goweb session control

Session control

HTTP is a stateless protocol. The server cannot record the browser's access status, that is, the server does not
It can distinguish whether the two requests are made by one client. Such a design seriously hinders the design of Web programs.
For example, we bought a pair of trousers and a mobile phone when we went online shopping. Because the http protocol is stateless,
Without other means, the server can't know what the user bought. And cookies are the solution
One of.

Cookie

brief introduction

A Cookie is actually a piece of information that the server saves on the browser. When the browser has cookies,
Each time a request is sent to the server, the information will be sent to the server at the same time. After the server receives the request, it can
Process the request based on this information.

How cookies work

  1. Create cookies on the server side the first time a request is sent to the server
  2. Send cookies created on the server side to the browser as response headers
  3. If you send the request later, the browser will carry the Cookie
  4. After the server gets the Cookie, it distinguishes different users according to the Cookie information

Create a Cookie and send it to the browser

  1. Create a Cookie on the server and send it to the browser
    Server side code
func handler(w http.ResponseWriter, r *http.Request) {
cookie1 := http.Cookie{
Name: "user1",
Value: "admin",
HttpOnly: true,
}
cookie2 := http.Cookie{
Name: "user2",
Value: "superAdmin",
HttpOnly: true,
}
//Send the Cookie to the browser, i.e. add the first Cookie
w.Header().Set("Set-Cookie", cookie1.String())
//Add another Cookie
w.Header().Add("Set-Cookie", cookie2.String())
}

Contents of browser response message

HTTP/1.1 200 OK
Set-Cookie: user1=admin; HttpOnly
Set-Cookie: user2=superAdmin; HttpOnly
Date: Sun, 12 Aug 2018 07:24:49 GMT
Content-Length: 0
Content-Type: text/plain; charset=utf-8
  1. In the future, every time a request is sent, the browser will carry a Cookie
GET /cookie HTTP/1.1
Host: localhost:8080
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.62
Safari/537.36
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/
apng,*/*;q=0.8
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7
Cookie: user1=admin; user2=superAdmin
  1. In addition to the Set and Add methods, Go provides a faster way to Set cookies,
    Through the SetCookie method in the net/http Library

Modify the code in 1)

func handler(w http.ResponseWriter, r *http.Request) {
cookie1 := http.Cookie{
Name: "user1",
Value: "admin",
HttpOnly: true,
}
cookie2 := http.Cookie{
Name: "user2",
Value: "superAdmin",
HttpOnly: true,
}
http.SetCookie(w, &cookie1)
http.SetCookie(w, &cookie2)
}

Read cookies

Since the Cookie is in the Request header when we send the Request, we can use the
Header field to get cookies

  1. Processor side code
func handler(w http.ResponseWriter, r *http.Request) {
//Get Cookie in request header
cookies := r.Header["Cookie"]
fmt.Fprintln(w, cookies)
}
  1. Results in browser

[user1=admin; user2=superAdmin]

Set the effective time of cookies

Cookie s are session level by default. When the browser is closed, the cookies will fail. We can use cookies
The MaxAge field of the structure sets the effective time of the Cookie

  1. Processor side code
func handler(w http.ResponseWriter, r *http.Request) {
cookie := http.Cookie{
Name: "user",
Value: "persistAdmin",
HttpOnly: true,
MaxAge: 60,
}
//Send cookies to browser
w.Header().Set("Set-Cookie", cookie.String())
}
  1. Contents of browser response message
HTTP/1.1 200 OK
Set-Cookie: user=persistAdmin; Max-Age=60; HttpOnly
Date: Sun, 12 Aug 2018 07:32:57 GMT
Content-Length: 0
Content-Type: text/plain; charset=utf-8

Use of cookies

  1. Advertisement recommendation
  2. No login

Session

brief introduction

There is a very big limitation in using cookies, that is, if there are many cookies, customers will be increased invisibly
The amount of data transmission between the server and the server. And because of the limit of the number of cookies, we can't
Too much information is saved in the Cookie, so Session appears.

The function of Session is to save some user's data on the server side, and then pass it to the user for a special purpose
This Cookie corresponds to a Session in this server, through which you can obtain the security
Save the Session of user information, and then know that the user sends the request again.

How Session works

  1. The first time a request is sent to the server, a Session is created, and a globally unique ID is set for it (you can use the
    UUID generation)
  2. Create a Cookie, set the Value of the Cookie to the ID Value of the Session, and send the Cookie
    To browsers
  3. If you send the request later, the browser will carry the Cookie
  4. The server gets the Cookie and finds the corresponding Session in the server according to its Value value Value, which is known
    The user sent the request

Tags: Go Session xml Mobile Windows

Posted on Sun, 12 Jan 2020 06:49:01 -0500 by mwdrago