What Cookie that?
cookie said bluntly point is a key value stored in the user's browser to, for example, you are logged in Jingdong Mall, after you close the browser, you then open Jingdong, you can still continue to operate on your account has been purchased, all orders can be seen, this is the cookie played a role. Then why are you again opened, directly are already logged in, and how the server Jingdong is to know that you have logged which, in fact, cookie played a role, that is, when you log in Jingdong your browser is set up cookie, when you log in to your account password it wrote inside your browser's cookie, the next time you open the Jingdong time, it will default to your browser cookie inside, that is, your account password will be sent to Jingdong server, this is the case, Jingdong know you've logged in, so you then open jd when the state is already logged in, and I remember a lot of sites above 30 days does not require login cookie is used, also said earlier cookie the existence of local, if you clean up your browser's cookie, the cookie is no, you're not logged in the state.
Session is what?
She says the cookie, mentioned the session cookie certainly not less, what it is session, said bluntly, is a key stored on the server side of right. As an example, or Jingdong, login time has the account password is written inside a cookie, let's go Jingdong open the page, the browser will automatically Jingdong this site following cookie sent to the server Jingdong, that is cookie which kept things account password sent to the server Jingdong, that hair gone, Jingdong server will definitely have to verify it, you send the account password right, or else you know who the account, you just fake a cookie sent directly Jingdong it can operate the account of others, it is unsafe. How to do it, the server will also hold a key-value pair is not on the list, then you send the cookie over time, and I saved it as the key to not ok, this is the session, it is actually stored in the a key service side of the right.
Some people may ask, that your account password are certainly exist inside the database, no need to session ah, cookie sent me, I found inside the database directly from the user's account password to compare just fine, so be it, but I want to say you're too young, if you want to open a website, there are a lot of pages to verify your login status, verify that every time you have logged in to operate the database, we the computer knows when processing data, the data fetch are started by the hard disk into memory and then inside the RAM give cpu, cpu to process (see figure below), the CPU processing speed is very fast, as like a rocket, the speed of memory access speeds as high as iron, and hard disk read speed just like regular cars, and the data inside the database are present on the hard drive, every time I go check it from the account password take data inside the database, and that the efficiency is very low. General session are cached inside, because the need is quite common, to enhance performance, seesion directly into memory inside, this way, then, take the time to check the data directly in memory inside, very quickly, as some cache database , redis, memcached these data are stored directly into memory inside.
