The difference between Cookie and Session - the latest interview condensed version in 2023

Enterprise 2023-08-01 22:04:11 views: null

The difference between Cookie and Session

Principle: Look at Jwt and Token from the "login" process, and distinguish the concept of Cookie and Session

interview:

        OK, interviewer. Let me first explain Cookie, which is a mechanism used by client browsers to save server-side data. When accessing a web page through a browser, the server can write some state data into the cookie in the form of key-value and store it in the client browser. Then when the client accesses the server next time, it can carry these state data and send it to the server, and the server can identify the user according to the content carried in the cookie. Session represents a session, which is a container object belonging to the server. By default, it is for each browser request. Servlet container will allocate a Session. Session is essentially a ConcurrentHashMap that can store some state data generated by the current session. We all know that the Http protocol itself is a stateless protocol, that is, the server does not know that the multiple requests sent by the client belong to the same user. So Session is used to make up for the lack of statelessness of Http. Simply put, the server can use session to store multiple request records of the client in the same session. Based on the session storage mechanism of the server and combined with the cookie mechanism of the client, the stateful Http protocol can be realized.

         When the client accesses the server for the first time, the server will create a session for this request and generate a unique sessionId to mark this session. Then the server writes the sessionid into the cookie of the client browser to save the client state. In the subsequent requests, the sessionid will be carried every time, and the server can identify the current session state according to the sessionid.

         So, in general, Cookie is the storage mechanism of the client, and Session is the storage mechanism of the server. The two are used in combination to achieve session state storage, and the above is my understanding of this issue.

Expansion: Then please talk about the difference between token, cookie and session

  1. Token:

    A token is a credential used for authentication and authorization, usually in the form of a string. After the client authenticates, the server issues a token to the client to identify and verify the client's identity. A token usually contains information about the user's identity, permissions, and expiration date, and is stored in the client's memory or storage medium. In each request, the client needs to include the token in the request header or request parameters and send it to the server for authentication and authorization.

  2. Cookie:

    A cookie is a small text file stored on a client (usually a browser). The server can send one or more cookies to the client through the Set-Cookie header in the HTTP response. The client sends the cookie back to the server in subsequent requests by including it in the request header. Cookies can be used to record the user's session state, track user behavior or store user preferences, etc. Cookies can be set to expire and can be session cookies (expire after closing the browser) or persistent cookies (expire after a period of time).

  3. Session:

    A session is a server-side mechanism for tracking user state. When a user is authenticated, the server creates a unique session for it and sends the session ID to the client. Clients typically use cookies or URL rewriting to transmit the session ID on subsequent requests. The server uses the session ID to identify and manage the user's state and data to ensure a continuous user experience. Session data is usually stored in the server's memory or in a database and remains valid for a certain period of time. Unlike tokens, session data is managed by the server, and the client only stores the session ID.

Summarize:

  • A token is a string of credentials used for authentication and authorization, saved by the client and sent to the server with each request.

  • A cookie is a text file stored on the client to track user status and store user-related information.

  • A session is a server-side mechanism for tracking user status, and a session ID is used to communicate between the client and the server.

        It should be noted that in actual applications, tokens, cookies, and sessions are often used at the same time. For example, tokens can be used for authentication to confirm the user's identity and permissions, and then sessions can be used to maintain the user's state and data to Provide a more personalized user experience or implement specific business logic.

Guess you like

Origin blog.csdn.net/weixin_49171365/article/details/130470455
Recommended
Ranking
Linux关机和重启详解(shutdown、halt、poweroff、reboot、init)
Netty work notes 0007---NIO's three core component relationships
Knife4j tutorial
2021.10.29,内容:什么时候用接口和抽象类
How to solve the problem that changing the memory frequency causes the computer to become unusable?
SpringMVC Tutorial - Controller
linux learning skills -Linux 25 transport Vega paid special privileges and facl extension
Financial quarterly report evaluation report data automatic generation 1.0
Agile Development Series - The Values of Agile Development
scrapy achieve browsercookie Middleware
Daily
More
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)

Code World

© 2018 codetd.com