（java 或 php）http-get 或 http-post 会话保持，session 验证原理

一直以来以为http-get或 http-post 进行session请求，通常都会被拦截到login，而无法跳过验证！

今天又仔细阅读了“session验证的基本原理” ，才知道原来是可以进行数据交互的，http请求示如下图所示：

用户登录以后，浏览器把用户名和密码提交到服务器进行校验，校验通过以后服务器会记录key->value的sessionid的记录mapping，同时浏览器会把sessionid记录到cookie中，以后所有本域名下的请求都带有该cookie 进行数据请求和登录验证，所以要垮浏览器或者垮客户端进行会话（session）保持则只需要加入cookie的验证sessionid值，即可~

o(︶︿︶)o 唉，基础知识很重要啊！

java 会话保持代码：

public class SessionGetInfo {
    //login sessionid cookie
    private static String cookie ="acw_tc=65c86a0c15390488435707740e37f71e9b554877da49da16f26c522bb9a76c; UM_distinctid=16689e05f954a-092d016c07e82d-454c092b-1fa400-16689e05f96270; JSESSIONID=F87E3D205CA534A31DB9EC0F17E026D6.jboss1; Hm_lvt_ef045bf50b01b351e1c52c334e160018=1539911479,1540001575,1540002882; token=eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxODY2MzEzMDYxNyIsImlhdCI6MTU0MDAwMjg4M30.bu2uqoDmOYyZh8OsrRQwWOTu01EbS8HxHRDISC5EOrfhQ37cS6RRxxPK4snU2JOIa-ns1fkgVbd3zv8m_nlj0w; Hm_lpvt_ef045bf50b01b351e1c52c334e160018=1540018627; CNZZDATA1260621316=910909643-1539911882-http%253A%252F%252Fapp.farmeasy.cn%252F%7C1540021991; SERVERID=e04a2a53c7a419899c5082cd401e516d|1540023544|1540002878";
    //verified URL
    private static String url ="http://app.cc.com?f=1&e=&d=0&s=-1";
    //get html
    public static void reqInfo(){
        try {
            String content = Request.Get(url)
                    .addHeader("Accept","*/*")
                    .addHeader("Cache-Control","max-age=0")
                    .addHeader("Connection","keep-alive")
                    .addHeader("Cookie",cookie)
                    .addHeader("Host","app.cc.com")
                    .addHeader("Upgrade-Insecure-Requests","1")
                    .version(HttpVersion.HTTP_1_1).execute().returnContent().asString();
             getUrls(content);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
    //parse html get a tag href
    public static void getUrls(String html){
        System.out.println(html);
    }
    //main
    public static void main(String args[]){
        reqInfo();
    }
}

php 会话保持代码:

<?php

//login sessionid cookie
$cookie="acw_tc=65c86a0c15390488435707740e37f71e9b554877da49da16f26c522bb9a76c; UM_distinctid=16689e05f954a-092d016c07e82d-454c092b-1fa400-16689e05f96270; JSESSIONID=F87E3D205CA534A31DB9EC0F17E026D6.jboss1; Hm_lvt_ef045bf50b01b351e1c52c334e160018=1539911479,1540001575,1540002882; token=eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxODY2MzEzMDYxNyIsImlhdCI6MTU0MDAwMjg4M30.bu2uqoDmOYyZh8OsrRQwWOTu01EbS8HxHRDISC5EOrfhQ37cS6RRxxPK4snU2JOIa-ns1fkgVbd3zv8m_nlj0w; Hm_lpvt_ef045bf50b01b351e1c52c334e160018=1540018627; CNZZDATA1260621316=910909643-1539911882-http%253A%252F%252Fapp.farmeasy.cn%252F%7C1540021991; SERVERID=e04a2a53c7a419899c5082cd401e516d|1540023544|1540002878";
//verified URL
$url="http://app.cc.com?f=1&e=&d=0&s=-1";
//request method
function reqInfo(){
	$opts = array(
		'http' => array(
			'method' => 'GET', 
			'header' => 'Content-type: application/x-www-form-urlencodedrn' ,
			'cookie' => $cookie
		)
	);
	$context = stream_context_create($opts);
	$html = file_get_contents($url, false, $context);
	echo $html;
}
//request
reqInfo();