Cookie, Session 与HTTP请求 杨亮 Web基本流程 PC Mobile 服务器 （Apache） (IIS) 后端脚本 （PHP） （JSP） （ASP） 数据库 （MySQL） （Oracle） （Access） HTTP 请求 对应⽂文件 获取数据 返回数据 返回⻚页⾯面 返回⻚页⾯面 请求⻚页⾯面 服务器端 客户端 html css ⽆无状态 Cookie Session 头部 内容 （html） Cookie 保存在浏览器端的⽤用户数据，⽤用以进⾏行会话控制 浏览器端脚本(JavaScript)设定Cookie 服务器端程序(PHP)通过HTTP请求命令浏览器设定Cookie 浏览器向服务器发送请求时会附加上相应的Cookie 服务器 PHP 浏览器 Cookie Set-Cookie:user=stefyang Set-Cookie:user=stefyang Cookie:user=stefyang 提交信息 name1 value1 name2 value2 name3 value3 name4 value4 五⼤大要素：名字、值、域、路径、过期时间 $_COOKIE[name] 所有Cookie都是放到http头信息中 服务器 PHP 浏览器 Cookie Set-Cookie:user=stefyang

掌握常用的会话跟踪技术，了解采用 URL 重写维持会话跟 踪的方法；理解 Cookie 和 Session 的协同机制，掌握使用 Cookie 和 Session 实现会话跟踪的技术。 3. 能够使用 Cookie 和 Session 编写会话跟踪代码。 大纲 会话基本概念 会话跟踪技术 本节习题 大纲 会话基本概念 会话跟踪技术 URL 重写 Cookie Java EE 会话对象 本节习题 大纲 会话基本概念 会话基本概念 会话跟踪技术 本节习题 接下来⋯ 会话基本概念 会话跟踪技术 URL 重写 Cookie Java EE 会话对象 本节习题 大纲 会话基本概念 会话跟踪技术 本节习题 什么是会话 ▶ 在 Web 应用中把客户端浏览器开始请求 Web 服务器，访问 不同 Web 文档进行请求/响应，到结束访问的一系列过程称 为会话，即一次会话（Session）。 ▶ 当用户访问第一个 Java 服务器取得参数信息，完成客户端信息的保存。 2. 隐藏表单字段 将要保存的客户信息，如用户登录账号使用 隐藏表单字段发送到服务器端，完成 Web 服务器保持客户 状态信息。 3. Cookie 使用 Java EE API 提供的 Cookie 对象，可以将客 户信息保存在 Cookie 中，完成会话跟踪功能。 4. HttpSession 对象 Java EE API 专门提供了 HttpSession 会 话对象保存客户的信息来实现会话跟踪。

class BaseHandler(tornado.web.RequestHandler): def get_current_user(self): user_id = self.get_signed_cookie("user") if not user_id: return None return self.backend.get_user_by_id(user_id) def get_user_locale(self): with the set_cookie method: class MainHandler(tornado.web.RequestHandler): def get(self): if not self.get_cookie("mycookie"): self.set_cookie("mycookie", "myvalue") self.write("Your cookie was not set set yet!") else: self.write("Your cookie was set!") Cookies are not secure and can easily be modified by clients. If you need to set cookies to, e.g., identify the cur- rently logged in user, you need

class BaseHandler(tornado.web.RequestHandler): def get_current_user(self): user_id = self.get_signed_cookie("user") if not user_id: return None return self.backend.get_user_by_id(user_id) def get_user_locale(self): with the set_cookie method: class MainHandler(tornado.web.RequestHandler): def get(self): if not self.get_cookie("mycookie"): self.set_cookie("mycookie", "myvalue") self.write("Your cookie was not set set yet!") else: self.write("Your cookie was set!") Cookies are not secure and can easily be modified by clients. If you need to set cookies to, e.g., identify the cur- rently logged in user, you need

class BaseHandler(tornado.web.RequestHandler): def get_current_user(self): user_id = self.get_signed_cookie("user") if not user_id: return None return self.backend.get_user_by_id(user_id) def get_user_locale(self): with the set_cookie method: class MainHandler(tornado.web.RequestHandler): def get(self): if not self.get_cookie("mycookie"): self.set_cookie("mycookie", "myvalue") self.write("Your cookie was not set set yet!") else: self.write("Your cookie was set!") Cookies are not secure and can easily be modified by clients. If you need to set cookies to, e.g., identify the cur- rently logged in user, you need

class BaseHandler(tornado.web.RequestHandler): def get_current_user(self): user_id = self.get_signed_cookie("user") if not user_id: return None return self.backend.get_user_by_id(user_id) def get_user_locale(self): with the set_cookie method: class MainHandler(tornado.web.RequestHandler): def get(self): if not self.get_cookie("mycookie"): self.set_cookie("mycookie", "myvalue") self.write("Your cookie was not set set yet!") else: self.write("Your cookie was set!") Cookies are not secure and can easily be modified by clients. If you need to set cookies to, e.g., identify the cur- rently logged in user, you need

class BaseHandler(tornado.web.RequestHandler): def get_current_user(self): user_id = self.get_signed_cookie("user") if not user_id: return None return self.backend.get_user_by_id(user_id) def get_user_locale(self): with the set_cookie method: class MainHandler(tornado.web.RequestHandler): def get(self): if not self.get_cookie("mycookie"): self.set_cookie("mycookie", "myvalue") self.write("Your cookie was not set set yet!") else: self.write("Your cookie was set!") Cookies are not secure and can easily be modified by clients. If you need to set cookies to, e.g., identify the cur- rently logged in user, you need

BaseHandler(tornado.web.RequestHandler): def get_current_user(self): user_id = self.get_signed_cookie("user") if not user_id: return Nonereturn self.backend.get_user_by_id(user_id) def user’s browser with the set_cookie method: class MainHandler(tornado.web.RequestHandler): def get(self): if not self.get_cookie("mycookie"): self.set_cookie("mycookie", "myvalue") "myvalue") self.write("Your cookie was not set yet!") else: self.write("Your cookie was set!") Cookies are not secure and can easily be modified by clients. If you need to set cookies

– I’m setting a response body, but it isn’t getting returned. What’s going on? – I’m setting a cookie, but it isn’t being returned in subsequent requests. – How can I serve a downloadable file with bug! Let us know so we can help. I’m setting a cookie, but it isn’t being returned in subsequent requests. By default, Falcon enables the secure cookie attribute. Therefore, if you are testing your app app over HTTP (instead of HTTPS), the client will not send the cookie in subsequent requests. (See also the cookie documentation.) How can I serve a downloadable file with Falcon? In the on_get() responder

– I’m setting a response body, but it isn’t getting returned. What’s going on? – I’m setting a cookie, but it isn’t being returned in subsequent requests. – How can I serve a downloadable file with bug! Let us know so we can help. I’m setting a cookie, but it isn’t being returned in subsequent requests. By default, Falcon enables the secure cookie attribute. Therefore, if you are testing your app app over HTTP (instead of HTTPS), the client will not send the cookie in subsequent requests. (See also the cookie documentation.) How can I serve a downloadable file with Falcon? In the on_get() responder