Problem: the difference between the COOKIE and SESSION?
1, cookie data is stored on the customer's browser, session data on the server.
2, cookie is not very safe, people can analyze stored locally COOKIE COOKIE cheat and
take into account security should use the session.
3, cookie sent to the client is a browser handles text string, and saved on the client hard disk that can be used during a session lasting WEB SITE maintain data.
4, session will be stored on the server within a certain period of time. When accessing the increase would be more take up the performance of your server
take into account mitigating server performance, you should use COOKIE.
5, a single cookie stored data can not exceed 4K, many browsers are limited to a maximum of 20 sites saved cookie.
6, session actually refers to the visitors reach a certain page from that time to leave until. Session Cookie is actually using the information processing, when the user first was a request, the server creates a Cookie on the user's browser, when the end of this Session, in fact, means that the Cookie will expire.
Note: Cookie name for this user-created is aspsessionid. Cookie sole purpose of this is to provide different authentication for each user.
7, cookie and session have in common is: cookie and session are used to track the user's identity conversational mode browser.
Detailed session
1, Session and when failure?
a. server will no longer active Session removed from the server's memory, this time Session will fail.
b. call Session of the invalidate method.
2, Session browser requirements:
While Session stored in the server, the client is transparent, it still needs to support the normal operation of the client browser. This is because the Session Cookie is required as identification. HTTP protocol is stateless, Session not based on whether the HTTP connection is determined for the same client, the server sends a so called Cookie JSESSIONID to the client browser, its value is the Session id (i.e. HttpSession.getId () The return value). According to the Session Cookie to identify whether the same user.
The Cookie is a server automatically generated, it is generally -1 maxAge property, showing only valid within the current browser, and each browser is not shared between windows, the browser will fail to close. Therefore, when the same machine two browser windows to access the server, generates two different Session. Except by the new window opens the link, such as script in the browser window (that is not a double-click on the desktop browser icon and other open window). Such sub-window will share parent window of the Cookie, and therefore share a Session.
Note: The newly opened browser window will generate a new Session, but the child except for the window. Child window will share the parent window Session. For example, right-click on the link, when the shortcut menu, select "Open in New Window" sub-window can access Session of the parent window.
If the client browser Cookie feature is disabled, or does not support Cookie how to do? For example, most mobile browsers do not support Cookie. Java Web offers another solution: URL address rewriting.
URL address rewriting is a client does not support Cookie solutions. URL address rewriting principle is to rewrite the user id information Session of the URL address. Server parses the rewritten URL to obtain the Session id. So even if the client does not support Cookie, Session can also be used to record the user's status. HttpServletResponse class provides encodeURL (String url) to achieve the URL rewriting, which will automatically determine whether the client supports Cookie. If the client supports Cookie, URL will be output intact. If the client does not support Cookie, will rewrite the user Session of the id to the URL.
Note: TOMCAT determine whether the client browser supports Cookie is based on whether the request contains Cookie. Although clients may support Cookie, Cookie, but it will not carry any of the first request (because there are no Cookie can carry), the URL address rewrite will still be with jsessionid. When the server has written a second visit in the browser Cookie, so the URL address will not be rewriting with the jsessionid.
Detailed Cookie
Cookie is always stored in the client, according to the storage location in the client can be divided into memory and hard drive Cookie Cookie.
Memory Cookie maintained by the browser, stored in memory, disappeared after the browser is closed, its existence time is short. Cookie hard disk in the hard disk, there is an expiration time, unless the user manually clean up or to the expiration time, Cookie hard disk is not deleted, its lifespan is long-term. So, by the existence of time, can be divided into non-persistent and persistent Cookie Cookie.
1, uses
Because the HTTP protocol is stateless, that server does not know what to do once on the user, which seriously hamper the realization of interactive Web applications. In a typical online shopping scenario, a user browse a few pages, bought a box of biscuits and two bottles of drink. The final checkout, due to the stateless nature of HTTP, not by means of an additional server in the end user does not know what to buy. So Cookie is used to bypass one of the stateless nature of "additional means" HTTP's. Cookies server can be set or read the information contained in, whereby the maintenance status of the user with the server session.
In just shopping scene, when the user buy the first item of goods, while the server sends the page to the user, but also send some Cookie, record TV drama information items of merchandise. When a user visits another page, the browser will Cookie sent to the server, so the server knows what he was before the purchase. Users continue to buy drinks, adding a new server product information in the original Cookie in that period. Checkout, the server reads the Cookie sent on the line.
Cookie Another typical application is when logging a site, the site often asks the user to enter a user name and password, and the user can check the "automatic login next time." If checked, the next time you visit the same Web site, users will find not enter a user name and password has been logged. This is because when the single sign-on before, the server sends the login credentials include (some form of encrypted user name plus password) of the Cookie to the user's hard disk. The second time login (if the Cookie has not expired) the browser will send the Cookie, server authentication credentials, so do not have to enter a user name and password to let users log in.
2, Cookie defects
a. cookie will be added to each of the HTTP request, so virtually increase the flow.
B. Since the cookie in the HTTP request is passed in clear text, it is a problem of security. (Unless the use of HTTPS)
c. Cookie size limit of about 4KB. For complex storage requirements it is not enough. [2]
3, and disable the use of Cookies
Users can change the settings of your browser to use or disable Cookies. Meanwhile, some browsers built or installed Developer Toolkit allows users to view, modify or delete information Cookies particular website.
4, recognition
If you install more than one browser on one computer, each browser will be in a separate room to store cookie. Because the cookie can not only confirm the user, but also includes information about the computer and browser, so a user logs in with a different browser or use a different computer to log in, you will get a different cookie information, on the other hand, for the same computer use the same browser on multi-user group, cookie does not distinguish between who they are, unless they use a different username.
5, privacy, security and advertising
Cookies in a way that has seriously endanger user privacy and security. One of them is: some of the company's senior staff for some purposes (such as market research) and visited the site have never been (found by the search engine), and these sites contain something called web bugs picture, the picture clear, and only one pixel size (to hide), their role is to all computers accessed this page is written cookie. Then, e-commerce site will read the cookie information, and writes these sites to find the cookie, then send spam contains ads for related products this site to these officers.
6, Cookies alternatives
Given the limitations of the cookie and opponents of the sound, we have the following alternatives:
-
Brownie program is an open-source project, initiated by SourceForge. Brownie was shared access to different domains, and the cookies were conceived to access a single domain. The program has stopped development.
-
P3P, to allow users to get more control over the privacy rights agreement. While browsing the site, which is similar to cookie.
-
When the data transfer to the server by adding a unique query string after the address, the server to identify whether a legitimate user, but also avoid the use of cookie.
● interview summary: GC-related
● What phantom read that phantom reads what is the problem?
● Why did you leave the company?
● a text to read high-performance MySQL optimization techniques practice