First of all, you need to understand the following basic knowledge:
1. The HTTP protocol is used to browse the web
2. The HTTP protocol is stateless
3. The whole process is for the user to make a request. The server accepts the request, responds, and disconnects (stateless, no record of the connection)
4. The HTTP protocol contains two parts: protocol header and message entity
5. Session is on the server side, and cookie is on the client side
Process
1. The user sends a url request to the server. (GET /index.php HTTP/1.1)
2. The server accepts the request and searches for the index.php file on the server.
3. According to this, please search for the session_ID file on the server side. Press Normal Create a file such as: sess_e12683c5301033a408419cc9df284f7b (window2000) in the %TEMP% folder of the server, such as windows C:winnttemp (window2000)
and save some SESSION values in the file
4, return the processing results Give it to the client, and put the session_ID or other information in the response protocol header (set-Cookie). The specific information is determined according to the settings. The server disconnects
5, the client receives it, and the browser will The session_ID in the protocol header is stored in a file on the client (cookie). The file
is usually under C:Documents and Settings username Local SettingsTemporary Internet Files under Windows.
The file name of cookie is generally
Cookie: username @dommain
The general content of cookie file is:
BAIDUID Cookie name
25D4E67AC34F467A29DB9B8C85C4DEC5 Cookie value
baidu .com/ Cookie valid path
1024 Security 1024 and 1536 represent the number of bits in the modular exponential (MODP) group algorithm
3577998080 Cookie valid date
32067270 Modified date
1590083488 Creation date
29862897 Creation
6. The client sends a request to the server for the second time, and the browser will put the value in the corresponding cookie file into the protocol header of the request.
7. The service accepts the protocol header. At the same time, the cookie value is also accepted, so that the server can verify it with the saved session file
Explanation
a, in the above 3 steps, if the user also saves other session values, these values Save it as content in that session file
b. In the above 4 steps, the service can also send more cookie values to the client
c. In the above 5 steps, if the user's browser refuses cookie, then sometimes the server will attach the session_ID as a parameter after the URL, so we often see parameters such as PHPSESSID=******** or JSPSESSID=****** on some URLs. , if the browser accepts cookies, it will also put more parameters in b above into the cookie file
d. In the above 7 steps, the server will find the corresponding session file based on the session_ID, so it can also be based on the session_ID. The content of the file obtains other previously saved session values
e. The session file saved on the server has a time limit
f. The cookie file saved on the client has an expiration time.
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
