1. Since the HTTP protocol is a stateless protocol, when the server needs to record the user's status, it needs to use a mechanism to identify the specific user. This mechanism is Session. A typical scenario is a shopping cart. When you click to place an order When the button is pressed, because the HTTP protocol is stateless, it does not know which user is operating, so the server needs to create a specific session for a specific user, which is used to identify the user and track the user, so as to know what is in the shopping cart. There are several books. This Session is stored on the server and has a unique identifier. There are many ways to save sessions on the server, including memory, database, and files. Session transfer should also be considered when clustering. In large websites, there is usually a dedicated session server cluster to save user sessions. At this time, session information is stored in memory, and some caching services such as Memcached are used. to put the Session.
2. Think about how the server identifies a specific client? This is where cookies come in. Each time an HTTP request is made, the client sends the corresponding cookie information to the server. In fact, most applications use cookies to implement session tracking. When a session is created for the first time, the server will tell the client in the HTTP protocol that a session ID needs to be recorded in the cookie. The session ID is sent to the server and I know who you are. Someone asked, what if the client's browser has cookies disabled? In this case, a technique called URL rewriting is used for session tracking, that is, for each HTTP interaction, a parameter such as sid=xxxxx is appended to the URL, and the server identifies the user accordingly.
3. In fact, cookies can also be used in some user-friendly scenarios. Suppose you have logged in to a website once and do not want to enter your account again when you log in next time. What should you do? This information can be written into the cookie. When visiting the website, the script of the website page can read this information and automatically fill in the user name for you, which is convenient for the user. This is also the origin of the cookie name, a little sweetness to the user.
So, to sum up:
Session is a data structure saved on the server side to track the user's status, and this data can be saved in clusters, databases, and files;
Cookie is a mechanism for the client to save user information, used to record Some information of the user is also a way to implement Session.
2. Think about how the server identifies a specific client? This is where cookies come in. Each time an HTTP request is made, the client sends the corresponding cookie information to the server. In fact, most applications use cookies to implement session tracking. When a session is created for the first time, the server will tell the client in the HTTP protocol that a session ID needs to be recorded in the cookie. The session ID is sent to the server and I know who you are. Someone asked, what if the client's browser has cookies disabled? In this case, a technique called URL rewriting is used for session tracking, that is, for each HTTP interaction, a parameter such as sid=xxxxx is appended to the URL, and the server identifies the user accordingly.
3. In fact, cookies can also be used in some user-friendly scenarios. Suppose you have logged in to a website once and do not want to enter your account again when you log in next time. What should you do? This information can be written into the cookie. When visiting the website, the script of the website page can read this information and automatically fill in the user name for you, which is convenient for the user. This is also the origin of the cookie name, a little sweetness to the user.
So, to sum up:
Session is a data structure saved on the server side to track the user's status, and this data can be saved in clusters, databases, and files;
Cookie is a mechanism for the client to save user information, used to record Some information of the user is also a way to implement Session.
The operation of the session depends on the session id, and the session id is stored in the cookie.
Sessions are maintained with cookies, and the default policy of most web servers is to use cookies.
From the customer's point of view. In today's browsers, disabling cookies is actually not completely disabling them, but just loses the "persistence" function of cookies, which can be roughly understood as clearing cookies when the window is closed. So this browser can still log in to the website even if cookies are disabled.
For "browser" that does not support cookies, such as curl (without -b, -c parameters), this feature will not tell the server. The server will still send the Set-Cookie header, but the client ignores it, so every time the server is accessed, it is a new Session, and the server cannot be associated with the old Session.
From the server's point of view, if you think your user's browser may be old, then you can use cookies, forms, and URLs at the same time with the user's session, just in case.