{"id":10864,"date":"2025-08-07T13:15:38","date_gmt":"2025-08-07T06:15:38","guid":{"rendered":"https:\/\/mb668s.com\/cam-nang-7mb66-xoc-dia\/?p=10864"},"modified":"2026-04-02T09:31:01","modified_gmt":"2026-04-02T02:31:01","slug":"session-la-gi","status":"publish","type":"post","link":"https:\/\/mb668s.com\/cam-nang-7mb66-xoc-dia\/tu-van-nghe-nghiep\/session-la-gi","title":{"rendered":"Session l\u00e0 g\u00ec? C\u00e1ch l\u01b0u tr\u1eef v\u00e0 t\u1ed1i \u01b0u hi\u1ec7u su\u1ea5t s\u1eed d\u1ee5ng session"},"content":{"rendered":"\n

Khi m\u1ed9t trang web \u201cnh\u1edb\u201d \u0111\u01b0\u1ee3c b\u1ea1n l\u00e0 ai d\u00f9 b\u1ea1n \u0111\u00e3 chuy\u1ec3n sang trang kh\u00e1c, \u0111\u00f3 kh\u00f4ng ph\u1ea3i s\u1ef1 ng\u1eabu nhi\u00ean. Ph\u00eda sau s\u1ef1 li\u1ec1n m\u1ea1ch \u1ea5y l\u00e0 c\u01a1 ch\u1ebf duy tr\u00ec tr\u1ea1ng th\u00e1i m\u00e0 c\u00e1c l\u1eadp tr\u00ecnh vi\u00ean g\u1ecdi l\u00e0 Session l\u00e0 g\u00ec<\/strong> m\u1ed9t kh\u00e1i ni\u1ec7m kh\u00f4ng m\u1edbi nh\u01b0ng th\u01b0\u1eddng b\u1ecb hi\u1ec3u sai. \u0110\u1ec3 hi\u1ec3u c\u00e1ch c\u00e1c website qu\u1ea3n l\u00fd ng\u01b0\u1eddi d\u00f9ng m\u1ed9t c\u00e1ch k\u00edn \u0111\u00e1o, b\u1ea1n c\u1ea7n b\u1eaft \u0111\u1ea7u t\u1eeb ch\u00ednh phi\u00ean l\u00e0m vi\u1ec7c n\u00e0y.<\/p>\n\n\n\n

\"Session<\/figure>\n\n\n\n

Session l\u00e0 g\u00ec trong l\u1eadp tr\u00ecnh web<\/h2>\n\n\n\n

Session l\u00e0 m\u1ed9t \u201cphi\u00ean l\u00e0m vi\u1ec7c\u201d t\u1ea1m th\u1eddi \u0111\u01b0\u1ee3c t\u1ea1o ra khi ng\u01b0\u1eddi d\u00f9ng t\u01b0\u01a1ng t\u00e1c v\u1edbi website. Trong m\u00f4i tr\u01b0\u1eddng HTTP v\u1ed1n kh\u00f4ng l\u01b0u tr\u1ea1ng th\u00e1i (stateless), m\u1ed7i l\u1ea7n ng\u01b0\u1eddi d\u00f9ng g\u1eedi y\u00eau c\u1ea7u (request), server s\u1ebd x\u1eed l\u00fd nh\u01b0 th\u1ec3 \u0111\u00f3 l\u00e0 m\u1ed9t ng\u01b0\u1eddi ho\u00e0n to\u00e0n m\u1edbi. \u0110\u1ec3 kh\u1eafc ph\u1ee5c \u0111i\u1ec3m h\u1ea1n ch\u1ebf n\u00e0y, session \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng nh\u1eb1m l\u01b0u l\u1ea1i th\u00f4ng tin c\u1ea7n thi\u1ebft gi\u1eefa c\u00e1c l\u1ea7n truy c\u1eadp li\u00ean ti\u1ebfp.<\/p>\n\n\n\n

\n

M\u1ed7i session l\u00e0 m\u1ed9t c\u00e2y c\u1ea7u t\u1ea1m th\u1eddi gi\u1eefa client v\u00e0 server.<\/strong><\/strong><\/p>\n<\/blockquote>\n\n\n\n

C\u1ee5 th\u1ec3, session gi\u00fap m\u00e1y ch\u1ee7 \u201cnh\u1edb\u201d ng\u01b0\u1eddi d\u00f9ng l\u00e0 ai, \u0111ang l\u00e0m g\u00ec, \u0111\u00e3 \u0111\u0103ng nh\u1eadp hay ch\u01b0a, \u0111ang gi\u1eef g\u00ec trong gi\u1ecf h\u00e0ng ho\u1eb7c \u0111ang \u1edf b\u01b0\u1edbc n\u00e0o trong quy tr\u00ecnh \u0111\u1eb7t h\u00e0ng. Nh\u1edd \u0111\u00f3, tr\u1ea3i nghi\u1ec7m s\u1eed d\u1ee5ng \u0111\u01b0\u1ee3c duy tr\u00ec li\u1ec1n m\u1ea1ch, c\u00e1 nh\u00e2n h\u00f3a v\u00e0 b\u1ea3o m\u1eadt h\u01a1n.<\/p>\n\n\n\n

