Cookie and Session concept and differences

Others 2019-06-18 09:40:28 views: null

Cookie

I. Overview

HTTP protocol is stateless , in order to allow the HTTP protocol as simple as possible so that it can handle a large number of transactions. HTTP Cookie introduced to save state information.

Cookie is sent to the user's browser and the server locally saved a small piece of data, it will be launched again after the browser to be carried on the same server request, used to tell the server whether two requests from the same browser.

Because after each request will need to carry Cookie data, and therefore will bring additional performance overhead (especially in a mobile environment).

Second, the main purpose

  • Session tracking (such as user login status, cart, game scores or other information to be recorded)
  • Browser behavior tracking (such as tracking user behavior analysis, etc.)

Third, create a way

After the completion of the client to the server sends an HTTP request, the server may comprise Set-Cookie header field of the HTTP response message fed back by the client to obtain the response packet to the browser stored in the Cookie.

HTTP response message is as follows

HTTP/1.0 200 OK
Content-type: text/html
Set-Cookie: user_id=1
Set-Cookie: user_name=kobe
Set-Cookie: role_type=1

When after the client sends a request to the same server, it will remove the Cookie information from the browser to the server and transmitted via Cookie request header field.

Conduct HTTP request packet again follows

GET /index.html HTTP/1.1
Host: www.test.com
Cookie: user_id=1; user_name=kobe;role_type=1

Fourth, the classification

  • SESSION Cookie: after the browser is closed it will be automatically deleted, which means that it is only valid during the session.
  • Persistent Cookie: Specifies the expiration time (Expires) or after the validity period (max-age) has become a persistent Cookie.

If not set an expiration time, then the lifetime of the cookie for the duration of the browser session, close the browser window, cookie disappears. Session cookie is generally not stored on the hard but kept in memory, of course, such behavior is not the norm prescribed.

If you set an expiration time, the browser cookie will be saved to your hard drive, open the browser again after closing, these cookie remain valid until the expiration time exceeds the set. cookie stored on the hard disk can be shared between different processes browsers.

As shown below, this is a persistent Cookie, the expiration time for the evening of 10 June 2019 6:30.

Set-Cookie: user_id=1; Expires=Mon, 10 Jun 2019 18:30:00 GMT;

V. Scope

Path Properties

Path identifier which specifies the path of the host can accept cookies (URL path must be present in the request URL). Character% x2F ( "/") as the path separator, the sub-path will be matched. For example, set Path = / docs, then the following addresses will match:

  • /docs
  • / Docs / Web /
  • /docs/Web/HTTP

Domain Properties

Domain logo specifies which hosts can accept Cookie. If not specified, the default is the current host of the document (does not include sub-domain). If the Domain specified, typically contain subdomain. For example, if you set the Domain = test.org , also included in the Cookie subdomain (e.g. abcd.test.org ).

Session

I. Overview

Session recording is another mechanism of customer status, except Cookie is stored in the client browser, and Session saved on the server.

The client browser access to the server, the server to the client information recorded on the server in some form. This is the Session. Just look for the Session of the client when the client browser access again from the state on it.

Session can be stored on the server file, database or memory of. Can also be stored in the Session Redis this memory database, the efficiency will be higher.

Second, the creation and use of the Session

Take the most common use of Session maintain user logged example

  • When users log in, the user submits the form that contains the user name and password into the HTTP request packet;
  • The server verifies the user name and password ( this time have not created the Session ), if the right ( this time to create Session, ID get the Session ) put the user information stored in the Redis, which Key in Redis is called Session ID;
  • The server returns a response packet Set-Cookie header field contains the ID that the Session , the client receives a response packet after the Cookie values are stored in the browser ;
  • After the client will contain the Cookie value when a request to the same server , then the server receives the extracted ID the Session , the user information extracted from the Redis, before continuing business operations.

Third, disabled cookie

If the client is disabled Cookie, usually there are two ways to achieve without relying Session Cookie.

  • URL rewriting techniques, the Session ID is passed as a parameter the URL.
  • Use hidden form fields. The server will automatically modify the form, add a hidden field to enable the Session ID is passed back to the server when the form is submitted.
<form name="testform" action="/xxx"> 
<input type="hidden" name="sessionid" value="ByOK3vjFD75aPcg!-145788764"> 
<input type="text"> 
</form>

Four, Cookie and Session relationship diagram

Here Insert Picture Description
Photos from the network, tort please contact me. . . . . . . .

Comparison of Cookie and Session

  1. Cookie can only store an ASCII string, and Session can store any type of data, and therefore in consideration of the complexity of the data when the preferred Session ;
  2. Cookie stored in the browser, it is easy to be malicious view. Session of choice when considering security . If you have some private data exists in the Cookie, Cookie value can be encrypted and then decrypt the server;
  3. For large sites, if the user all the information is stored in Session , then the cost is very large , and therefore is not recommended for all users information stored in the Session.
  4. Single Cookie saved data can not exceed 4K, many browsers are limited to one site to save up to 20 Cookie, and Session does not matter.

Guess you like

Origin blog.csdn.net/u013568373/article/details/91391127
Recommended
Open signature electronic signature: stop new additions, optimize experience, and make progress (work before the May Day holiday)
Kaiyuan Daily | Open source front-end animation engine for middle school students; the world’s first Llama3 8B Chinese version open source model; Lenovo Computer may be out of business; Linus satirizes AI hype
Ranking
Fast data acquisition card in the acquisition and analysis of radar signals in Application Notes
Simple understanding of regular expressions
Wannafly Challenge 15 C "a team" (Josephus kind of problem)
[Self-study] Using python for data analysis LESSON6 <Introduction to pandas——Introduction to pandas data structure 2>
RAID implementations 116.211.146.88
2020 strongest dubbo face questions + Answer: architectural design services + + framework design cluster configuration
Introduction to GPS time
DOTween download address for each version
Deep learning and computer vision practical learning (0) - basic tools, NVIDIA driver and CUDA installation
[NOIP2012 Improvement Group] Borrow classroom
Daily
More
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)
2024-04-17(31)
2024-04-16(23)
2024-04-15(5)
2024-04-14(0)
2024-04-13(18)

Code World

© 2018 codetd.com