w在每个URL后面都附加一个用户特有的标识码. HTTP The Definitive Guide Some web sites keep track of user identity by generating special versions of each URL for each user. Typically, a real URL is extended by adding some state information to the start or end of the URL p…

w服务器要知道和谁在交谈. HTTP The Definitive Guide Web servers may talk to thousands of different clients simultaneously. These servers often need to keep track of who they are talking to, rather than treating all requests as coming from anonymous clients. This…

http://www.chromium.org/Home/chromium-security/client-identification-mechanisms Chromium‎ > ‎Chromium Security‎ > ‎ Technical analysis of client identification mechanisms Written by Artur Janc <aaj@google.com> and Michal Zalewski <lcamtuf@g…

w HTTP The Definitive Guide Cookies can be used to track users as they make multiple transactions to a web site. E-commerce web sites use session cookies to keep track of users' shopping carts as they browse. Let's take the example of the popular sho…

HTTP The Definitive Guide Early web pioneers tried using the IP address of the client as a form of identification. This scheme works if each user has a distinct IP address, if the IP address seldom (if ever) changes, and if the web server can determi…

w HTTP The Definitive Guide Cookies themselves are not believed to be a tremendous security risk, because they can be disabled and because much of the tracking can be done through log analysis or other means. In fact, by providing a standardized, scr…

w HTTP The Definitive Guide 11.6.9 Cookies and Caching You have to be careful when caching documents that are involved with cookie transactions. You don't want to assign one user some past user's cookie or, worse, show one user the contents of someon…

w https://www.zhihu.com/question/35307626 w 0-客户端(附加用户信息)首次请求服务端--->服务端生成session(有唯一性).session_id,cookie(可能含有用户名.登录密码.浏览历史),并且设定cookie的生命周期.适用域名.适用域名下的路径 1-上述客户端(附加用户信息)再次请求服务端 1-0-客户端禁用cookie,客户端页面跳转或者post/get至服务端时,会同时request session_id至服务端 1-1-客户端不…

HTTP The Definitive Guide Cookies are the best current way to identify users and allow persistent sessions. They don't suffer many of the problems of the previous techniques, but they often are used in conjunction with those techniques for extra valu…

用户信息通过HTTP头部承载:不能实现用户唯一性标识. w HTTP The Definitive Guide Table 11-1 shows the seven HTTP request headers that most commonly carry information about the user. We'll discuss the first three now; the last four headers are used for more advanced identific…