Session th\u01b0\u1eddng \u0111\u01b0\u1ee3c qu\u1ea3n l\u00fd t\u1ea1i ph\u00eda server, c\u00f2n ph\u00eda client ch\u1ec9 gi\u1eef l\u1ea1i m\u1ed9t m\u00e3 \u0111\u1ecbnh danh (session ID) th\u00f4ng qua cookie. Khi ng\u01b0\u1eddi d\u00f9ng g\u1eedi y\u00eau c\u1ea7u ti\u1ebfp theo, session ID s\u1ebd gi\u00fap server truy xu\u1ea5t \u0111\u00fang d\u1eef li\u1ec7u li\u00ean quan \u0111\u1ebfn phi\u00ean \u0111\u00f3. Ch\u00ednh nh\u1edd c\u01a1 ch\u1ebf n\u00e0y m\u00e0 session tr\u1edf th\u00e0nh m\u1ed9t ph\u1ea7n kh\u00f4ng th\u1ec3 thi\u1ebfu trong l\u1eadp tr\u00ecnh web hi\u1ec7n \u0111\u1ea1i.<\/p>\n\n\n\n

Session ho\u1ea1t \u0111\u1ed9ng nh\u01b0 th\u1ebf n\u00e0o<\/h2>\n\n\n\n

Khi ng\u01b0\u1eddi d\u00f9ng truy c\u1eadp v\u00e0o m\u1ed9t website, server s\u1ebd t\u1ea1o ra m\u1ed9t session<\/strong> m\u1edbi \u0111\u1ec3 theo d\u00f5i phi\u00ean l\u00e0m vi\u1ec7c c\u1ee7a h\u1ecd. \u0110\u1ea7u ti\u00ean, server sinh ra m\u1ed9t m\u00e3 \u0111\u1ecbnh danh duy nh\u1ea5t g\u1ecdi l\u00e0 session ID<\/strong>. M\u00e3 n\u00e0y kh\u00f4ng ch\u1ee9a d\u1eef li\u1ec7u ng\u01b0\u1eddi d\u00f9ng m\u00e0 ch\u1ec9 \u0111\u00f3ng vai tr\u00f2 \u201cch\u00eca kh\u00f3a\u201d \u0111\u1ec3 truy xu\u1ea5t d\u1eef li\u1ec7u phi\u00ean \u0111ang \u0111\u01b0\u1ee3c l\u01b0u tr\u1eef \u1edf ph\u00eda server.<\/p>\n\n\n\n

Sau khi session ID \u0111\u01b0\u1ee3c t\u1ea1o, server s\u1ebd g\u1eedi l\u1ea1i m\u00e3 n\u00e0y cho tr\u00ecnh duy\u1ec7t c\u1ee7a ng\u01b0\u1eddi d\u00f9ng th\u00f4ng qua cookie<\/strong>. T\u1eeb th\u1eddi \u0111i\u1ec3m \u0111\u00f3, m\u1ed7i y\u00eau c\u1ea7u ti\u1ebfp theo m\u00e0 ng\u01b0\u1eddi d\u00f9ng g\u1eedi \u0111\u1ebfn server \u0111\u1ec1u k\u00e8m theo session ID trong ph\u1ea7n header c\u1ee7a HTTP request. Nh\u1edd \u0111\u00f3, server c\u00f3 th\u1ec3 nh\u1eadn bi\u1ebft \u0111\u00e2u l\u00e0 ng\u01b0\u1eddi d\u00f9ng \u0111ang ho\u1ea1t \u0111\u1ed9ng v\u00e0 l\u1ea5y ra d\u1eef li\u1ec7u li\u00ean quan nh\u01b0 th\u00f4ng tin \u0111\u0103ng nh\u1eadp, gi\u1ecf h\u00e0ng ho\u1eb7c c\u00e1c thi\u1ebft l\u1eadp c\u00e1 nh\u00e2n.<\/p>\n\n\n\n

M\u1ed9t session th\u01b0\u1eddng t\u1ed3n t\u1ea1i trong kho\u1ea3ng th\u1eddi gian nh\u1ea5t \u0111\u1ecbnh (v\u00ed d\u1ee5: 20 ho\u1eb7c 30 ph\u00fat kh\u00f4ng ho\u1ea1t \u0111\u1ed9ng). Khi v\u01b0\u1ee3t qu\u00e1 th\u1eddi gian n\u00e0y ho\u1eb7c khi ng\u01b0\u1eddi d\u00f9ng \u0111\u0103ng xu\u1ea5t, session s\u1ebd b\u1ecb x\u00f3a ho\u1eb7c l\u00e0m m\u1edbi. Qu\u00e1 tr\u00ecnh n\u00e0y \u0111\u1ea3m b\u1ea3o r\u1eb1ng d\u1eef li\u1ec7u ng\u01b0\u1eddi d\u00f9ng kh\u00f4ng b\u1ecb l\u01b0u l\u1ea1i qu\u00e1 l\u00e2u, \u0111\u1ed3ng th\u1eddi gi\u1ea3m nguy c\u01a1 b\u1ecb l\u1ea1m d\u1ee5ng n\u1ebfu phi\u00ean kh\u00f4ng c\u00f2n \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng.<\/p>\n\n\n\n

