This guide outlines interview focus points, core definitions, and deep analysis of Cookie, Session, and Token (JWT), compares their storage, security, scalability, and cross‑origin support, and provides high‑frequency follow‑up questions, common variants, memory mnemonics, and selection principles for Java authentication.
This article explains how HTTP's stateless nature leads to the use of cookies, sessions, tokens, and JWTs for authentication, comparing their mechanisms, security trade‑offs, and practical interaction flows with clear diagrams.
This article walks through creating performance‑test data with Excel and a Python script, troubleshooting cookie handling issues in Java web applications, and building a complete JMeter test plan—including thread groups, CSV data sets, and assertions—to validate an e‑business login flow.
This guide explains why maintaining login state is essential for API automation, details the classic Session‑Cookie mechanism, shows how to simulate it with Python's requests.Session, explores token‑based alternatives like JWT, and provides best‑practice tips and debugging techniques.
This article explains the fundamentals of authentication, authorization, and credentials, compares cookies, sessions, and tokens, introduces JWT structure and usage, discusses common security concerns, and outlines practical solutions for distributed systems and modern web applications.
This guide shows how to use Python, Selenium, and requests to log into QQ Space, retrieve authentication cookies, compute the required g_tk token, fetch the full friend list via QQ's API, identify users who have blocked you, and optionally blacklist them automatically.
This article demystifies authentication concepts—Cookie, Session, Token, JWT, and OAuth2—using clear analogies, explains their inner workings, advantages, drawbacks, and provides practical guidance on when to choose each mechanism for modern web applications.
This article demystifies the differences between Cookie, Session, Token, JWT, and OAuth2, explains their underlying mechanisms, shows practical Spring code examples, compares their security properties and suitable scenarios, and provides clear guidance on choosing the right authentication strategy for modern web applications.
This article explains the Cookie + Session mechanism for maintaining user state, discusses its limitations such as size, performance and security, examines challenges in distributed environments, and reviews common solutions including session replication, sticky load balancing, centralized storage, and the use of ThreadLocal for small‑scale backend applications.
This guide explains how to create a seamless auto‑login feature by persisting a token in a cookie after the first successful login, storing the token in Redis, and validating it on subsequent visits, complete with Java Spring code examples.
This article explains the PHP setcookie function, detailing its syntax, parameters, and practical examples for setting cookies with various attributes such as expiration time, path, domain, security, and HttpOnly flags.
This article explains the limitations of traditional Cookie+Session authentication, explores distributed session sharing techniques such as replication, sticky sessions, and centralized storage, and demonstrates why using ThreadLocal can simplify user state management in a web application like the Echo project.
The article examines a single sign‑on loop‑login problem caused by Secure‑flagged cookies being set over HTTP, explains how missing tokens trigger endless redirects, and recommends enforcing HTTPS or using a non‑Secure auxiliary token to break the redirect cycle.
This article demonstrates how oversized cookies and their attributes—expires, domain, path, and protocol—can be abused to inflate HTTP headers, trigger server‑side request‑size limits, and launch stealthy denial‑of‑service attacks via XSS and man‑in‑the‑middle techniques.
This article traces the evolution of login authentication across system architectures—from monolithic apps using cookies and sessions, through front‑end/back‑end separation and CORS, to distributed systems employing SSO and stateless JWT, highlighting their mechanisms, challenges, and trade‑offs.
This article explains what CSRF attacks are, how they exploit authenticated browsers through forged requests, outlines the three essential conditions for a successful attack, and presents practical defense measures such as token validation, cookie handling, secondary authentication, and code examples in Java and JSP.
This article explains the principles of CSRF attacks and provides practical PHP techniques to prevent them, including token generation and verification, checking Referer and Origin headers, configuring secure cookie attributes, and ensuring safe login and logout processes.
This article presents a practical solution to overcome login obstacles in UI and HTTP API automation by converting short‑lived cookies into permanent ones through a micro‑service, enabling continuous end‑to‑end automated testing without manual re‑login.
An in‑depth look at the decades‑long curl vulnerability discovered by Daniel Stenberg, tracing its origins in early cookie handling, the dual‑syntax challenges of RFC 6265, the 2022 security report, and the eventual fix that finally closed a 23.9‑year‑old bug.
The article recounts the 23.9‑year‑long curl vulnerability discovered by Daniel Stenberg, detailing the early implementation of cookie handling, the challenges of dual cookie syntax, the security bug involving control‑code cookies, and the eventual fix released after nearly nine thousand days.
This article explains the fundamentals of authentication and authorization, the role of credentials, the differences between cookies and sessions, various token types including access and refresh tokens, and the principles, usage, and security considerations of JSON Web Tokens (JWT).
This article explains the fundamentals of authentication and authorization, the role of credentials, how cookies and sessions manage state, the differences between tokens, JWT and traditional session mechanisms, and practical considerations and best practices for secure implementation in web applications.
This article recounts the 23.9‑year lifespan of a curl cookie handling vulnerability, tracing its origins in 1998, the evolution of cookie specifications, the discovery of the CVE‑2022‑35252 bug, and the eventual fix that finally eliminated the flaw after nearly 9,000 days.
