What Cookie and Session is? What are their differences?

What is a Cookie

Cookie is actually a short text message. Client requests the server if the server requires the user to record the state, issued a response on the use of Cookie to the client browser. Cookie client will be saved.

HTTP protocol itself is stateless, which is the original purpose of HTTP protocol is consistent, clients need only a simple request to download some files to the server, either the client or the server is not necessary to have a record of past behavior to each other, and each time They are independent of each request.

But with the development of the WEB, WEB WEB rich functionality required to use dynamic information (state), in which Cookie is the role of a scheme to solve the stateless HTTP protocol defects raised. It is noteworthy that the concept of comparative Session, Cookie mechanism to save the client state of the program, while Session is a server-side state saving scheme.

When a browser requests that site again, the browser URL along with the request submitted with the Cookie to the server. The server checks the Cookie, in order to identify user state. The server can also modify the contents of Cookie needed. Save time information can be provided as necessary.

If you do not set the Cookie expiration date, save them only until you close your browser program.       

If the Expires property of the Cookie object to Minvalue, it said Cookie never expire.

Cookie amount of data storage is very limited, most browsers support a maximum capacity of 4K, so do not to save the data set and a lot of other data.

Since not all browsers support Cookie, and the data in the form of clear text information stored in the client's computer, so it's best not to save sensitive, unencrypted data, otherwise it will affect the security of the site.

What is Session

Session state is another mechanism for a customer record, Session appears also from stateless HTTP protocol, except that the Cookie stored in the client browser, and Session saved on the server. The client browser access to the server, the server to the client information recorded on the server in some form. This is the Session. Just look for the Session of the client when the client browser access again from the state on it.

Unique each user accessing the server will establish a session, the server that is how it identifies the user? In fact, while the user connections to the server, the server will automatically assign a SessionId.

The difference between the Session and Cookie

  • Session is stored in a data structure server, used to track a user's status, this data can be stored in the cluster, database, file; Cookie is a mechanism to save the client user information is used to record some information of the user, One way is the Session.
  • Originally session is an abstract concept, developers in order to achieve interruption and continue other operations, between the user agent and the server one to one interaction, abstract "session", and then created the "session state", that is, the concept of the session. The cookie is a thing actually exists, in the header field in the http protocol definition. It can be considered a back-end session of stateless implementation.

  • The session runs dependence session id, and session id is the presence of a cookie, that is, if the browser cookie is disabled, while the session will fail (but can be achieved by other means, such as session_id passed in the url)

  • session can be placed in a file, database, or memory can be.

  • cookie is not very safe, people can analyze the local cookie store and cookie deception, taking into account the security should be used session.

  • Single cookie saved data can not exceed 4K, many browsers are limited to a maximum of 20 sites saved cookie.

 

Published 109 original articles · won praise 101 · views 360 000 +

Guess you like

Origin blog.csdn.net/Alen_xiaoxin/article/details/105188451