approach known as JSON Web Token aka JWT. Here server will generate an user specific token and sends into browser client on logging moment. Browser will store this token in HTML5 Local Storage or Session Storage and will be sending this token with every request!
    So here for every refresh browser code can check for the availability of this token in Local Storage or Session Storage. Advantage of this approach is that the server doesn't have to keep track of issued token and is able to extract data from token if needed.
    This JWT is widely used in authenticating Web applications developed using advanced Javascript frameworks : Angularjs or Reactjs(with supporting libraries)

    点赞 评论