How does the server validate cookies

1. After receiving the cookie from the client, the server checks the value in the cookie and the value stored on the server. If the value in the cookie is the same as the value stored on the server, it indicates that the client has logged in, and the server can identify the client.
2. Generally, the client saves the past session information of the two servers, while the server saves only the current cookie information.

• The server authenticates cookies. Generally, when receiving HTTP requests from clients, the server parses Cookie header information and converts it into key-value pairs. Find the corresponding value(that is, the corresponding session id) according to one of the keys(such as sessionId), and then search for the corresponding session data according to this session id. The server determines how to save the mapping between the client identity and the cookie according to its own implementation. The common implementation methods are as follows:
  saves the session data in the server memory and saves the session id in the cookie;
  Saves the session data in the server cache or database, and saves the session id in the cookie;
  Using techniques such as JWT, user information is stored in tokens and tokens are stored in cookies.
  After receiving a cookie, the server can check whether the identity of the current request is correct by comparing the sessionId or token in the cookie.

• Generally, the server is responsible for saving past session information. The client sends cookie information to the server for each request, and the server obtains session data according to the cookie information. The server saves session data in its own memory, cache, or database so that it can restore the client's session state on subsequent requests. Generally, the client does not need to save the previous session information. It only needs to send the cookie information to the server on each request.