The article recounts how a flaw introduced in curl 4.9's cookie engine in 1998 persisted for 23.9 years, why the dual‑syntax cookie RFC caused confusion, how the bug allowed control‑character cookies to be sent, and how a simple reject‑bytes patch finally fixed CVE‑2022‑35252.
The article recounts the 23.9‑year‑long history of a curl cookie handling vulnerability, explains how ambiguous cookie specifications caused a dual‑syntax challenge, describes the CVE‑2022‑35252 bug and its simple fix, and reflects on the broader implications for HTTP security.
This tutorial shows how to create reusable PHP functions for reading, writing, and managing cookies and session data, including helper utilities to streamline backend web development by abstracting common operations and handling expiration, paths, and nested session keys.
This article explains how to create a Python‑based auto‑like robot for web sites by simulating login, handling cookies, and sending POST requests to platform APIs, while also covering common challenges like captchas and IP anti‑scraping measures.
This article compares cookies, server-side sessions, and JWT tokens, explaining their mechanisms, advantages, drawbacks, and best-use scenarios for web authentication, load‑balanced environments, and mobile applications, while also addressing security concerns such as CSRF and token storage.
This article explains the fundamentals of web session management, compares server‑side, cookie‑based, and token‑based storage methods, discusses authentication versus authorization, and outlines security considerations and best‑practice recommendations for managing user sessions in modern web applications.
This article explains the concepts of authentication and authorization, the role of credentials, the differences between cookies and sessions, various session‑sharing strategies, token‑based authentication including JWT, common security algorithms and practical considerations for implementing secure access control in web applications.
This article compares three browser storage options for JWT—Cookie, localStorage, and sessionStorage—examining how each works, their automatic handling, and security implications such as CSRF and XSS, ultimately recommending Cookies with proper SameSite and HttpOnly settings for stronger protection.
This article compares three browser storage options for JWT—Cookie, localStorage, and sessionStorage—examining their automatic transmission, CSRF and XSS vulnerabilities, and security configurations such as SameSite and HttpOnly to help developers choose the safest method.
This article explains why UIWebView was deprecated, how WKWebView improves performance and memory usage, details its multi‑process architecture, outlines page loading flow, delegate methods, container design, caching strategies, cookie handling across processes, and solutions for white‑screen crashes in iOS apps.
This article explains the fundamentals of authentication, authorization, and credentials, compares cookies, sessions, and tokens, details token types such as access and refresh tokens, introduces JWT principles and usage, and discusses security considerations and distributed session‑sharing strategies for modern web applications.
This article explains the fundamentals of authentication, authorization, and credentials, compares cookies, sessions, and token‑based approaches, discusses token and JWT structures, outlines common authentication patterns, and provides practical guidance on their use and pitfalls in distributed systems.
This article explains the fundamentals of single sign‑on in web applications and compares three practical implementations—parent‑domain cookies, a dedicated authentication center, and a front‑end driven LocalStorage solution—detailing their mechanisms, advantages, and limitations.
This article explains the principle of single sign‑on and compares three implementation techniques—parent‑domain cookies, a dedicated authentication centre, and cross‑domain LocalStorage—detailing their mechanisms, advantages, limitations, and providing sample code for the LocalStorage approach.
This article provides a concise tutorial on Flask, covering installation, basic routing, custom converters, redirects, error handling, JSON responses, cookie and session management, and configuration techniques, all illustrated with clear code examples and screenshots for rapid web development.
This article compares the mechanisms of Cookie, Session, and JWT token for user authentication, explaining their histories, workflows, scalability challenges, security trade‑offs, and best‑practice scenarios such as single sign‑on, mobile access, and CSRF protection.
This article explains the evolution from cookies to server‑side sessions and finally to JWT tokens, compares their mechanisms, discusses scalability and security challenges such as CSRF, and provides guidance on when to choose each authentication method.
This article explains three practical Single Sign‑On implementations—parent‑domain cookies, a dedicated authentication center, and cross‑domain LocalStorage—detailing their mechanisms, advantages, limitations, and code examples for secure token sharing across multiple web applications.
This article explains how Single Sign‑On works in browser‑server applications, compares three implementation methods—parent‑domain cookies, a dedicated authentication center, and cross‑domain LocalStorage with iframe/postMessage—and provides sample code for the latter technique.
This tutorial explains how to analyze the Mayi short‑rent website, overcome its anti‑scraping defenses by setting appropriate Cookie and User‑Agent headers, and use Python's urllib2 and BeautifulSoup to extract rental details, store them in CSV, and optionally employ Selenium.
This article explains three practical SSO implementation methods—using a parent‑domain cookie, deploying an authentication center, and leveraging LocalStorage with iframe/postMessage—to share session IDs or tokens across multiple web applications, discussing their advantages, limitations, and code examples.
This article explains the fundamental concepts of authentication and authorization, the role of credentials, how cookies and sessions manage state, the differences between tokens and JWTs, common security mechanisms, and practical considerations for implementing them in web applications.
