Cookie is actually a short text message. Client requests the server if the server requires the user to record the state, issued a response on the use of Cookie to the client browser. Cookie client browser will be saved. When a browser requests that site again, the browser URL along with the request submitted with the Cookie to the server. The server checks the Cookie, in order to identify user state. The server can also modify the contents of Cookie needed. cookie is stored in the server browser of a small portion of data (strings only, and does not exceed 4kb), after the browser every time I visit this server cookie will be carry over.
Session is another mechanism for recording customer status, except Cookie is stored in the client browser, and Session saved on the server. The client browser access to the server, the server to the client information recorded on the server in some form. This is the Session. Just look for the Session of the client when the client browser access again from the state on it.
If the Cookie mechanism to determine the identity of the customer by checking the customer who "pass", then Session mechanism is used to confirm the identity of customers through "customer list" to check on the server. Session equivalent program created on the server of a customer files, customer visit when the customer files only need to query the table on it.
Q: The difference request.getSession (true) and request.getSession (false) of?
request.getSession (true): If the session exists, the session returned, otherwise a new session.
request.getSession (false): If there is a session the session is returned, otherwise returns NULL
HttpServletRequest.getSession (to true) equivalent to HttpServletRequest.getSession () HttpServletRequest.getSession (false) is equivalent to: if the current Session will not be null
cookie and session difference:
1, cookie data is stored on the customer's browser, session data on the server.
2, cookie is not very safe, people can analyze stored locally COOKIE COOKIE cheat and safety should take into account the use of session.
3, session will be stored on the server within a certain period of time. When accessing the increase will compare the performance of your server footprint, taking into account mitigating server performance, you should use COOKIE.
4, a single cookie stored data can not exceed 4K, many browsers are limited to a maximum of 20 sites saved cookie.
5, so personal recommendations: the login information and other important information is stored as SESSION additional information if necessary, it can be placed in the COOKIE.