Suddenly found yesterday wrote a bunch of knowledge about the cookie and session content of the discussion, but for the difference between the two final but still do not know, they still come up with this one alone go into detail.
For a small application scenarios:
- When a user uses a browser to access support when Cookie Web site, users can provide personal information including user names, including server and submit to
- Next, while the server to the client return a corresponding hypertext personal information will be sent back, of course, such information is not stored in the HTTP response body (Response Body) is, but is stored in the HTTP response header (Response Header )
- When the client browser receives a response from the server, the browser will store the information in a single location
- For Windows operating systems, we can learn from
[系统盘]:\Documents and Settings[用户名]\Cookies目录中找到存储的Cookie
- Since then, the client again when the server sends the request to the appropriate Cookie will be sent back to the server again.
- This time, Cookie request header information is stored (Request Header) in HTTP.
Cookie With this technology, the server after receiving a request from a client browser, the analysis can be stored in a Cookie request header resulting client-specific information to dynamically generate content corresponding to the end customer.
In general, we can see a lot of sites from the login screen in "Remember Me" this option, and then log on later if you check it, the next time you visit the site does not need to be repeated and tedious login the action, and this feature is implemented by Cookie.
note! ! ! !
In the program, session tracking is a very important thing. In theory, a user requests that all operations should belong to the same session, and another user requests for all operations should belong to another conversation, the two can not be confused.
- For example, any user A commodity purchased in a supermarket A shopping cart should be placed, whether it is time to buy what the user A, which belong to the same session, the user can not be placed B or C user's shopping cart it does not belong to the same session.
Man of few words said Figure it!
Then separate out about:
(1) Cookie in a text file stored in your browser, and stored in the session server to limit the amount of data it stores.
(2) cookie storage limit the amount of data, only 4KB, and the session is unlimited
(3) we can easily access the value of the cookie but we can not easily access the session value, so it is more secure
(4) to set the cookie time can make the cookie expire. But using session-destory (), we will destroy the session.
to sum up:
- If we need to frequently log onto a site, preferably with a cookie to store information, or else each landing are particularly troublesome.
- If you need a better effect on the session with the site and the ability to control when data needs high security, of course, we can combine the two, making the site run according to our ideas.
Interested can refer to: https://blog.csdn.net/qq_38560742/article/details/82717167