Cookie
它是標準的客戶端瀏覽器狀態保存方式,可能在瀏覽器誕生不久就有Cookie了,為什么需要Cookie 這個東東?由于HTTP協議沒有狀態,所以需要一個標志/存儲來記錄客戶瀏覽器當前的狀態,保證客戶瀏覽器和服務器通訊時可以知道客戶瀏覽器當前的狀態。Cookie就是記錄這個狀態的容器,Cookie在每次請求的時候都被帶回到服務器,從而保證了Server可以知道瀏覽器當前的狀態,由于Cookie會被帶回到Server,所以Cookie的內容不能存太多,最多不能超過4K,4K 限制的介紹 http://ec.europa.eu/ipg/standards/cookies/index_en.htm
其中一段內容為:
A browser is only required to store up to 300 cookies overall and maintain only the last 20 from each domain. The maximum size of a cookie is 4K of disk space.
但是在一些場景下可能需要存儲超過4K或者更多的數據,但是這些數據不用在每次請求的時候被帶回到服務器,只要能在客戶的瀏覽器上保存住,并且可以方便的被Javascript讀寫就可以了,這種需求尤為在中大型RIA的應用場景下更加的迫切,部分數據放在客戶瀏覽器,節約帶寬,提高瀏覽速度。HTML5標準已經替我們想到了滿足這種需求的方案:sessionStorage , webSqlDatabase, 微軟的IE 有 userData 方案。
userData
微軟對USERDATA的介紹: http://msdn2.microsoft.com/en-us/library/ms531424(VS.85).aspx
其中一段內容為:
Security Alert:For security reasons, a UserData store is available only in the same directory and with the same protocol used to persist the store.
Security Alert:Using this behavior incorrectly can compromise the security of your application. Data in a UserData store is not encrypted and therefore not secure. Any application that has access to the drive where UserData is saved has access to the data. Therefore, it is recommended that you not persist sensitive data like credit card numbers. For more information, see Security Considerations: DHTML and Default Behaviors.
……
The userData behavior persists data across sessions, using one UserData store for each object. The UserData store is persisted in the cache using the save and load methods. Once the UserData store has been saved, it can be reloaded even if Microsoft Internet Explorer has been closed and reopened.
Setting the userData behavior class on the html, head, title, or style object causes an error when the save or load method is called.
userData可以在同目錄同協議下相互訪問,長期存儲在客戶機器上。最大存儲空間也增大了很多。userData需要綁定到一個Dom元素上使用。在userData的method中有removeAttribute方法。經過測試代碼發現removeAttribute方法好像不是很管用,需要使用像cookie過期的方式,才可以徹底的刪除一個userData Attribute。
在 http://www.itwen.com/04web/11skill/skill20060918/60588.html 中介紹說userData存儲在X:/Documents and Settings/當前用戶/UserData/ 目錄下。具體細節MS在userData說明文檔中沒有具體說明。
sessionStorage
HTML5 標準對 sessionStorage的介紹: http://www.whatwg.org/specs/web-apps/current-work/
其中對 sessionStorage 的介紹:
This specification introduces two related mechanisms, similar to HTTP session cookies [RFC2965], for storing structured data on the client side.
The first is designed for scenarios where the user is carrying out a single transaction, but could be carrying out multiple transactions in different windows at the same time.
Cookies dont really handle this case well. For example, a user could be buying plane tickets in two different windows, using the same site. If the site used cookies to keep track of which ticket the user was buying, then as the user clicked from page to page in both windows, the ticket currently being purchased would "leak" from one window to the other, potentially causing the user to buy two tickets for the same flight without really noticing.
To address this, this specification introduces the sessionStorage DOM attribute. Sites can add data to the session storage, and it will be accessible to any page from that origin opened in that window.
Html5 sessionStorage Demo: http://html5demos.com/storage
下面是根據 http://www.blogjava.net/emu/archive/2006/10/04/73385.html 中提到的IE FF 兼容userData的測試代碼:
新聞熱點
疑難解答
