A, cookie and session
cookie and session are used to track the user's identity conversational mode browser.
the difference:
1. Keep status: cookie stored in the client; session stored on the server.
2. Use way: cookie mechanism: the need to set the expiration time, otherwise it will disappear as you close your browser;
session mechanism: no need to set the expiration time, the server will create a session if there is a new session object according to the judgment, and usually with a cookie store session to the client. When the server receives a request need to create a session object, it first checks the client request contains sessionid. If there sessionid, the server returns the corresponding session object based on the id. If the client does not request sessionid, the server creates a new session object and sessionid returned to the client in this response. Usually stored sessionid cookie to the client browser in accordance with the rules sessionid sent to the server in the interaction. If the user disables cookie, you will have to use URL rewriting can be achieved by response.encodeURL (url); API to end encodeURL is, when the browser supports Cookie, url without any treatment; when the browser does not support Cookie time, will rewrite the URL after the SessionID spliced to access address.
3. stored content: cookie and a string of text can be stored only; the session to support any type of object, by a procedure similar to the data structure reported Hashtable memory.
4. Storage Size:
5. Security: session security is greater than the cookie
6. scenarios:
cookie: (1) determine whether the user landed website to enable automatic login next time (or remember the password) to log. If we delete the cookie, you have to log in every time to fill in the relevant information from the new login.
(2) Last time save login information.
(3) save the last viewed page
(4) view count
session: Session-specific information stored for each user, the values of the variables stored in the server, to distinguish between different customers SessionID.
(1) Online Shopping Mall in cart
(2) to save the user login information
(3) into the session certain data, for different pages using the same user
(4) to prevent users from unauthorized access
7. The two disadvantages:
cookie ( temporary storage ) :( 1) may be deleted, is disabled;
( 2 ) security is not high, stored as plain text, such as the need to store the password encryption process;
(3) size is limited, the capacity 5kb, equivalent to 5000 letters;
(4) different browsers do not communicate, cookie different domains do not share;
(5) every time cookie to be passed to the server, a waste of bandwidth;
( 6 ) the concept cookie data path (path), you can limit the cookie belongs only under certain path.
session: The more (1) Session save something, the more server memory footprint for large numbers of users online site, server memory pressure will be relatively large;
(2) dependent on the cookie (sessionID saved in cookie), if you disable cookie, you will have to use URL rewriting, unsafe;
(3) create a Session variable has a lot of randomness, can be called at any time, developers do not need precise handling, so that the excessive use of session variables will result in the code unreadable and poor maintenance.
Two, webStorage:
webStorage localStorage points (local storage) and the sessionStorage (session storage);
Difference between the two:
localStorage (local storage): long-term, permanent storage, shared homologous windows, different browsers do not share;
sessionStorage(会话存储):临时存储,同源窗口不共享,不同浏览器不共享,关闭浏览器消失。
相同点:
1.存储大小相同:一般都是5Mb
2.存储位置相同:客户端
3.存储内容类型:字符串类型
4.获取方式:window.localStorage;window.sessionStorage
优点:
1.存储空间更大:cookie为4KB,而WebStorage是5MB;
2.节省网络流量:WebStorage不会传送到服务器,存储在本地的数据可以直接获取,也不会像cookie一样将请求都会传送到服务器,所以减少了客户端和服务器端的交互,节省了网络流量;
3.快速显示:有的数据存储在WebStorage上,再加上浏览器本身的缓存。获取数据时可以从本地获取会比从服务器端获取快得多,所以速度更快;
4.安全性:WebStorage不会随着HTTP header发送到服务器端,所以安全性相对于cookie来说比较高一些,不会担心截获,但是仍然存在伪造问题;
5.对于那种只需要在用户浏览一组页面期间保存而关闭浏览器后就可以丢弃的数据,sessionStorage会非常方便;
6.WebStorage提供了一些方法,数据操作比cookie方便;
setItem (key, value) —— 保存数据,以键值对的方式储存信息。
getItem (key) —— 获取数据,将键值传入,即可获取到对应的value值。
removeItem (key) —— 删除单个数据。
clear () —— 删除所有的数据
key (index) —— 获取某个索引的key
session:Session用于保存每个用户的专用信息,变量的值保存在服务器端,通过SessionID来区分不同的客户。
(1)网上商城中的购物车
(2)保存用户登录信息
(3)将某些数据放入session中,供同一用户的不同页面使用
(4)防止用户非法登录
7.两者的缺点:
cookie(临时存储):(1)可能被删除,被禁用;
(2)安全性不高,纯文本形式存储,如存储密码则需加密处理;
(3)大小受限,容量5kb,相当于5000个英文字母;
(4)不同浏览器不相通,不同域中的cookie不共享;
(5)每次都需传递cookie给服务器,浪费带宽;
(6)cookie数据有路径(path)的概念,可以限制cookie只属于某个路径下。
session:(1)Session保存的东西越多,就越占用服务器内存,对于用户在线人数较多的网站,服务器的内存压力会比较大;
(2)依赖于cookie(sessionID保存在cookie),如果禁用cookie,则要使用URL重写,不安全;
(3)创建Session变量有很大的随意性,可随时调用,不需要开发者做精确地处理,所以,过度使用session变量将会导致代码不可读而且不好维护。
二、webStorage:
webStorage分localStorage(本地存储)和sessionStorage(会话存储);
两者区别:
localStorage(本地存储):长期,永久存储,同源窗口共享,不同浏览器不共享;
sessionStorage(会话存储):临时存储,同源窗口不共享,不同浏览器不共享,关闭浏览器消失。
相同点:
1.存储大小相同:一般都是5Mb
2.存储位置相同:客户端
3.存储内容类型:字符串类型
4.获取方式:window.localStorage;window.sessionStorage
优点:
1.存储空间更大:cookie为4KB,而WebStorage是5MB;
2.节省网络流量:WebStorage不会传送到服务器,存储在本地的数据可以直接获取,也不会像cookie一样将请求都会传送到服务器,所以减少了客户端和服务器端的交互,节省了网络流量;
3.快速显示:有的数据存储在WebStorage上,再加上浏览器本身的缓存。获取数据时可以从本地获取会比从服务器端获取快得多,所以速度更快;
4.安全性:WebStorage不会随着HTTP header发送到服务器端,所以安全性相对于cookie来说比较高一些,不会担心截获,但是仍然存在伪造问题;
5.对于那种只需要在用户浏览一组页面期间保存而关闭浏览器后就可以丢弃的数据,sessionStorage会非常方便;
6.WebStorage提供了一些方法,数据操作比cookie方便;
setItem (key, value) —— 保存数据,以键值对的方式储存信息。
getItem (key) —— 获取数据,将键值传入,即可获取到对应的value值。
removeItem (key) —— 删除单个数据。
clear () —— 删除所有的数据
key (index) —— 获取某个索引的key