Ph\u00e2n bi\u1ec7t session v\u00e0 cookie<\/h2>\n\n\n\n

Session v\u00e0 cookie l\u00e0 hai c\u01a1 ch\u1ebf ph\u1ed5 bi\u1ebfn trong vi\u1ec7c duy tr\u00ec tr\u1ea1ng th\u00e1i ng\u01b0\u1eddi d\u00f9ng, nh\u01b0ng ch\u00fang kh\u00e1c nhau r\u00f5 r\u1ec7t v\u1ec1 n\u01a1i l\u01b0u tr\u1eef, kh\u1ea3 n\u0103ng b\u1ea3o m\u1eadt v\u00e0 c\u00e1ch s\u1eed d\u1ee5ng.<\/p>\n\n\n\n

Session<\/strong> l\u01b0u d\u1eef li\u1ec7u t\u1ea1i server<\/strong>, c\u00f2n cookie<\/strong> l\u01b0u tr\u1ef1c ti\u1ebfp tr\u00ean tr\u00ecnh duy\u1ec7t<\/strong> c\u1ee7a ng\u01b0\u1eddi d\u00f9ng. Khi m\u1ed9t session \u0111\u01b0\u1ee3c t\u1ea1o, server ch\u1ec9 g\u1eedi cho client m\u1ed9t m\u00e3 \u0111\u1ecbnh danh (session ID), trong khi to\u00e0n b\u1ed9 d\u1eef li\u1ec7u phi\u00ean \u0111\u01b0\u1ee3c l\u01b0u \u1edf ph\u00eda m\u00e1y ch\u1ee7. Ng\u01b0\u1ee3c l\u1ea1i, cookie ch\u1ee9a to\u00e0n b\u1ed9 d\u1eef li\u1ec7u v\u00e0 \u0111\u01b0\u1ee3c tr\u00ecnh duy\u1ec7t g\u1eedi k\u00e8m trong m\u1ed7i y\u00eau c\u1ea7u HTTP.<\/p>\n\n\n\n

V\u1ec1 b\u1ea3o m\u1eadt, session an to\u00e0n h\u01a1n v\u00ec th\u00f4ng tin kh\u00f4ng hi\u1ec3n th\u1ecb tr\u00ean tr\u00ecnh duy\u1ec7t v\u00e0 kh\u00f3 b\u1ecb ch\u1ec9nh s\u1eeda. Cookie d\u1ec5 b\u1ecb \u0111\u00e1nh c\u1eafp ho\u1eb7c gi\u1ea3 m\u1ea1o n\u1ebfu kh\u00f4ng c\u00f3 c\u01a1 ch\u1ebf b\u1ea3o v\u1ec7 nh\u01b0 m\u00e3 h\u00f3a, HTTPS ho\u1eb7c c\u1edd HttpOnly<\/code>.<\/p>\n\n\n\n

V\u1ec1 dung l\u01b0\u1ee3ng, cookie b\u1ecb gi\u1edbi h\u1ea1n kho\u1ea3ng 4KB, c\u00f2n session kh\u00f4ng b\u1ecb gi\u1edbi h\u1ea1n nhi\u1ec1u do l\u01b0u ph\u00eda server. Tuy nhi\u00ean, n\u1ebfu c\u00f3 qu\u00e1 nhi\u1ec1u session ho\u1ea1t \u0111\u1ed9ng \u0111\u1ed3ng th\u1eddi, server s\u1ebd t\u1ed1n nhi\u1ec1u t\u00e0i nguy\u00ean \u0111\u1ec3 qu\u1ea3n l\u00fd.<\/p>\n\n\n\n

Cookie th\u01b0\u1eddng ph\u00f9 h\u1ee3p \u0111\u1ec3 l\u01b0u th\u00f4ng tin t\u00f9y ch\u1ecdn, trong khi session \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng cho c\u00e1c t\u00e1c v\u1ee5 nh\u1ea1y c\u1ea3m nh\u01b0 \u0111\u0103ng nh\u1eadp, thanh to\u00e1n ho\u1eb7c x\u00e1c th\u1ef1c quy\u1ec1n truy c\u1eadp.<\/p>\n\n\n\n

