淺析Web數(shù)據(jù)存儲(chǔ)-Cookie、UserData、SessionStorage、WebSqlDatabase

Cookie 它是標(biāo)準(zhǔn)的客戶端瀏覽器狀態(tài)保存方式，可能在瀏覽器誕生不久就有Cookie了，為什么需要Cookie 這個(gè)東東？由于HTTP協(xié)議沒(méi)有狀態(tài)，所以需要一個(gè)標(biāo)志/存儲(chǔ)來(lái)記錄客戶瀏覽器當(dāng)前的狀態(tài)，...

Cookie

它是標(biāo)準(zhǔn)的客戶端瀏覽器狀態(tài)保存方式，可能在瀏覽器誕生不久就有Cookie了，為什么需要Cookie 這個(gè)東東？由于HTTP協(xié)議沒(méi)有狀態(tài)，所以需要一個(gè)標(biāo)志/存儲(chǔ)來(lái)記錄客戶瀏覽器當(dāng)前的狀態(tài)，保證客戶瀏覽器和服務(wù)器通訊時(shí)可以知道客戶瀏覽器當(dāng)前的狀態(tài)。Cookie就是記錄這個(gè)狀態(tài)的容器，Cookie在每次請(qǐng)求的時(shí)候都被帶回到服務(wù)器，從而保證了Server可以知道瀏覽器當(dāng)前的狀態(tài)，由于Cookie會(huì)被帶回到Server，所以Cookie的內(nèi)容不能存太多，最多不能超過(guò)4K，4K 限制的介紹 http://ec.europa.eu/ipg/standards/cookies/index_en.htm
其中一段內(nèi)容為：

A browser is only required to store up to 300 cookies overall and maintain only the last 20 from each domain. The maximum size of a cookie is 4K of disk space.

但是在一些場(chǎng)景下可能需要存儲(chǔ)超過(guò)4K或者更多的數(shù)據(jù)，但是這些數(shù)據(jù)不用在每次請(qǐng)求的時(shí)候被帶回到服務(wù)器，只要能在客戶的瀏覽器上保存住，并且可以方便的被Javascript讀寫就可以了，這種需求尤為在中大型RIA的應(yīng)用場(chǎng)景下更加的迫切，部分?jǐn)?shù)據(jù)放在客戶瀏覽器，節(jié)約帶寬，提高瀏覽速度。HTML5標(biāo)準(zhǔn)已經(jīng)替我們想到了滿足這種需求的方案：sessionStorage , webSqlDatabase, 微軟的IE 有 userData 方案。

userData
微軟對(duì)USERDATA的介紹: http://msdn2.microsoft.com/en-us/library/ms531424(VS.85).aspx
其中一段內(nèi)容為：

Security Alert：For security reasons, a UserData store is available only in the same directory and with the same protocol used to persist the store.
Security Alert：Using this behavior incorrectly can compromise the security of your application. Data in a UserData store is not encrypted and therefore not secure. Any application that has access to the drive where UserData is saved has access to the data. Therefore, it is recommended that you not persist sensitive data like credit card numbers. For more information, see Security Considerations: DHTML and Default Behaviors.
……
The userData behavior persists data across sessions, using one UserData store for each object. The UserData store is persisted in the cache using the save and load methods. Once the UserData store has been saved, it can be reloaded even if Microsoft Internet Explorer has been closed and reopened.
Setting the userData behavior class on the html, head, title, or style object causes an error when the save or load method is called.

 

userData可以在同目錄同協(xié)議下相互訪問(wèn)，長(zhǎng)期存儲(chǔ)在客戶機(jī)器上。最大存儲(chǔ)空間也增大了很多。userData需要綁定到一個(gè)Dom元素上使用。在userData的method中有removeAttribute方法。經(jīng)過(guò)測(cè)試代碼發(fā)現(xiàn)removeAttribute方法好像不是很管用，需要使用像cookie過(guò)期的方式，才可以徹底的刪除一個(gè)userData Attribute。
在 http://www.itwen.com/04web/11skill/skill20060918/60588.html 中介紹說(shuō)userData存儲(chǔ)在X:\Documents and Settings\當(dāng)前用戶\UserData\ 目錄下。具體細(xì)節(jié)MS在userData說(shuō)明文檔中沒(méi)有具體說(shuō)明。

sessionStorage
HTML5 標(biāo)準(zhǔn)對(duì) sessionStorage的介紹： http://www.whatwg.org/specs/web-apps/current-work/
其中對(duì) sessionStorage 的介紹：

This specification introduces two related mechanisms, similar to HTTP session cookies [RFC2965], for storing structured data on the client side.
The first is designed for scenarios where the user is carrying out a single transaction, but could be carrying out multiple transactions in different windows at the same time.
Cookies dont really handle this case well. For example, a user could be buying plane tickets in two different windows, using the same site. If the site used cookies to keep track of which ticket the user was buying, then as the user clicked from page to page in both windows, the ticket currently being purchased would "leak" from one window to the other, potentially causing the user to buy two tickets for the same flight without really noticing.
To address this, this specification introduces the sessionStorage DOM attribute. Sites can add data to the session storage, and it will be accessible to any page from that origin opened in that window.

