cookie用法:
/*
cookie:不安全,有限(4k),存在浏览器
读取:cookie-parser
发送:
*/
const express = require('express');
const cookieparser = require('cookie-parser');
let server = express();
server.use(cookieparser('kkllmmnnjj'));//读取cookie
server.use('/', function(req, res) {
req.secret = 'kkllmmnnjj';//签名
res.cookie('ww', 'dd', {
path: '/a',
signed:true,//签名:防止篡改cookie值,
//签名的生成和验证是在服务器进行,可以看出来签名是否一致
});
/*
res.cookie(key,value,{
path:'哪个路径下有这个cookie',
maxAge:有效时间【单位为毫秒】,
signed:是否签名})
*/
console.log(req.signedCookies);//签名的cookie
console.log(req.cookies); //获取cookie 没有签名的
res.clearCookie('ww',{path:'/a'});//删掉cookie path一定要对上
res.send('oks');
});
server.listen(8045);
session用法:
/*
session:安全,存在服务器端,基于cookie存在,把sessionID种在cookie里
读取:cookie-session
发送:
隐患:session劫持
*/
const express = require('express');
const cookieparser = require('cookie-parser');
const cookiesession = require('cookie-session');
let server = express();
server.use(cookieparser());//读取cookie
server.use(cookiesession({
keys : ['as','fg','hj','we','qq','vb'],//秘钥
name:'test'
}));//
server.use('/', function(req, res) {
req.session['count']++;
console.log(req.session);
delete req.session.count;//删除session
console.log(req.session);
res.send('oks');
});
server.listen(8045);