I'm just starting to learn web application development using python. I am coming in 'cookies' and 'session' words. I understand the cookies that they store certain information in a valuable value pair on the browser. But I have some confusion about the session, in the session also we store the data in a cookie on the user's browser. For example - I login using username = 'rasmus' and password = 'default' . In such a case, the data will be posted on the server, which should be checked and logged in if I get certified. However, during the entire process the server generates a session ID which will be stored in a cookie on my browser. Now the server also stores this session ID in its file system or datastore.
But how will my username be known during my subsequent traversal through the site, based on session ID? Does it store data on the server such as a duct where the key is a session ID, and such as username , email etc?
I'm getting confused here, need help.
Because HTTP is otherwise related to requesting another request, the user between HTTP requests One way to store data
There are two appropriate ways of transferring data between two or more requests for cookies or URL parameters (for example). Although they are not good if you do not want to make that data readable / editable on the client side.
The solution is to store the data server side, give it "id" and this client only knows (and back to every HTTP request) that the IDs you go there, the sessions apply or you You can use the client as a convenient remote storage, but you will encrypt the data and keep the secret server side.
Of course, there are other aspects to consider, as you do not want people to hijack other sessions, you want that the sessions do not end forever, but at the end, and so on.
In your specific example, the user ID is stored in the user ID (your user database may have a user name or other unique ID) after the successful identification of the session data, server-side then every HTTP request received from the client For, session ID (provided by the client) will point you to the correct session data (stored by the server) that includes the authenticated user ID - the way your code is detected Singing the user is talking
Comments
Post a Comment