Html5 sessionStorage Demo: http://html5demos.com/storage
下面是根據(jù) http://www.blogjava.net/emu/archive/2006/10/04/73385.html 中提到的IE FF 兼容userData的測(cè)試代碼：

 

function isIE() {
return !!document.all;
}

function initUserData() {
if (isIE()) document.documentElement.addBehavior("#default#userdata");
}

function saveUserData(key, value) {
var ex;
if (isIE()) {
//IE
with (document.documentElement) try {
load(key);
setAttribute("value", value);
save(key);
return getAttribute("value");
} catch (ex) {
alert(ex.message)
}
} else if (window.sessionStorage) {
//FF 2.0+
try {
sessionStorage.setItem(key, value)
} catch (ex) {
alert(ex);
}
} else {
alert("Error occured in user data saving. your browser do not support user data.");
}
}

function loadUserData(key) {
var ex;
if (isIE()) {
//IE 
with (document.documentElement) try {
load(key);
return getAttribute("value");
} catch (ex) {
alert(ex.message); return null;
}
} else if (window.sessionStorage) {
//FF 2.0+
try {
return sessionStorage.getItem(key)
} catch (ex) {
alert(ex)
}
} else {
alert("Error occured in user data loading. your browser do not support user data.")
}
}
function deleteUserData(key) {
var ex;
if (isIE()) {
//IE
with (document.documentElement) try {
load(key);
expires = new Date(315532799000).toUTCString();
save(key);
}
catch (ex) {
alert(ex.message);
}
} else if (window.sessionStorage) {
//FF 2.0+
try {
sessionStorage.removeItem(key)
} catch (ex) {
alert(ex)
}
} else {
alert("Error occured in user data deleting. your browser do not support user data.")
}
} 

 

userData和sessionStorage共同的特點(diǎn)就是：這兩個(gè)對(duì)象都可以存儲(chǔ)比cookie大的多的多內(nèi)容。并且不會(huì)隨每次請(qǐng)求帶回到服務(wù)器端。但是根據(jù)Html5標(biāo)準(zhǔn)和測(cè)試發(fā)現(xiàn)userData和sessionStorage有很多地方是不同的。

 

下面是一個(gè)測(cè)試頁(yè)面：

 

 

其中的 SetInsurance link 會(huì)操作javascript 在IE下用userData寫數(shù)據(jù), 在FF下用sessionStore寫數(shù)據(jù)。在IE下的情況是：關(guān)閉IE或者重啟機(jī)器寫入的值都不會(huì)丟失。在FF下的情況很有意思：在本頁(yè)面寫入的值在本頁(yè)面可以訪問(wèn)，在由本頁(yè)面所打開的其它頁(yè)面可以訪問(wèn)。但是就算本頁(yè)面開著，在導(dǎo)航欄里輸入地址，打開本頁(yè)面，存入的值就不能訪問(wèn)了。在本頁(yè)面存入的值，在它的父頁(yè)面(打開這個(gè)頁(yè)面的頁(yè)面)是訪問(wèn)不到的。又看了看Html5標(biāo)準(zhǔn)。sessionStorage 的全名是：Client-side session and persistent storage of name/value pairs 意思估計(jì)是存儲(chǔ)在Client的內(nèi)容是有session 會(huì)話的，存儲(chǔ)的值由session會(huì)話所維系，一旦session會(huì)話中斷或者丟失，存入的值也就隨之消失了。所以當(dāng)頁(yè)面沒(méi)有session(父頁(yè)面，由地址欄打開的頁(yè)面)，是取不到值的。當(dāng)FF關(guān)閉或者重啟機(jī)器必然也就取不到值了。

webSqlDatabase
webSqlDatabase在HTML5 標(biāo)準(zhǔn)中是非常Cool的一個(gè)東東， 用Javascript寫SQL查詢，數(shù)據(jù)庫(kù)就在瀏覽器里，這在以前幾乎不敢想象。不過(guò)今天Safari, Chrome, Opera 都已經(jīng)支持了，兩個(gè)webSqlDatabase 的 Demo 頁(yè)面： http://html5demos.com/database http://html5demos.com/database-rollback
W3C 對(duì)WEBSQLDATABASE 的介紹頁(yè)面： http://dev.w3.org/html5/webdatabase/
WiKi上一個(gè)簡(jiǎn)明的說(shuō)明： http://en.wikipedia.org/wiki/Web_SQL_Database

From W3C: "...an API for storing data in databases that can be queried using a variant of SQL"
Web SQL Database is supported by Google Chrome[1], Opera and Safari but will not be implemented by Mozilla(Firefox)[2] who instead propone Indexed Database API access.

不知道 HTML 5 的 SQLDB 會(huì)被瀏覽器支持的怎么樣， 不過(guò)sessionStorage看上去已經(jīng)可以基本滿足需求了。

 

 

本文實(shí)例代碼