HTTP会话跟踪 [英] HTTP Session Tracking
问题描述
由于HTTP是无状态协议,当客户端向服务器发出大量请求时,服务器如何在一段时间内唯一地标识特定客户端的请求,例如t1,t2,t3 ..
Since HTTP is a stateless protocol, when a client makes a number of requests to the server, how does the server uniquely identify a particular client's requests over a period of time say t1, t2, t3..
我浏览了网页并遇到了会话ID,网址重写和Cookie等字词。但如果有人以更好的方式解释它会很棒。具体来说,HTTP请求和响应的哪一部分将用于会话跟踪?
I browsed the web and came across terms like session id, URL rewriting and cookies. But it would be great if someone explains it in a better way. Specifically which part of the HTTP request and response would be used for session tracking?
推荐答案
正如您所提到的,实现HTTP的常用方法会话跟踪包括URL重写和cookie。会话跟踪基本上要求在对服务器的多个请求之间维护会话ID。这意味着每次给定客户端向服务器发出请求时,它都会传递相同的会话ID。服务器可以使用此ID来查找它维护的会话信息。
As you mentioned, common ways to implement HTTP session tracking include URL rewriting and cookies. Session tracking basically requires that a session ID is maintained across multiple requests to the server. This means that each time a given client makes a request to the server, it passes the same session ID. The server can use this ID to lookup the session information it maintains.
使用cookie时,服务器通过设置
When using cookies, the server asks the client to store a cookie by setting the Set-Cookie HTTP response header. This cookie contains the unique session ID assigned to that client - in this example the string 'ABAD1D':
Set-Cookie: JSESSIONID=ABAD1D;path=/
然后客户端使用<将cookie发送回服务器code> Cookie 每个请求都有HTTP请求标头,因此每个请求都会通知服务器当前分配给客户端的会话ID。
The cookie is then sent back to the server by the client using the Cookie HTTP request header on each request and thus the server is informed on each request the session ID currently assigned to the client.
Cookie: JSESSIONID=ABAD1D
使用网址重写时,相反,会在URL中的某处发送相同的会话ID。同样,服务器从URL中提取会话ID,以便它可以查找特定客户端的会话:
When using URL rewriting, this same session ID is instead sent somewhere in the URL. Again, the server extracts the session ID from the URL so that it can lookup the session for a particular client:
http://my.app.com/index.jsp;JSESSIONID=ABAD1D
但是,服务器还必须制作确保发送回客户端的网页中的任何URL也被重写以包含该特定客户端会话ID。由于会话ID在URL中编码,因此这种会话跟踪方法对浏览器是透明的。如果服务器发现无法在客户端上设置会话cookie,则通常会使用URL重写 - 这意味着客户端不支持/允许cookie。
However, the server must also make sure that any URLs in the web pages sent back to the client are also rewritten to contain that particular clients session ID. As the session ID is encoded in the URLs, this method of session tracking is transparent to the browser. Often a server will resort to URL rewriting if it finds it is unable to set a session cookie on the client - implying that the client does not support/allow cookies.
注意会话可以过期。这意味着如果服务器在一段时间内没有看到给定的会话ID,它可能会删除会话数据以保留资源。
Note that sessions can expire. This means that if the server does not 'see' a given session ID for a period of time, it may remove the session data to preserve resources.
这篇关于HTTP会话跟踪的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
