My humble:
Good. When we open the history you want to delete some recordings (funny), you see Clear History cookie. This shows that the cookie is stored in the client.
JD is such a mechanism, when we do not have login ID, before adding in the shopping cart contents still exist, cookie can save the record information.
The server need to record the user's status, you need to use some mechanism to identify specific user, this mechanism is the session. session these files store information in the form of a file on the server hard disk space.
HTTP protocol is stateless protocol, every time an HTTP request, the client will send the appropriate cookie information to the server.
When in fact the majority of applications are used to implement Session Cookie tracking, you first create a session, the server will tell the client in the HTTP protocol needs to be recorded in a session_id Cookie inside, each subsequent request to the session id sent to the server.
Interviewer: So what better to say something about which security
humble me: good. Because the cookie is stored in clear text client, security is low, can be encrypted and stored by an encryption algorithm; and the session is stored in memory on the server, so security is good session.
Interviewer: What do you come to me and talk about deep session cookie principles
humble me: cnm ...