These are the basics, but a deep understanding is necessary. A brief introduction first.
Definition of both:
When you are browsing the website, the WEB server will first send a small piece of information on your computer, and the cookie will help you type the text or some choices on the website,
All recorded. When you visit the same website next time, the WEB server will first check if there is any cookie information left by it last time, and if so, it will be based on the cookie data.
The content in the website is used to judge the user and send the specific webpage content to you. The use of cookies is widespread, and many websites that provide personalized services use cookies
To identify users, to facilitate the delivery of user-tailored content, such as free email sites with Web interfaces, cookies are used.
Specifically, the cookie mechanism adopts the scheme of maintaining state on the client side, while the session mechanism adopts the scheme of maintaining state on the server side.
At the same time, we also see that since the server-side state-keeping scheme also needs to save an identifier on the client side, the session mechanism may need to rely on the cookie mechanism
for the purpose of saving the logo, but it actually has other options.
cookie mechanism. Orthodox cookie distribution is achieved by extending the HTTP protocol, and the server prompts the server by adding a special line to the HTTP response header.
The browser is instructed to generate the corresponding cookie. However, pure client-side scripts such as JavaScript or VBScript can also generate cookies. And the use of cookies
It is automatically sent by the browser to the server in the background according to certain principles. The browser checks all stored cookies, if a cookie declares the scope of
If it is greater than or equal to the location of the resource to be requested, the cookie is attached to the HTTP request header of the requested resource and sent to the server.
The content of the cookie mainly includes: name, value, expiration time, path and domain. The path, together with the domain, constitutes the scope of the cookie. If no expiration time is set, it means that this
The lifetime of a cookie is during the browser session. When the browser window is closed, the cookie disappears. Such cookies that last for the browser session are called session cookies.
Session cookies are generally not stored on hard disk but in memory, although this behavior is not specified by the norm. If an expiration time is set, the browser will store the cookie
Saved to the hard drive, closed and reopened the browser, these cookies remain valid until the set expiration time has passed. Cookies stored on the hard drive can be
Shared between browser processes, such as two IE windows. For cookies stored in memory, different browsers have different processing methods
session mechanism. The session mechanism is a server-side mechanism. The server uses a structure similar to a hash table (or possibly a hash table) to store information.
When a program needs to create a session for a client's request, the server first checks whether the client's request already contains a session identifier
(called session id), if it is included, it means that a session has been created for this client before, and the server retrieves this session according to the session id
Use (cannot be retrieved, a new one will be created), if the client request does not contain a session id, create a session for this client and generate a session related to this session
The associated session id, the value of the session id should be a string that is neither repeated nor easy to find patterns to imitate. This session id will be used in this response.
returned to the client to save. The way to save this session id can use a cookie, so that the browser can automatically send this id to the
server. Generally, the name of this cookie is similar to SEEESIONID. But cookies can be artificially disabled, there must be other mechanisms to prevent cookies from being disabled
Still able to pass the session id back to the server.
A technique that is often used is called URL rewriting, which appends the session id directly to the URL path. There is also a technique called form hidden fields. is the server
The form is automatically modified to add a hidden field so that the session id can be passed back to the server when the form is submitted. For example:
in practice this technique can be simply replaced by applying URL rewriting to the action.
<form name="testform" action="/xxx">
<input type="hidden" name="jsessionid" value="ByOK3vjFD75aPnrF7C2HmdnV6QZcEbzWoWiBYEnLerjQ99zWpBng!-145788764">
<input type="text">
</form>
cookie 和session 的区别:
1、cookie数据存放在客户的浏览器上,session数据放在服务器上。
2、cookie不是很安全,别人可以分析存放在本地的COOKIE并进行COOKIE欺骗
考虑到安全应当使用session。
3、session会在一定时间内保存在服务器上。当访问增多,会比较占用你服务器的性能
考虑到减轻服务器性能方面,应当使用COOKIE。
4、单个cookie保存的数据不能超过4K,很多浏览器都限制一个站点最多保存20个cookie。
5、所以个人建议:
将登陆信息等重要信息存放为SESSION
其他信息如果需要保留,可以放在COOKIE中
原文:http://www.cnblogs.com/shiyangxt/archive/2008/10/07/1305506.html