About function Cookie, session, storage summary

A. Cookies

1. Cookies: Records the client and server-side interaction information.
The cookie specification defines the format, lifetime, scope, and security of server and client interaction information.
This information can be read or set through Document.cookie in JavaScript. Because cookies are used to communicate between the client and the server, the server language (such as PHP) can access cookies in addition to JavaScript.

2. Cookies store data on the remote browser and use it to track and identify the user's mechanism. in implementation, a cookie is a small piece of data stored on the client that the browser (that is, the client) interacts with through the HTTP protocol and server-side cookies. Cookies are limited in size, and each cookie cannot hold more than 4kb of data, and if the cookie string is longer than 4KB, the property returns an empty string.

3. Cookies are implemented and managed by the browser.

4, the cookie itself has "Comment", "Domain", "Max-age", "Path", "Secure", "Version", the specific use of the way reference JavaScript operation Cookie.

The Comment property is a cookie that produces a description of the cookie;

The Domain property defines the domains that can access the cookie, and for some large sites, you can use this property if you want the cookie to be shared in a subsite. For example, if you set domain to. bigsite.com, both sub1.bigsite.com and sub2.bigsite.com can access cookies that have been saved to the client, and you need to set the path to/.

The max-age property defines the effective time of the cookie, in seconds, and when the expiration is exceeded, the cookie information is not sent from the client to the server in the HTTP message header.

The Path property defines the paths to pages on a Web site that can access cookies, which, by default, are the path where the cookie is generated, at which point the cookie can be accessed by a page under that path and its sub-path, and the path can be set to/, Enables cookies to be accessed by all pages under the site.

The secure property value defines the security of the cookie, which must be true when the cookie is sent to the server from the client attached in the HTTP message, and the cookie is not sent at HTTP. When secure is false, the cookie,secure default is False when the HTTP status is passed.

The Version property defines the edition of the cookie, defined by the creator of the cookie.

5. Use of cookies:
The information to be logged is created by the server side and then passed to the client, which is removed from the HTTP message by the client and saved on the native disk. When the client accesses the server side again, the original saved information is read from the local disk, attached to the HTTP message to the server side, the server side reads the information from the HTTP message, and further processing according to the actual application requirements.

6, because the cookie information is stored in the text file in plaintext, for some sensitive information such as password, bank account number if you want to save in a local cookie file, it is best to use encrypted form.

Second, the session detailed

1, the session is called back, refers to a continuous, two-way connection. There is no difference between session and cookie in nature, it is a mechanism to keep the session connection between client and server for the limitation of HTTP protocol. The session is also a common standard, but the implementation differs in different languages. For Web sites, a session refers to a conversation that occurs when a user browses a Web site, from the time they enter the website to the browser to close the period. the session is actually a specific time concept .
2, session is through SessionID Judge client user, that is, the file name of the session file. SessionID is actually transmitted between the client and the server via HTTP Request and HTTP response. SessionID is generated according to a certain algorithm and must be included in the HTTP Request to ensure uniqueness and randomness to ensure the security of the session. If the Session's build cycle is not set, the SessionID is stored in memory, the ID is automatically unregistered after the browser is closed, and a SessionID is re-registered when the page is re-requested. If the client is not disabled Cookie,cookie plays the role of storing SessionID and session lifetimes when initiating a session reply. After the session expires, PHP will recycle it.

Third, the difference between the session and the cookie:

1. Session on server side, cookie on client (browser)
2. session exists in a file in the server (default), not memory
3, the session's run depends on the session ID, and the session ID is in the cookie, that is, if the browser disables the cookie, and the session will also expire (of course, can also be passed in the URL)
4, session can be placed in the file, database, or memory can be.
5, the user authentication this kind of occasion will usually use the session therefore, the core of maintaining a session is the client's unique identity, that is, session ID
6, session if occupy too much memory will give server service can cause a certain burden. Limited data saved by cookies
7. The session holds the object, and the cookie holds the key-value pair of the string type.
explain：
Because the HTTP protocol is a stateless protocol, so the server needs to record the state of the user, it is necessary to use a mechanism to identify specific users, This mechanism is the session. Typical scenarios such as shopping cart, when you click on the button, because the HTTP protocol stateless, so do not know which user operation, so the server to the specific user to create a specific session, used to identify the user, and tracking users, so that the shopping cart has a few books. This session is stored on the server side and has a unique identity.There are many ways to save the session on the server, such as memory, database, and file. Cluster time also to consider the transfer of the session, in large-scale website, there will be a dedicated session server cluster, used to save user sessions, this time the session information is placed in memory, using some caching services such as memcached to put the session.
Think about it.How the server identifies a particular customer？ This timeCookiesOn the debut. Each time the HTTP request is sent, the client sends the appropriate cookie information to the server. In fact, most of the applications are using cookies to achieve session tracking, the first time the session is created, the server will be in the HTTP protocol to tell the client, you need to record a session ID in the cookie, each request to send this session ID to the servers , I'll know who you are. Someone asked, what if the client's browser disables cookies? In this case, a technique called URL rewriting is used for session tracking, that is, each HTTP interaction, after which a parameter such as SID=XXXXX is appended to the URL, and the server identifies the user accordingly.
Cookies can also be used in a number of user-friendly scenarios, imagine that you have landed a website, the next time you log in and do not want to enter the account again, how to do? This information can be written into the cookie, visit the site, the Site page script can read this information, automatically help you to fill out the user name, to facilitate the user. This is also the origin of the name of the cookie, to the user a little sweetness. So, summarize: session is a data structure stored on the server, used to track the user's state, the data can be stored in the cluster, database, file; a cookie is a mechanism by which a client keeps a user's information, which is used to record a user's information and is a way to implement a session.

Iv. Web Storage

Web Storage is to save data on the client, HTML5 provides a new way to store data on the client, in two ways: Localstorage and sessionstorage, and using it to establish a database locally on the client. The content stored in the server-side database can be stored directly on the client side, which greatly reduces the burden on the server and speeds up the data access.
1, Localstorage: Data is saved permanently. Save the data in a hardware device (hard disk or other hardware device) that is local to the client, even if the browser is turned off. The scope of the localstorage is limited to the document source level, and the data between different document sources cannot be read and modified, while the same document source is available. However, different browsers do not share storage, which means that the data you save in the Chorme browser is inaccessible in Firefox, even if they are the same document source.
2, Sessionstorage: temporary storage of data. The data is stored in the session object. The time to store is the time it takes to close the page from the page to the browser. Sessionstorage scope is also limited to the document source level, not only that, it is also limited to the tab page, the same page of different tabs have their own sessionstorage, the data can not be shared. If there are two IFRAME elements in a page, they are shared sessionstorage.