Session \u0111\u01b0\u1ee3c l\u01b0u \u1edf \u0111\u00e2u<\/h2>\n\n\n\n

Session l\u00e0 m\u1ed9t c\u01a1 ch\u1ebf l\u01b0u tr\u1eef ph\u00eda server, nh\u01b0ng c\u00e1ch l\u01b0u tr\u1eef c\u1ee5 th\u1ec3<\/strong> c\u00f3 th\u1ec3 kh\u00e1c nhau t\u00f9y v\u00e0o c\u00f4ng ngh\u1ec7 v\u00e0 quy m\u00f4 h\u1ec7 th\u1ed1ng. D\u1eef li\u1ec7u c\u1ee7a session kh\u00f4ng n\u1eb1m tr\u00ean tr\u00ecnh duy\u1ec7t ng\u01b0\u1eddi d\u00f9ng, m\u00e0 \u0111\u01b0\u1ee3c m\u00e1y ch\u1ee7 gi\u1eef l\u1ea1i d\u01b0\u1edbi nhi\u1ec1u h\u00ecnh th\u1ee9c.<\/p>\n\n\n\n

Th\u00f4ng th\u01b0\u1eddng, c\u00e1c website nh\u1ecf s\u1eed d\u1ee5ng b\u1ed9 nh\u1edb RAM<\/strong> \u0111\u1ec3 l\u01b0u session. C\u00e1ch n\u00e0y \u0111\u01a1n gi\u1ea3n, nhanh ch\u00f3ng nh\u01b0ng c\u00f3 nh\u01b0\u1ee3c \u0111i\u1ec3m l\u00e0 d\u1eef li\u1ec7u s\u1ebd m\u1ea5t n\u1ebfu server b\u1ecb kh\u1edfi \u0111\u1ed9ng l\u1ea1i ho\u1eb7c qu\u00e1 t\u1ea3i.<\/p>\n\n\n\n

M\u1ed9t s\u1ed1 h\u1ec7 th\u1ed1ng s\u1eed d\u1ee5ng file tr\u00ean \u1ed5 \u0111\u0129a<\/strong> \u0111\u1ec3 l\u01b0u session. Ph\u01b0\u01a1ng ph\u00e1p n\u00e0y d\u1ec5 tri\u1ec3n khai v\u00e0 kh\u00f4ng ph\u1ee5 thu\u1ed9c v\u00e0o b\u1ed9 nh\u1edb t\u1ea1m, nh\u01b0ng t\u1ed1c \u0111\u1ed9 truy xu\u1ea5t ch\u1eadm h\u01a1n RAM v\u00e0 kh\u00f4ng ph\u00f9 h\u1ee3p v\u1edbi h\u1ec7 th\u1ed1ng l\u1edbn.<\/p>\n\n\n\n

V\u1edbi nh\u1eefng \u1ee9ng d\u1ee5ng y\u00eau c\u1ea7u kh\u1ea3 n\u0103ng m\u1edf r\u1ed9ng, session th\u01b0\u1eddng \u0111\u01b0\u1ee3c l\u01b0u trong c\u01a1 s\u1edf d\u1eef li\u1ec7u<\/strong> ho\u1eb7c c\u00e1c h\u1ec7 th\u1ed1ng l\u01b0u tr\u1eef hi\u1ec7u n\u0103ng cao nh\u01b0 Redis<\/strong> ho\u1eb7c Memcached<\/strong>. \u0110\u00e2y l\u00e0 gi\u1ea3i ph\u00e1p t\u1ed1i \u01b0u cho m\u00f4i tr\u01b0\u1eddng c\u00f3 nhi\u1ec1u m\u00e1y ch\u1ee7, v\u00ec gi\u00fap chia s\u1ebb session gi\u1eefa c\u00e1c node m\u00e0 kh\u00f4ng l\u00e0m m\u1ea5t d\u1eef li\u1ec7u ng\u01b0\u1eddi d\u00f9ng.<\/p>\n\n\n\n

Vi\u1ec7c l\u1ef1a ch\u1ecdn c\u00e1ch l\u01b0u session ph\u1ee5 thu\u1ed9c v\u00e0o t\u00ednh ch\u1ea5t d\u1ef1 \u00e1n: s\u1ed1 l\u01b0\u1ee3ng ng\u01b0\u1eddi d\u00f9ng, y\u00eau c\u1ea7u b\u1ea3o m\u1eadt, t\u1ed1c \u0111\u1ed9 x\u1eed l\u00fd v\u00e0 kh\u1ea3 n\u0103ng m\u1edf r\u1ed9ng c\u1ee7a h\u1ea1 t\u1ea7ng.<\/p>\n\n\n\n

