Http requests are stateless, that is, neither the requester nor the responder in an Http request can maintain state, which is one-off, so we don't know what happened before and after the request. Therefore, we need the function of marking. The browser has too many restrictions such as sessionStorage, localStorage and global variables, so there are authentication operations such as cookie, session and token.
Cookie is also a way of front-end storage, but it is different from localStorage such as sessionStorage and local storage in that when the browser sends a request to the server, cooike will automatically pass it on, so that the front-end can not be aware of it and the probability of error is lower.
Process:
1. The browser sends a request to the server and sends data. The server receives the data, and then sets the cookie to put in the response header (Set-Cookie). When the browser receives the response, it will automatically store it in the cookie.
2. In each subsequent request, the browser will automatically set a cookie field in the request header and send it to the server.
Configuration:
1. domain/path
Cookie are used to limit the scope of space through two levels: domain/path.
2. Expired/Maximum Age
Cookie can also limit the time range through one of Expires and Max-Age.
3. Security/HttpOnly
Cookie can limit how they are used.
Http header read-write cookie:
The response will carry a Set-Cookie header, and a Set-Cookie can only set one Cookie in the format of Cookie key value+configuration key value. If you want to set more than one cookie at a time, we can write more set-cookie in the header.
When the browser requests the server, it is no longer necessary to send the configuration content, but only the key-value pair.
Front-end read and write operations on cookie:
If the cookie set by the server is not set)