PHP session mechanism and cookie mechanism and the relationship and difference

Session and Cookie are the most commonly used conversational techniques in the project, sessions and cookies are the most frequently asked questions in the interview, and once I went to the interview, the interviewer godless my session with a cookie and always asked (head is big), Here is a summary of some of the differences and links between session and cookie.

Speaking of sessions and cookies, let's talk about what is session technology:

Because the HTTP protocol is a stateless protocol, that is, when a user requests a page and then requests another page, HTTP will not be able to tell us whether the two requests are from the same user, which means we need a mechanism to track and record the activities of the user on the site, This is conversational technology. In short, session technology is the technology that tracks user information. Session technology is also a technology to maintain the data state of multiple requests between the same browser and server, it can easily realize the support of user login, record the user's behavior, and display the corresponding content according to the authorization level and personal preference.

Okay, now that you know what session technology is, then again. session mechanism and Cookie mechanism:

Session and Cookie are the two most commonly used conversational technologies. A cookie is a mechanism by which data is stored on the browser side and used to track and identify users, and sessions are the session mechanism that stores information on the server side.

Cookies mechanism:

In the program, session tracking is a very important thing. In theory, all request actions for one user should belong to the same session, while all request actions for another user should belong to another session. A cookie is a mechanism for recording different user statuses, and Orthodox cookie distribution is implemented by extending the HTTP protocol, which prompts the browser to generate the appropriate cookie by adding a special line of instructions to the HTTP response header. However, purely client-side scripts such as JavaScript or VBScript can also generate Cookie.cookie, which is actually a small piece of textual information, a client requests the server, and if the server needs to log the user state, use response to issue a cookie to the client browser. The client browser will save the cookie. When the browser requests the site again, the browser submits the requested URL together with the cookie to the server. The server checks the cookie to identify the user state. The server can also modify the contents of the cookie as needed. It's easy to see the cookies issued by a website. In the browser address bar type: Javascript:alert (Document.cookie) is available (requires a network to view). The JavaScript script pops up a dialog box that displays the contents of all cookies issued by the site.

The contents of the cookie mainly include: name, value, time, path and domain.

The path is the URL path that follows the domain name, such as/or/foo, and so on.

The combination of the path and the domain name constitutes the scope of the cookie.

If you do not set an expiration time, it means that the cookie's lifetime is the browser session, and the cookie disappears as soon as the browser window is closed.

Cookies during a browser session are referred to as session cookies. Session cookies are generally not stored on the hard disk but are stored in memory, but this behavior is not regulated.

If the expiration time is set, the browser will save the cookie to the hard disk, turn it off and open the browser again, and the cookies remain valid until the set expiration time is exceeded.

Note: The cookie feature requires browser support, and if the browser does not support cookies or if the cookie is disabled, the cookie function will expire.

SESSION mechanism:

Session, is another mechanism to record the state of the customer, the difference is that the cookie is stored in the client browser, and the session is saved on the server. When the client browser accesses the server, the server logs the client information to the server in some way. This is the session. When the client browser accesses it again, it only needs to find the customer's status from that session.

When a program needs to create a session for a client's request, the server first checks to see if a session ID is included in the client's request-called the session ID. If it contains a session The ID indicates that the session was previously created for this client, and the server retrieves the session using the session ID (if it is not retrieved, it may create a new one) if the client request does not include the session ID. Creates a session for this client and generates a session Id,session ID value associated with this session should be a string that is neither duplicated nor easily found to mimic the pattern, this session The ID will be returned to the client in this response to be saved.

This session ID can be saved by using a cookie so that the browser can automatically send the token to the server during the interactive process.

Since cookies can be artificially banned, there must be other mechanisms that can still pass the session ID back to the server when the cookie is banned. Often used in a technique called URL rewriting, is to attach the session ID directly behind the URL path, there are two additional ways, one is as the URL path of additional information, and as a query string appended to the URL, these two ways for the user is no different, Only the server in the resolution of the way the process is different, the first way is also conducive to the session ID information and normal program

PHP session mechanism and cookie mechanism and the relationship and difference