\u1ee8ng d\u1ee5ng c\u1ee7a session trong website<\/h2>\n\n\n\n

Session l\u00e0 c\u00f4ng c\u1ee5 kh\u00f4ng th\u1ec3 thi\u1ebfu trong vi\u1ec7c duy tr\u00ec tr\u1ea3i nghi\u1ec7m ng\u01b0\u1eddi d\u00f9ng tr\u00ean c\u00e1c trang web hi\u1ec7n \u0111\u1ea1i. M\u1ed9t \u1ee9ng d\u1ee5ng quan tr\u1ecdng nh\u1ea5t l\u00e0 duy tr\u00ec tr\u1ea1ng th\u00e1i \u0111\u0103ng nh\u1eadp<\/strong>. Khi ng\u01b0\u1eddi d\u00f9ng \u0111\u0103ng nh\u1eadp th\u00e0nh c\u00f4ng, server s\u1ebd l\u01b0u th\u00f4ng tin t\u00e0i kho\u1ea3n trong session. Nh\u1edd \u0111\u00f3, ng\u01b0\u1eddi d\u00f9ng c\u00f3 th\u1ec3 di chuy\u1ec3n gi\u1eefa c\u00e1c trang m\u00e0 kh\u00f4ng c\u1ea7n x\u00e1c th\u1ef1c l\u1ea1i, tr\u1eeb khi session h\u1ebft h\u1ea1n ho\u1eb7c b\u1ecb x\u00f3a.<\/p>\n\n\n\n

Trong c\u00e1c website th\u01b0\u01a1ng m\u1ea1i \u0111i\u1ec7n t\u1eed<\/strong>, session gi\u00fap l\u01b0u l\u1ea1i gi\u1ecf h\u00e0ng t\u1ea1m th\u1eddi<\/strong>. Ng\u01b0\u1eddi d\u00f9ng c\u00f3 th\u1ec3 th\u00eam s\u1ea3n ph\u1ea9m, quay l\u1ea1i sau ho\u1eb7c chuy\u1ec3n trang m\u00e0 th\u00f4ng tin gi\u1ecf h\u00e0ng v\u1eabn \u0111\u01b0\u1ee3c gi\u1eef nguy\u00ean cho \u0111\u1ebfn khi h\u1ecd thanh to\u00e1n ho\u1eb7c \u0111\u0103ng xu\u1ea5t.<\/p>\n\n\n\n

Session c\u0169ng h\u1ed7 tr\u1ee3 l\u01b0u c\u00e1c l\u1ef1a ch\u1ecdn c\u00e1 nh\u00e2n h\u00f3a<\/strong> nh\u01b0 ng\u00f4n ng\u1eef hi\u1ec3n th\u1ecb, ch\u1ebf \u0111\u1ed9 n\u1ec1n s\u00e1ng\/t\u1ed1i, ho\u1eb7c v\u1ecb tr\u00ed \u0111ang d\u1eebng trong m\u1ed9t b\u00e0i h\u1ecdc tr\u1ef1c tuy\u1ebfn. \u0110i\u1ec1u n\u00e0y t\u1ea1o c\u1ea3m gi\u00e1c li\u1ec1n m\u1ea1ch, th\u00e2n thi\u1ec7n v\u00e0 ti\u1ec7n l\u1ee3i trong qu\u00e1 tr\u00ecnh s\u1eed d\u1ee5ng.<\/p>\n\n\n\n

Ngo\u00e0i ra, session c\u00f2n \u0111\u01b0\u1ee3c d\u00f9ng \u0111\u1ec3 l\u01b0u d\u1eef li\u1ec7u t\u1ea1m th\u1eddi<\/strong> khi ng\u01b0\u1eddi d\u00f9ng \u0111i\u1ec1n form nhi\u1ec1u b\u01b0\u1edbc, th\u1ef1c hi\u1ec7n c\u00e1c thao t\u00e1c c\u1ea7n x\u00e1c minh li\u00ean t\u1ee5c, ho\u1eb7c khi theo d\u00f5i tr\u1ea1ng th\u00e1i truy c\u1eadp cho c\u00e1c m\u1ee5c \u0111\u00edch b\u1ea3o m\u1eadt v\u00e0 ph\u00e2n t\u00edch h\u00e0nh vi.<\/p>\n\n\n\n

Session trong c\u00e1c ng\u00f4n ng\u1eef l\u1eadp tr\u00ecnh ph\u1ed5 bi\u1ebfn<\/h2>\n\n\n\n

T\u00f9y v\u00e0o ng\u00f4n ng\u1eef l\u1eadp tr\u00ecnh v\u00e0 framework s\u1eed d\u1ee5ng, c\u00e1ch tri\u1ec3n khai session c\u00f3 th\u1ec3 kh\u00e1c nhau, nh\u01b0ng nguy\u00ean l\u00fd chung v\u1eabn l\u00e0 l\u01b0u th\u00f4ng tin phi\u00ean t\u1ea1i server v\u00e0 qu\u1ea3n l\u00fd th\u00f4ng qua session ID.<\/p>\n\n\n\n

Trong PHP<\/strong>, session \u0111\u01b0\u1ee3c kh\u1edfi t\u1ea1o b\u1eb1ng h\u00e0m session_start()<\/code>. Khi \u0111\u00f3, PHP s\u1ebd t\u1ef1 \u0111\u1ed9ng t\u1ea1o session ID v\u00e0 l\u01b0u v\u00e0o cookie c\u1ee7a tr\u00ecnh duy\u1ec7t. L\u1eadp tr\u00ecnh vi\u00ean c\u00f3 th\u1ec3 l\u01b0u d\u1eef li\u1ec7u b\u1eb1ng bi\u1ebfn to\u00e0n c\u1ee5c $_SESSION<\/code>, v\u00ed d\u1ee5: $_SESSION['user'] = 'admin'<\/code>. Session s\u1ebd t\u1ef1 h\u1ee7y khi h\u1ebft th\u1eddi gian s\u1ed1ng ho\u1eb7c khi d\u00f9ng session_destroy()<\/code>.<\/p>\n\n\n\n

