什么是会议?它们如何运作? [英] What are sessions? How do they work?

问题描述

我才刚刚开始使用python学习Web应用程序开发.我遇到了术语"cookies"和"sessions".我了解Cookie，因为它们在浏览器上的键值对中存储了一些信息.但是我对会话有一些困惑，在会话中，我们也将数据存储在用户浏览器的cookie中.

I am just beginning to start learning web application development, using python. I am coming across the terms 'cookies' and 'sessions'. I understand cookies in that they store some info in a key value pair on the browser. But I have a little confusion regarding sessions, in a session too we store data in a cookie on the user's browser.

例如-我使用username='rasmus'和password='default'登录.在这种情况下，数据将被发布到服务器，如果经过身份验证，该服务器应检查并登录我.但是，在整个过程中，服务器还会生成一个会话ID，该会话ID将存储在我的浏览器中的cookie中.现在，服务器还将此会话ID存储在其文件系统或数据存储中.

For example - I login using username='rasmus' and password='default'. In such a case the data will be posted to the server which is supposed to check and log me in if authenticated. However during the entire process the server also generates a session ID which will be stored in a cookie on my browser. Now the server also stores this session ID in its file system or datastore.

但是仅基于会话ID，在以后遍历该网站时如何知道我的用户名?它是否将数据存储在服务器上作为dict，其中密钥将是会话ID，而username，email等详细信息是值?

But based on just the session ID, how would it be able to know my username during my subsequent traversal through the site? Does it store the data on the server as a dict where the key would be a session ID and details like username, email etc. be the values?

我在这里很困惑.需要帮助.

I am getting quite confused here. Need help.

推荐答案

由于HTTP是无状态的，因此为了将请求与任何其他请求相关联，您需要一种在HTTP请求之间存储用户数据的方法.

Because HTTP is stateless, in order to associate a request to any other request, you need a way to store user data between HTTP requests.

Cookie或URL参数(例如，例如 http://example.com/myPage ?asd = lol& boo = no )都是在2个或更多请求之间传输数据的合适方法. 但是，如果您不希望在客户端对数据进行可读/可编辑的话，那么它们就不好用了.

Cookies or URL parameters ( for ex. like http://example.com/myPage?asd=lol&boo=no ) are both suitable ways to transport data between 2 or more request. However they are not good in case you don't want that data to be readable/editable on client side.

解决方案是存储该数据服务器端，给它一个"id"，然后让客户端只知道该ID(并在每个http请求传回).到这里，会议已实施.或者，您可以将客户端用作方便的远程存储，但是您可以对数据进行加密并保留秘密的服务器端.

The solution is to store that data server side, give it an "id", and let the client only know (and pass back at every http request) that id. There you go, sessions implemented. Or you can use the client as a convenient remote storage, but you would encrypt the data and keep the secret server-side.

当然，还有其他方面需要考虑，例如您不希望人们劫持其他用户的会话，您希望会话不会永远持续下去而是要终止，等等.

Of course there are other aspects to consider, like you don't want people to hijack other's sessions, you want sessions to not last forever but to expire, and so on.

在您的特定示例中，成功识别后，用户ID(可以是用户名或用户数据库中的另一个唯一ID)存储在服务器端的会话数据中.然后，对于您从客户端收到的每个HTTP请求，会话ID(由客户端提供)会将您指向包含经过身份验证的用户ID的正确会话数据(由服务器存储)，这样您的代码就会知道该用户是哪个用户正在与之交谈.

In your specific example, the user id (could be username or another unique ID in your user database) is stored in the session data, server-side, after successful identification. Then for every HTTP request you get from the client, the session id (given by the client) will point you to the correct session data (stored by the server) that contains the authenticated user id - that way your code will know what user it is talking to.

这篇关于什么是会议?它们如何运作?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！