Explanation of Cookie and Session

Internet 2023-05-04 15:51:53 views: null

1. Cookie (exists on the client side)

  1. In order to record the user status, the server will add a cookie to the response returned to the browser, and the browser will save the cookie. When the browser requests the server again, it will bring the cookie. The server can also modify the content of the cookie as needed
  2. Cookies cannot cross domain names (there is no intercommunication between Google and Baidu). Managed by the browser, distinguished by domain name
  3. Some attributes of cookies can be set (expiration time)
  4. There are two types of cookie invalidation:
          a. Set the expiration time to be invalid (as long as the expiration time is set, the cookie will be stored in the hard disk) b
          . When the session ends, the browser window will be closed (if Expires is not set, the cookie will be stored in memory)

Two, Session (exists on the server side)

  1. In addition to using Cookie, Session is often used in web applications to record client status  
  2. Each user corresponds to a session object, and the server generally stores the session in memory
  3. Although the Session is saved on the server and is transparent to the client, its normal operation still requires the support of the client browser. This is because Session needs to use Cookie as an identification mark. The HTTP protocol is stateless, and the Session cannot judge whether it is the same client based on the HTTP connection, so the server sends a cookie named JSESSIONID to the client browser, and its value is the id of the Session (that is, HttpSession.getId() The return value). Session identifies whether it is the same user based on the cookie   (but it does not have to rely on cookies, there are other ways, such as url rewriting)

Three, the difference between the two

1. The cookie data is stored on the client's browser, and the session data is placed on the server.
2. The cookie is not very secure. Others can analyze the locally stored COOKIE and perform COOKIE deception. Considering security, sessions should be used.
3. Setting the cookie time can make the cookie expire. But using session-destory(), we will destroy the session
4, and the session will be saved on the server for a certain period of time. When the number of visits increases, it will take up more performance of your server. In order to reduce server performance, cookies should be used.
5. The data saved by a single cookie cannot exceed 4K, and many browsers limit a site to save up to 20 cookies. (Session object has no limitation on the amount of stored data, and more complex data types can be stored in it.) The biggest
 difference between the two is the life cycle, one is from IE startup to IE shutdown. (When the browser page is closed, the session disappears. ), one is a preset lifetime, or a file permanently saved locally. (cookie)

 

https://www.cnblogs.com/l199616j/p/11195667.html

https://blog.csdn.net/whl190412/article/details/90024671    (personal feeling, this one is more vivid)

 

Guess you like

Origin blog.csdn.net/CSDN_WHB/article/details/109479479
Recommended
Ranking
SpringBoot-integrate redis
[Sword pointing to offer] Interview question 03: Repeated numbers in an array
Arrangement "Offer Penalty for prove safety" string
Browser prevent the automatic generation of fill and Echo have been saved account solutions
Work hard and never slacken——2022 Yinmai Information Year-End Summary
Install jdk7 on Linux system
App common dependency management tools
EduCoder-Web程序设计基础-html5— 给表单组件添加说明-第1关:label标签相关概念
Machine learning - clustering - density clustering algorithm notes
Ant's large model is exposed, AI+ finance enters the "big model" era
Daily
More
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)

Code World

© 2018 codetd.com