Table of contents
1. Difference between cookie and session (required for interview)
different storage locations
cookies are stored on the client side,
session is saved on the server
different access methods
Cookies can only store ASCII strings. If you need to access Unicode characters or binary data, you need to encode them first.
A session can access any type of data
different security
The cookie is stored in the browser and is visible to the client. Some programs on the client may spy, copy or even modify the content of the cookie.
The session is stored on the server, which is transparent to the client, and there is no risk of sensitive information leakage.
2. Introduction to cookies
HTTP is a request and response based, stateless, application layer protocol.
Stateless: The server does not know what the user did last, which severely hinders the implementation of interactive web applications.
Cookie: The data stored on the user's local terminal by the website in order to identify the user's identity. The cookie is generated by the server and sent to the client (usually the browser).
Cookies are always saved in the client, and can be divided into memory cookies and hard disk cookies according to the storage location in the client.
The memory cookie is maintained by the browser and stored in the memory. It disappears after the browser is closed, and its existence time is short-lived.
The hard disk cookie is stored in the hard disk and has an expiration time. Unless the user manually cleans it or the expiration time is reached, the hard disk cookie will not be deleted, and it can last for a long time.
3. The role of cookies
The fundamental function of cookies is to store some information about the user's visit to the website on the client side.
1. Remember the password and log in automatically next time.
2. Shopping cart function.
3. Record user browsing data and recommend products (ads).
4. Defects of Cookie:
1. Cookie will be attached to each HTTP request, so the traffic will be increased invisibly.
2. Since the cookie in the HTTP request is transmitted in clear text, security is a problem. (unless using HTTPS)
3. The size of cookies is limited to about 4KB. Not enough for complex storage needs.
5. How Cookies Work
1. Create cookies
When a user browses a website, the website server generates a unique identification code (cookie id), which is generally a session-level cookie by default, which is stored in the browser's memory, puts the cookie into the HTTP response header, and inserts the cookie into a Set-Cookie HTTP response header. middle.
2. Set the storage cookie
After receiving the response message, the browser generates a corresponding cookie according to the special instructions of Set-Cookie in the message, and saves it on the client side. This cookie records the current information of the user.
3. Send cookies
When the user visits the website again, the browser first checks all the stored cookies. If there is a cookie of a certain website, the cookie is attached to the HTTP request header of the requested resource and sent to the server.
4. Read cookies
After the server receives the user's HTTP request message, it obtains the user's cookie from the header of the message, and finds what it needs from it.
6. Session Introduction
Session represents a session between the server and the browser. This process is continuous or intermittent. Session is a server-side mechanism, Session object is used to store the information required for a specific user session.
Session is generated by the server and stored in the server's memory, cache, hard disk or database.
7.Session role
The fundamental role of Session is to store some information about user and server sessions on the server side.
1. Determine whether the user is logged in
2. Shopping cart function
8. How Session works
When a user accesses a server, if the server enables Session, the server will create a Session for the user, instead of generating a Session related to this Session, the Session ID is a unique and non-repeating string, and this Session will be stored in the In this response, it is returned to the client to save, and it is the cookie that saves the Session ID, so that the browser can automatically send this ID to the server according to the rules during the interaction process.