1. cookie和session
The browser's caching mechanism can provide a way to store user data on the client, it can exchange data using the cookie, session and so on with the server.
cookie and session are used to track the user's identity conversational mode browser.
a, hold: the cookie stored in the browser, session stored on the server side.
b, use:
cookie mechanism: If you do not set an expiration event browser, cookie is stored in memory, along with the life cycle of closing the browser and the end of this cookie referred to as the session cookie. If you set an expiration event cookie in the browser, the cookie will be stored on the hard disk, close your browser, cookie data still exists until the expiration event to disappear over. A cookie is a special message sent to the server client, cookie text is stored in the client's way, and carry it in every request.
session mechanism: When the server receives a request need to create a session object, it first checks the client request contains sessionid. If there sessionid, the server returns the corresponding session object based on the id. If the client does not request sessionid, the server creates a new session object and sessionid returned to the client in this response. Usually stored sessionid cookie to the client browser in accordance with the rules sessionid sent to the server in the interaction. If the user disables cookie, will have to use URL rewriting can be achieved by response.encodeURL (url); API to end encodeURL is, when the browser supports cookie, url without any treatment; when the browser does not support the cookie time, will rewrite the URL after the sessionid spliced to access address.
c, the storage size: a single cookie stored data can not exceed 4kb; session is no size limit.
d, the stored content: Cookie only store a string type to textually; the session can support any type of object (session may contain a plurality of objects).
e, Security: Security is greater than the session cookie. For the following reasons:
① sessionid stored in a cookie, you must first break to break the session cookie;
② sessionid to someone logs, or start session_start will have, so to break the cookie may not be able to get sessionid;
After starting session_start ③ second time, before once sessionid is ineffective, the session expires, sessionid also will fail;
④ sessionid is encrypted.
In summary, the attacker must break the encryption sessionID in a short time, it's hard.
f, application scenarios:
cookie:
(1) determine whether the user is logged on the site, so that next time can automatically login (or remember the password) to log.
(2) Last time save login information.
(3) save the last viewed page.
(4) view count.
session:
(1) online store in the shopping cart.
(2) to save the user login information.
(3) into the session certain data, for different pages of the same user.
(4) to prevent users from unauthorized access.
g, Disadvantages:
cookie:
(1) size is limited.
(2) the user can operate the (disabled) cookie, the limited functionality.
(3) less secure.
(4) Some state can not save the client.
(5) every access to the server sends a cookie, wasting bandwidth.
(6) cookie concept of data path (path), you can limit the cookie belongs only under certain path.
session:
(1) The more session to save something, the more server memory footprint for greater number of users online site, server memory pressure will be relatively large.
(2) dependent on the cookie (sessionID stored in the cookie), if the cookie is disabled, will have to use URL rewriting, unsafe.
(3) create session variables have a very large randomness, can be called at any time, developers do not need precise handling, so, over the degree of use of session variable amount will be code unreadable and poor maintenance.
2. Web Storage
Web Storage and similar concepts cookie, except that it is designed for greater storage capacity, the size of the cookie is limited, and each request a new page when the cookie will be sent in the past, so that virtually wasted bandwidth In addition cookie also need to specify the scope, not cross-domain calls.
In addition, Web Storage has setItem, getItem, removeItem, clear methods, unlike the cookie front-end developers need their own package setCookie, getCookie, with a certain complexity.
Web Storage of advantages as follows:
(1) greater storage space: cookie is 4KB, and WebStorage is 5MB;
(2) to save network traffic: Web Storage will not be sent to the server, the data is stored locally can be directly obtained, it will not like the cookie as each request will be sent to the server, reducing the client and server interaction, saving Network traffic;
(3) that only needs to keep a user during browsing a set of pages and can be discarded after closing the browser data, sessionStorage very convenient;
(4) fast display: On the Web Storage, coupled with the browser's cache itself and some data storage. Can be acquired, the acquisition is faster than the faster from the server obtaining data from the local time;
(5) Safety: Web Storage With HTTP header will not be sent to the server, the security phase for the cookie, it is rather higher, do not worry intercepted, but there are still counterfeiting problem;
(6) Web Storage provides methods, data manipulation convenient than Cookie;
setItem (key, value) - save data, in a manner of storing key information.
getItem (key) - data acquisition, will pass the key, to obtain the value corresponding to the value.
removeItem (key) - delete individual data, according to key information corresponding to remove.
clear () - delete all the data.
key (index) - Gets a key index.
The HTML5 Web Storage provides two API: localStorage (local storage) and sessionStorage (session storage).
3. localStorage and sessionStorage difference
a, life cycle:
localStorage life cycle is permanent, after closing the page or browser data in localStorage will not disappear. localStorage unless the initiative to remove data, otherwise the data will never disappear.
sessionStorage life cycle is only valid in the current session. sessionStorage introduces the concept of a "browser window", sessionStorage is homologous window is always present in the data. As long as the browser window is not closed, even if refresh the page or go to another page homology, the data still exists. But sessionStorage will be destroyed after you close the browser window. Meanwhile a separate window open with the same page, sessionStorage is not the same.
b, the storage size: a storage data size sessionStorage localStorage and are generally: 5MB.
C, the storage location: localStorage sessionStorage and are stored in the client, to communicate with the server do not interact.
d, the stored content type: localStorage sessionStorage and only store string type, can be used for complex objects and parse JSON stringify ECMAScript object to provide a process.
e、获取方式:localStorage:window.localStorage; ;sessionStorage:window.sessionStorage; 。
f, application scenarios: localStoragese: commonly used in long-term Log (+ determine whether the user is logged in), suitable for long-term preservation of data locally. sessionStorage: sensitive account one-time login.