This article explains the principles of Single Sign-On, compares three implementation methods—parent‑domain cookies, a dedicated authentication center, and cross‑domain LocalStorage with token sharing—and provides code examples and practical considerations for each approach.
This article explains three practical methods for achieving Single Sign‑On in web systems—using a parent‑domain cookie, deploying a dedicated authentication center, and leveraging front‑end LocalStorage with iframe postMessage—to share session or token information across multiple domains.
This article explains the fundamentals of authentication and authorization, the roles of credentials, cookies, sessions, various token types including access and refresh tokens, and details the structure, generation, and usage of JWTs, while comparing security considerations and distributed session sharing strategies.
This article explores the inner workings of Java HttpSession in Tomcat, explains how sessions are stored in a thread‑safe map, examines the relationship between sessions and cookies, and investigates why browsers share cookies across different ports on the same host, leading to unexpected session behavior.
This cheat sheet provides a concise reference for Laravel's Cookie helper functions, showing how to retrieve, create, queue, and delete cookies, as well as how to send cookies with responses and configure unencrypted cookies, complete with ready-to-use code examples.
This tutorial walks you through using Selenium to automatically log into the Chouti website, extract authentication cookies, and programmatically send upvote requests, complete with preparation steps, mechanism explanation, code snippets, and visual results.
This article explains why WeChat Mini Programs need a custom cookie solution, details the browser cookie model, and provides a step‑by‑step implementation using the Mini Program Storage and Network APIs, including code samples, performance tips, testing, and security considerations.
When a user moves from an anonymous to a logged-in state, maintaining consistent feature‑flag behavior—such as discount eligibility—requires strategies like assigning a persistent visitor ID via cookies to link the two sessions and ensure a seamless experience.
This article explains the fundamental differences between cookies, sessions, and tokens, outlines how each works in web authentication, compares their security and performance trade‑offs, and offers practical guidance on storage, encryption, and best practices for implementing token‑based authentication.
This guide shows how to disable HttpClient's automatic cookie handling, manually extract and store Set‑Cookie headers, and bind cookies to individual user objects so that multi‑user, multi‑threaded API tests can simulate concurrent logins reliably.
This guide shows how to circumvent login captchas in Python web automation by extracting cookies or launching browsers with saved profiles, covering driver setup, Chrome and Firefox configuration, and practical examples for sites like Baidu and Jianshu.
This article explains the differences between JSP and Servlets, lists JSP built‑in objects and scopes, compares Session and Cookie mechanisms, describes session operation and alternatives when cookies are disabled, contrasts Spring MVC with Struts, and outlines common web security measures such as preventing SQL injection, XSS, and CSRF attacks.
This article explains how to create a first‑login guided tour using the intro.js plugin in a Bootstrap project, configure its options, and employ cookies to display the tour only on the user’s initial visit.
This article demonstrates how to use WebDriver (Selenium) to automate login, capture and reuse cookies, and programmatically interact with a topology page to save node coordinates, providing step‑by‑step code examples for initializing drivers, handling authentication, setting cookies, and iterating over multiple pages.
This article explains why plain‑HTTP traffic is vulnerable, outlines encryption tricks, describes file‑path traversal, DNS spoofing, proxy risks, HTTP error codes, POST data formats, cookie security, CSRF, XSS, JSONP, and CORS, and provides practical mitigation techniques for each threat.
This article explains how to implement a shopping cart in Java by handling four login scenarios, defining BuyerCart and BuyerItem beans, using JavaScript and Spring MVC controllers to add items, persisting cart data in cookies or Redis, converting objects to JSON with ObjectMapper, managing sessions, and validating stock before checkout.
This article walks through an eight‑step JWT authentication flow, explaining how to securely transmit user IDs via cookies, verify tokens on each request, compare JWT with traditional session storage, and configure domain‑wide cookies for single sign‑on across subdomains.
This article explains the fundamentals of HTTP Session and Cookie mechanisms in Java web applications, provides a minimal Spring Boot controller example that stores and retrieves a browser identifier via session, demonstrates behavior across Chrome and 360 browsers, and highlights the security risk of tampering with the JSESSIONID cookie.
This article introduces WKWebView, compares it with the legacy UIWebView in terms of performance and memory usage, explains usage patterns, delegate protocols, JavaScript‑Native interaction, common pitfalls such as cookie handling, process crashes, caching, and offers practical solutions and best‑practice recommendations for iOS developers.
This article explains why a Go http.Client does not automatically carry cookies during redirects, how the default redirect logic works for different HTTP methods, and how to enable cookie storage with CookieJar or disable redirects using CheckRedirect.
This article explains why adding a load balancer can break session continuity, compares sticky sessions, session replication, centralized stores, and cookie‑based approaches, and outlines the advantages and drawbacks of each method for maintaining reliable user sessions in a server cluster.
This article explains the concept of Single Sign-On (SSO), why it’s essential for large web platforms, the core steps of storing and validating trust, common cookie‑based approaches, their security drawbacks, and how server‑side solutions using distributed caches and digital signatures can provide a robust, cross‑domain authentication system.
