First of all, you must talk about what the session is to do. Session can store targeted user information storage mechanisms for IE with a user and any window opened through its current window. Why do you say this.
The following is the related content of the usage and understanding of the use of Session and cookies in ASP applications. The article tutorial mainly describes some technologies and knowledge related to Session Cookie. For more content, please visit http://www.vevb.com and get to get it. More latest tutorials, the following is the tutorial explanation:
Let's talk about session first
The argument about Session has never stopped, but people who can understand session should account for more than 90.
But still talk, don't think you are old ~
Some people agree with session, and some people disagree. But what do this question say. May wish to listen to my opinion
If you have any errors, please do not lose things, except gold bars and coins.
Some people should know that I am doing rivers and lakes, and the rivers and lakes procedures are looking at efficiency, but I don’t talk about design here, and
From some practical perspectives, session.
First of all, you must talk about what the session is to do. Session can store IEs for a certain user and pass by it.
Any window opened in the front window has a targeted user information storage mechanism. Why do you say that. Below
First study how the session is started. After opening IE, after browsing the website, you will send a instruction request sessionid to
And download permits for various types of data, such as pictures, sounds and flash.
Data actual transmission content: IE to server
Get / http / 1.1
Accept: Image/GIF, Image/X-XBITMAP, Image/JPEG, Image/PJPEG, Application/X-Shockwave-Flash, */ *
Accept-language0: zh-cn
Accept-entrete: gzip, deflate
User-agent: mozilla/4.0 (compatible; msie 5.01; Windows NT 5.0)
Host: www.jh521.com
Connection: kep-alive
The server returns an unused sessionid for IE. At that time, IE would store the return sessionid
And return to the download data on the related page at the same time, as follows: server to IE
Http/1.1 200 ok
Server: Microsoft-IIS/5.0
Date: sun, 30 nov 2003 16:41:51 gmt
Content-level: 21174..content-type: text/html
Set-Cookie: AspSessionidCACACBBBBRT = IBOMFONAOJFEEBHBPIENJFFC; PATH =/
Cache-control: Private
Then there is the page HTML code
At this time, this IE program (not a client) sessionid is iBOMFONAOJFEEBHBPIENJFFC
And when IE visits the AP program at any of this site, I will send iBOMFONAOJFEEBHBPIENJFFC
To the server, the server will know that ibomfonaojfeebhbpienjffc means you
And set the session (name) = name on the server
It can be regarded as it is
Session (iBomfonaojfeebhbpienjffc) (name) = name
or
Session (sessionid) (name) = name
In this way, the session is separated from users.
And when the server feeds this ID, you will see if this ID is used. If you are changing one
Anyway, it won't make you repeat. If you want to simulate someone's session ID to deceive. But get
The opponent's IE transmits signals and may only be implemented without being canceled at that time.
But if I have that time, I will find him name and pass directly through the POST signal. I don't spend this energy
Presumably some people understand how the sessionid works
So just look at cookie, some people say that sessionid is cookie. According to technical terms, they do not belong to the same kind
But it belongs to a working model, users and servers transmit private data
When I set Cookie, the server will feedback to IE a instruction. IE generates cookies through this network instruction
Storage, this information will be obtained at a specific time such as visiting this site and cookid.
So why do you use cookies instead of session?
Look at the difference
Valid time and storage method transmission content
Cookie can be set and retains clear information locally
SESSION is not closed in IE and the server does not timeout only sessionid
If you want users to log in to the website next time you don’t need to enter the user name or password, you can only use cookies,
Because he can retain a long time (before the cookie record is deleted or the date of failure)
And session is not possible. He will not keep it for too long, and after IE is closed
When you log in the next time you log in, you will ask for a new sessionid
When the server wants to check the user's state through the user's personal variable, you cannot use cookie
If the user permissions are set to be used. When IE visits, the User's significant code is transmitted to the server.
Then if I go through a certain means, such as directly modify the cookie record, modify the user to admin to admin ~~
It's troublesome.
However
Okay, I'm a bit tired, I'm talking about this
Request.servervariables (http_referr)
I think there are some people through this request.servervariables (http_referr)
For some key limits, especially to deal with remote submission and illegal invasion.
Then I need to remind the server that the http_referr information obtained is completely transmitted to the server. It can be simulated
And it is not difficult. You can use VB to make a procedure for HTTP_Referr invasion in less than half an hour.
(Unfortunately, I did not do things in the scripture, and did the web game hanging program)
End. The tutorial is finished here. Is there any harvest in reading? This site also provides content related to Session cookie, welcome to continue reading.