Details of the differences between cookies and sessions in PHP and summary of cookie and session usage, cookiesession_php tutorial

Explain the differences between cookies and sessions in PHP and summary of cookie and session usage, cookiesession

Specifically, the cookie is stored in the "client", and the session is stored on the "server"

Cookies are implemented by extending the HTTP protocol

Cookies mainly include: name, value, expiration time, path and domain;

If the cookie does not set a lifecycle, it is closed with the browser turned off, and the cookie is typically stored in memory instead of on the hard disk. If the lifecycle is set, instead of disappearing with the browser closing, these cookies remain valid until the set expiration time expires.

Session a hash table-like form of saving information,

When a program needs to create a session for a client's request, the server first checks to see if a session ID is included in the client's request.

(referred to as session ID), if it is already included, it indicates that the session was previously created for this client, and the server retrieves the session using the session ID (not retrieved, creates a new one), if the client request does not include the session ID, Creates a session for this client and generates a session Id,session ID value associated with this session should be a string that is neither duplicated nor easily found to mimic the pattern, this session The ID will be returned to the client in this response to be saved. This session ID can be saved by using a cookie so that the browser can automatically send the tag to the server in the interactive process. Generally the name of this cookie is similar to Seeesionid. However, a cookie can be artificially banned, and there must be other mechanisms that can still pass the session ID back to the server when the cookie is banned.

Advantages and Disadvantages

1. The cookie data is stored on the client's browser and the session data is placed on the server.

2, the cookie is not very safe, others can analyze the cookie stored in the local and cookie deception
Consider that security should use the session.

3. Session will be saved on the server for a certain period of time. When access is increased, it will be more likely to occupy your server's performance

The cookie should be used in consideration of mitigating server performance.

4, a single cookie can not save more than 4K of data, many browsers restrict a site to save up to 20 cookies.

5, so personal advice:

Storing important information such as login information as session

Additional information can be placed in a cookie if it needs to be retained

Summary of Session and cookie usage:

The session and the cookie are all built-in objects in ASP. As for what the difference is, here is not much to say, now say something more practical:

We know that the site has a background management system, which has login and exit two features, when logged in we tend to save the user's information to the session or cookie for later use, then we should pay attention to when logging on?

1, put some sensitive things into the session, the less sensitive things can exist in the session or cookie, such as user name is not too sensitive, but in some browsers do not support the use of cookies, so we will put it into the session, But the session sometimes in the server is easy to lose, so we can use together with the cookie, that is, when the session is lost, if the cookie is still within the validity period we set, we can again remove the value from the cookie into the session, So we'd better use session and cookie to save the username and other information or in the configuration file

Copy the Code code as follows:

To solve the problem of missing session can also

2, we hope that the background management in the case of how long no operation, let the session fail, re-login, you can use session.timeout=5, in minutes, indicating no other operation within 5 minutes, it will fail, or in the configuration file configuration can also

3. Setting of the cookie expiration date

Httpcookie.expires = DateTime.Now.AddMinutes (2);

The cookie is valid for 2 minutes

4, the page to determine whether there is permission to access the page, you can judge as follows:

if (request.cookies["HttpCookie"]! = null) {session["admin"] = request.cookies["HttpCookie"]. values["Admin"]. ToString ();} if (session["admin"] = = null) {this. Clientscript.registerstartupscript (this. GetType (), "", "" ");

The following is a good way to say what to do when you exit.

1, exit the session and the value of the cookie should be emptied, now to briefly talk about the difference between the several methods of the session:

Session.clear (): Indicates that the key value of all sessions in the session is emptied, but session still exists, equal to Session.removeall ()

session["Admin"]=null: The value of the key will be set to empty, and released, and session["admin"]= "" not the same, it emptied, but the session does not release, equal to the session. Remove ("name");

Session.Abandon () is to delete the current session object, the next time is the new session.

The main difference is that when Session.Abandon is used, the Session_End method is called (in InProc mode). The Session_Start method is fired when the next request arrives. And Session.clear just clears all the data in the session and does not abort the

Session, and therefore does not invoke those methods, the Abandon method is used to actively end the session, and if the method is not called, the current session is automatically ended when the session times out.

2, below to see how to clear cookies

A, Tpcookie cookie = System.Web.HttpContext.Current.Request.Cookies.Get ("Tuser");

Cookies. Expires = DateTime.Now.AddDays (-1);
SYSTEM.WEB.HTTPCONTEXT.CURRENT.RESPONSE.COOKIES.ADD (cookie);

B, Tpcookie HttpCookie = request.cookies["HttpCookie"];

Httpcookie.expires = DateTime.Now.AddDays (-1);
RESPONSE.COOKIES.ADD (HttpCookie);

AB two methods are available

3, so the session clears the current value can be session["admin"]=null on it, the cookie in accordance with the above method can be cleared

Suggestions and comments:

1, in the exit when we can create a logout page to write time, so better

2, regardless of what operation, can use if to determine whether the case is empty, as far as possible to judge, to prevent the occurrence of null pointer anomalies

The above is a small series to introduce you to the details of the cookie in PHP and the session of the difference between the cookie and the session usage summary of the relevant knowledge, I hope that we have some help, if you have any questions please give me a message, small series will promptly reply to you. Thank you very much for the support of our website!

http://www.bkjia.com/PHPjc/1136664.html www.bkjia.com true http://www.bkjia.com/PHPjc/1136664.html techarticle explain the difference between the cookie and session in PHP and the cookie and session usage summary, cookiesession Specifically, the cookie is stored in the "client", and the session is saved on the "service side" of the COO ...

