cookie:存储在浏览器,请求服务器时顺便发给服务器。不安全的 session:存储在服务器,不是独立存在的,基于cookie。安全问题:session劫持 token:存在cookie里的session-ID
cnpm i cookie-parser -D
const express = require('express);
const cookieParser = require('cookie-parser');
let server = express();
server.listen(8520);
server.use(cookieParser());
server.get('/a',(req,res)=>{
console.log(req.cookies);
res.cookie('amount',99.8,{
maxAge:14*86400*1000,
});
})
cookie不跨域 子域名可以访问父级,但父级不能访问子级 www.baidu.com -> baidu.com baidu.com -x> www.baidu.com domain:'baidu.com' path:'/'
签名:需要一个秘钥。
cnpm i cookie-parser -D
const express = require('express);
const cookieParser = require('cookie-parser');
let server = express();
server.listen(8520);
server.use(cookieParser('asdfasdfasdfasdfasdfaasdfasdfasdfas'));
server.get('/a',(req,res)=>{
console.log('cookie',req.cookies); //未签名
console.log('signed:',req.signedCookies); //签名的
res.cookie('amount',99.8,{
httpOnly:true,
//secure:true, //只有https才能使用
signed:true,
maxAge:14*86400*1000,
});
})
cookie————大小4k
cookie不是独立存在的
cnpm i cooke-session -domain
const cookieSession = require('cookie-session');
let server=express();
server.listen(8520);
server.ues(cookieSession({
keys:[
'asdfa1234s','asdfasdf','adsfasdff1f2','fasdfweqrf123'
] //循环秘钥,
maxAge:20*60*1000 //20分钟
}))
server.get('/a',(req,res)=>{
console.log(req.session);
if(!req.session['view']){
req.session['view']=1;
}else{
req.session['view']++;
}
req.session['amount']=99.8;
res.send(`欢迎您第${req.session['view']}次到访本站,你的余额是:${req.session['amount']}`);
})
serssion的本质上还是cookie