In fact, cookies can also be used in some user-friendly scenarios. Suppose you have logged in to a website once, and you don’t want to enter your account again when you log in next time. What should you do? This information can be written into the cookie. When visiting the website, the script of the website page can read this information and automatically fill in the user name for you, which is convenient for the user. This is also the origin of the cookie name, a little sweetness to the user.
The most typical application of cookies is
(1): Determine whether the user has logged in to the website, so that he can log in directly next time he logs in. If we delete the cookie, the login-related information must be refilled every time you log in.
(2): Another important application is the handling and design of classes in the "shopping cart". Users may choose different products on different pages of the same website for a period of time. These information can be written into cookies and extracted from cookies at the final payment. Of course, there are security and performance issues that we need to consider. .
Since the HTTP protocol is a stateless protocol, when the server needs to record the status of the user, it needs to use a mechanism to identify the specific user. This mechanism is Session. A typical scenario is a shopping cart, when you click the order button , because the HTTP protocol is stateless, it does not know which user is operating, so the server needs to create a specific session for a specific user, which is used to identify the user and track the user, so as to know how many in the shopping cart. book. This Session is stored on the server and has a unique identifier. There are many ways to save sessions on the server, including memory, database, and files. Session transfer should also be considered when clustering. In large websites, there is usually a dedicated session server cluster to save user sessions. At this time, session information is stored in memory, and some caching services such as Memcached are used. to put the Session.
Think about how the server identifies a specific client? This is where cookies come in. Each time an HTTP request is made, the client sends the corresponding cookie information to the server. In fact, most applications use cookies to implement session tracking. When a session is created for the first time, the server will tell the client in the HTTP protocol that a session ID needs to be recorded in the cookie. The session ID is sent to the server and I know who you are. Someone asked, what if the client's browser has cookies disabled? In this case, a technique called URL rewriting is used for session tracking, that is, for each HTTP interaction, a parameter such as sid=xxxxx is appended to the URL, and the server identifies the user accordingly.
Session is a data structure saved on the server to track the state of the user. This data can be saved in clusters, databases, and files;
Cookie is a mechanism for the client to save user information, which is used to record some information about the user. It is also a way to implement Session.