V\u1edbi JavaScript<\/strong>, session ph\u00eda client c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c x\u1eed l\u00fd th\u00f4ng qua sessionStorage<\/code>. Tuy nhi\u00ean, c\u1ea7n l\u01b0u \u00fd r\u1eb1ng \u0111\u00e2y kh\u00f4ng ph\u1ea3i l\u00e0 session theo ngh\u0129a server-side, m\u00e0 ch\u1ec9 l\u00e0 l\u01b0u t\u1ea1m d\u1eef li\u1ec7u trong tr\u00ecnh duy\u1ec7t, b\u1ecb x\u00f3a khi \u0111\u00f3ng tab.<\/p>\n\n\n\n

Trong Python<\/strong>, framework nh\u01b0 Flask<\/strong> ho\u1eb7c Django<\/strong> h\u1ed7 tr\u1ee3 session th\u00f4ng qua middleware. Flask d\u00f9ng session['key'] = value<\/code> v\u00e0 c\u00f3 th\u1ec3 l\u01b0u session v\u00e0o cookie ho\u1eb7c Redis. Django m\u1eb7c \u0111\u1ecbnh l\u01b0u session trong c\u01a1 s\u1edf d\u1eef li\u1ec7u.<\/p>\n\n\n\n

Trong Node.js<\/strong>, th\u01b0 vi\u1ec7n ph\u1ed5 bi\u1ebfn nh\u1ea5t l\u00e0 express-session<\/code>. N\u00f3 cho ph\u00e9p l\u01b0u session server-side, s\u1eed d\u1ee5ng cookie \u0111\u1ec3 l\u01b0u session ID v\u00e0 h\u1ed7 tr\u1ee3 k\u1ebft n\u1ed1i Redis, MongoDB ho\u1eb7c file store t\u00f9y theo c\u1ea5u h\u00ecnh.<\/p>\n\n\n\n

B\u1ea3o m\u1eadt session: r\u1ee7i ro v\u00e0 c\u00e1ch ph\u00f2ng tr\u00e1nh<\/h2>\n\n\n\n

D\u00f9 session gi\u00fap t\u0103ng c\u01b0\u1eddng b\u1ea3o m\u1eadt so v\u1edbi cookie, nh\u01b0ng n\u1ebfu kh\u00f4ng \u0111\u01b0\u1ee3c tri\u1ec3n khai \u0111\u00fang c\u00e1ch, session v\u1eabn c\u00f3 th\u1ec3 tr\u1edf th\u00e0nh l\u1ed7 h\u1ed5ng ti\u1ec1m \u1ea9n trong h\u1ec7 th\u1ed1ng web.<\/p>\n\n\n\n

M\u1ed9t trong nh\u1eefng r\u1ee7i ro ph\u1ed5 bi\u1ebfn nh\u1ea5t l\u00e0 session hijacking<\/strong> \u2013 khi k\u1ebb t\u1ea5n c\u00f4ng chi\u1ebfm \u0111o\u1ea1t session ID c\u1ee7a ng\u01b0\u1eddi d\u00f9ng \u0111\u1ec3 truy c\u1eadp tr\u00e1i ph\u00e9p v\u00e0o t\u00e0i kho\u1ea3n. Vi\u1ec7c \u0111\u00e1nh c\u1eafp c\u00f3 th\u1ec3 x\u1ea3y ra qua m\u1ea1ng kh\u00f4ng b\u1ea3o m\u1eadt ho\u1eb7c th\u00f4ng qua m\u00e3 \u0111\u1ed9c ch\u1ea1y trong tr\u00ecnh duy\u1ec7t.<\/p>\n\n\n\n

M\u1ed9t h\u00ecnh th\u1ee9c kh\u00e1c l\u00e0 session fixation<\/strong>, trong \u0111\u00f3 k\u1ebb t\u1ea5n c\u00f4ng c\u1ed1 t\u00ecnh g\u00e1n session ID cho n\u1ea1n nh\u00e2n tr\u01b0\u1edbc khi \u0111\u0103ng nh\u1eadp, sau \u0111\u00f3 d\u00f9ng ch\u00ednh ID \u0111\u00f3 \u0111\u1ec3 chi\u1ebfm quy\u1ec1n truy c\u1eadp sau khi n\u1ea1n nh\u00e2n \u0111\u0103ng nh\u1eadp th\u00e0nh c\u00f4ng.<\/p>\n\n\n\n

