Cookies and Sessions
The cookie data is stored on the client side, and the session data is stored on the server side. Cookies have security risks, but if there are too many sessions, it will consume server resources
Cookie mechanism : The orthodox cookie distribution is realized by extending the HTTP protocol. The server prompts the browser to generate the corresponding cookie according to the instruction by adding a line of special instructions to the HTTP response header. However, pure client-side scripts such as JavaScript or VBScript can also generate cookies. The use of cookies is automatically sent by the browser to the server in the background according to certain principles. The browser checks all stored cookies. If the scope declared by a cookie is greater than or equal to the location of the resource to be requested, the cookie is attached to the HTTP request header of the requested resource and sent to the server.
Session mechanism: The Session mechanism is a server-side mechanism, and the server uses a structure similar to a hash table (or possibly a hash table) to store information.
Cookies have certain security risks. Cookie is like the passbook we used before. The user's money deposit and withdrawal will be recorded on this passbook (that is, all user information will be saved in the browser), so for those who have unreasonable ideas, they may modify the data on the passbook. (This analogy ignores the fact that banks also record the amount users deposit and withdraw). Compared with passbooks, bank cards are much safer. What the customer gets is only a bank card number (that is, the browser only retains one sessionid), then the user's deposits and withdrawals will be recorded in the bank's system (ie, the server side). ), only getting a sessionid is meaningless, so it will be much safer than cookies.