cookie
cookie used to store user information web page, typically the maximum capacity of 4k. Its role is to solve the "how to record the client's user information", text files stored in the form of key-value pairs in the computer's. When a browser requests a web page from the server, cookie belonging to the page will be added to the request of them.
Use document.cookie = "key = value" form creation
- expires as time expired
- maxAge is a relatively long time after the expiration of the cookie
(不设置这两个选项时会产生 session cookie,session cookie 是 transient 的,当用户关闭浏览器时,就被清除。一般用来保存 session 的 session_id) - path for the cookie path, the default belongs to the current page
- secure: secure value when true, cookie in the HTTP is invalid, valid in the HTTPS
- Browser does not allow script to change the operation document.cookie cookie. This should be set to true in general, to avoid being xss attack got cookie
session
Record client state mechanism, within a certain time saved on the server, there is no size limit. session in the process of realization of the need to use cookie.
Implementation process
- The server generates a globally unique identifier session_id;
- Open this session_id corresponding data stored in the server memory space;
- The session_id as a globally unique identifier to the client through the Cookie;
- Session_id will be sent to the server via a cookie request header when the client access server again later;
- The server then this identifier extracted by the data server session_id
- If the client's browser to disable the Cookie how to do? Usually this case, URL rewriting techniques will be called using the session tracking, i.e. each HTTP interaction, URL will be attached on the back
localStorage
For large amounts of data (maximum 5M) stored in the browser, save the data will not fail forever expire, unless cleared by js manually. Generally used for performance optimization, you can save the image, js, css, html templates, large amounts of data. localStorage key-value pair is always stored as a string.