\u0110\u1ec3 ph\u00f2ng tr\u00e1nh, c\u00e1c l\u1eadp tr\u00ecnh vi\u00ean c\u1ea7n:<\/p>\n\n\n\n

    \n
  • S\u1eed d\u1ee5ng HTTPS<\/strong> \u0111\u1ec3 m\u00e3 h\u00f3a d\u1eef li\u1ec7u truy\u1ec1n \u0111i.<\/li>\n\n\n\n
  • Thi\u1ebft l\u1eadp cookie v\u1edbi c\u1edd HttpOnly<\/strong> (ch\u1ed1ng truy c\u1eadp t\u1eeb JavaScript) v\u00e0 Secure<\/strong> (ch\u1ec9 g\u1eedi qua HTTPS).<\/li>\n\n\n\n
  • Regenerate session ID<\/strong> sau khi ng\u01b0\u1eddi d\u00f9ng \u0111\u0103ng nh\u1eadp th\u00e0nh c\u00f4ng ho\u1eb7c th\u1ef1c hi\u1ec7n h\u00e0nh \u0111\u1ed9ng nh\u1ea1y c\u1ea3m.<\/li>\n\n\n\n
  • C\u00e0i \u0111\u1eb7t timeout ng\u1eafn<\/strong> cho session \u0111\u1ec3 gi\u1ea3m thi\u1ec3u r\u1ee7i ro b\u1ecb chi\u1ebfm quy\u1ec1n khi ng\u01b0\u1eddi d\u00f9ng r\u1eddi thi\u1ebft b\u1ecb.<\/li>\n<\/ul>\n\n\n\n

    B\u1ea3o m\u1eadt session kh\u00f4ng ch\u1ec9 l\u00e0 v\u1ea5n \u0111\u1ec1 k\u1ef9 thu\u1eadt, m\u00e0 c\u00f2n l\u00e0 y\u1ebfu t\u1ed1 quy\u1ebft \u0111\u1ecbnh \u0111\u1ed9 tin c\u1eady c\u1ee7a to\u00e0n b\u1ed9 \u1ee9ng d\u1ee5ng web.<\/p>\n\n\n\n

    C\u00e1ch t\u1ed1i \u01b0u hi\u1ec7u su\u1ea5t khi d\u00f9ng session<\/h2>\n\n\n\n

    Trong c\u00e1c h\u1ec7 th\u1ed1ng c\u00f3 l\u01b0\u1ee3ng ng\u01b0\u1eddi d\u00f9ng l\u1edbn, session n\u1ebfu kh\u00f4ng \u0111\u01b0\u1ee3c t\u1ed1i \u01b0u s\u1ebd nhanh ch\u00f3ng tr\u1edf th\u00e0nh g\u00e1nh n\u1eb7ng cho t\u00e0i nguy\u00ean server. Vi\u1ec7c thi\u1ebft k\u1ebf phi\u00ean l\u00e0m vi\u1ec7c hi\u1ec7u qu\u1ea3 kh\u00f4ng ch\u1ec9 gi\u00fap c\u1ea3i thi\u1ec7n hi\u1ec7u su\u1ea5t m\u00e0 c\u00f2n t\u0103ng t\u00ednh \u1ed5n \u0111\u1ecbnh cho to\u00e0n b\u1ed9 h\u1ec7 th\u1ed1ng.<\/p>\n\n\n\n

    \u0110\u1ea7u ti\u00ean, c\u1ea7n thi\u1ebft l\u1eadp th\u1eddi gian s\u1ed1ng (timeout)<\/strong> h\u1ee3p l\u00fd cho m\u1ed7i session. N\u1ebfu session t\u1ed3n t\u1ea1i qu\u00e1 l\u00e2u m\u00e0 kh\u00f4ng \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng, n\u00f3 s\u1ebd chi\u1ebfm d\u1ee5ng b\u1ed9 nh\u1edb kh\u00f4ng c\u1ea7n thi\u1ebft. Gi\u1edbi h\u1ea1n phi\u00ean ho\u1ea1t \u0111\u1ed9ng trong 15\u201330 ph\u00fat kh\u00f4ng t\u01b0\u01a1ng t\u00e1c l\u00e0 l\u1ef1a ch\u1ecdn ph\u1ed5 bi\u1ebfn.<\/p>\n\n\n\n

    Th\u1ee9 hai, n\u00ean d\u1ecdn d\u1eb9p (cleanup)<\/strong> c\u00e1c session c\u0169 b\u1eb1ng c\u00e1ch c\u1ea5u h\u00ecnh cron job ho\u1eb7c s\u1eed d\u1ee5ng c\u01a1 ch\u1ebf t\u1ef1 \u0111\u1ed9ng c\u1ee7a framework \u0111\u1ec3 gi\u1ea3i ph\u00f3ng b\u1ed9 nh\u1edb \u0111\u1ecbnh k\u1ef3.<\/p>\n\n\n\n

    V\u1edbi h\u1ec7 th\u1ed1ng nhi\u1ec1u server, n\u00ean tri\u1ec3n khai session theo h\u01b0\u1edbng l\u01b0u tr\u1eef ph\u00e2n t\u00e1n<\/strong> nh\u01b0 Redis ho\u1eb7c Memcached, gi\u00fap c\u00e1c m\u00e1y ch\u1ee7 truy c\u1eadp chung m\u1ed9t ngu\u1ed3n d\u1eef li\u1ec7u session, tr\u00e1nh m\u1ea5t tr\u1ea1ng th\u00e1i khi load balancing.<\/p>\n\n\n\n

    Cu\u1ed1i c\u00f9ng, ch\u1ec9 n\u00ean l\u01b0u trong session nh\u1eefng th\u00f4ng tin th\u1ef1c s\u1ef1 c\u1ea7n thi\u1ebft, tr\u00e1nh l\u1ea1m d\u1ee5ng l\u01b0u tr\u1eef qu\u00e1 nhi\u1ec1u khi\u1ebfn th\u1eddi gian truy xu\u1ea5t ch\u1eadm ho\u1eb7c ph\u00ecnh to b\u1ed9 nh\u1edb kh\u00f4ng c\u1ea7n thi\u1ebft.<\/p>\n\n\n\n

    Vi\u1ec7c hi\u1ec3u r\u00f5 Session l\u00e0 g\u00ec<\/strong> gi\u00fap l\u1eadp tr\u00ecnh vi\u00ean x\u00e2y d\u1ef1ng h\u1ec7 th\u1ed1ng web \u1ed5n \u0111\u1ecbnh, an to\u00e0n v\u00e0 mang l\u1ea1i tr\u1ea3i nghi\u1ec7m li\u1ec1n m\u1ea1ch cho ng\u01b0\u1eddi d\u00f9ng. T\u1eeb vi\u1ec7c duy tr\u00ec \u0111\u0103ng nh\u1eadp, l\u01b0u gi\u1ecf h\u00e0ng \u0111\u1ebfn b\u1ea3o v\u1ec7 th\u00f4ng tin c\u00e1 nh\u00e2n, session \u0111\u00f3ng vai tr\u00f2 trung t\u00e2m trong m\u1ecdi \u1ee9ng d\u1ee5ng web \u0111\u1ed9ng. Trong t\u01b0\u01a1ng lai, vi\u1ec7c k\u1ebft h\u1ee3p session v\u1edbi c\u00e1c gi\u1ea3i ph\u00e1p x\u00e1c th\u1ef1c hi\u1ec7n \u0111\u1ea1i s\u1ebd ti\u1ebfp t\u1ee5c l\u00e0 xu h\u01b0\u1edbng quan tr\u1ecdng trong ph\u00e1t tri\u1ec3n ph\u1ea7n m\u1ec1m.<\/p>\n\n\n\n

    Tr\u00ed Nh\u00e2n<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

    Khi m\u1ed9t trang web \u201cnh\u1edb\u201d \u0111\u01b0\u1ee3c b\u1ea1n l\u00e0 ai d\u00f9 b\u1ea1n \u0111\u00e3 chuy\u1ec3n sang trang kh\u00e1c, \u0111\u00f3 kh\u00f4ng ph\u1ea3i s\u1ef1 ng\u1eabu nhi\u00ean. Ph\u00eda sau s\u1ef1 …<\/p>\n","protected":false},"author":59,"featured_media":10865,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[64],"class_list":["post-10864","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tu-van-nghe-nghiep","tag-it"],"_links":{"self":[{"href":"https:\/\/mb668s.com\/cam-nang-7mb66-xoc-dia\/wp-json\/wp\/v2\/posts\/10864","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mb668s.com\/cam-nang-7mb66-xoc-dia\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mb668s.com\/cam-nang-7mb66-xoc-dia\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mb668s.com\/cam-nang-7mb66-xoc-dia\/wp-json\/wp\/v2\/users\/59"}],"replies":[{"embeddable":true,"href":"https:\/\/mb668s.com\/cam-nang-7mb66-xoc-dia\/wp-json\/wp\/v2\/comments?post=10864"}],"version-history":[{"count":1,"href":"https:\/\/mb668s.com\/cam-nang-7mb66-xoc-dia\/wp-json\/wp\/v2\/posts\/10864\/revisions"}],"predecessor-version":[{"id":10866,"href":"https:\/\/mb668s.com\/cam-nang-7mb66-xoc-dia\/wp-json\/wp\/v2\/posts\/10864\/revisions\/10866"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mb668s.com\/cam-nang-7mb66-xoc-dia\/wp-json\/wp\/v2\/media\/10865"}],"wp:attachment":[{"href":"https:\/\/mb668s.com\/cam-nang-7mb66-xoc-dia\/wp-json\/wp\/v2\/media?parent=10864"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mb668s.com\/cam-nang-7mb66-xoc-dia\/wp-json\/wp\/v2\/categories?post=10864"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mb668s.com\/cam-nang-7mb66-xoc-dia\/wp-json\/wp\/v2\/tags?post=10864"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}