Cookie and Session details and differences, cookiessession

Cookie and Session details and differences, cookiessession

Cookies and Session details and differences

1. cookie is a text string handle sent to the client's browser and saved on the client's hard disk. It can be used to maintain persistent data between sessions of a WEB site.

2. session refers to the period from when a visitor arrives at a specific homepage to when the visitor leaves. The Session actually uses cookies for information processing. After the user first requests the Session, the server creates a Cookie in the user's browser. When the Session ends, in fact, this Cookie expires.

Note: The Cookie name created for this user is aspsessionid. The only purpose of this Cookie is to provide different identity authentication for each user.
A session is a session. This is similar to talking to a person. How do you know that Michael is talking to you, not James? The other party must have some characteristics (such as appearance) that he is Michael Jacob. Session is similar. The server needs to know who the current request is sent. To make this distinction, the server assigns a different "ID" to each client, and then each time the client sends a request to the server, it carries this "ID ", the server knows who the request comes from. There are many ways for the client to save this "ID". For browser clients, cookie is used by default.

3. Cookies and sessions share the following characteristics: Both cookies and sessions are session methods used to track browser user identities.

4. The difference between cookie and session is that cookie data is stored on the client and session data is stored on the server.

To put it simply, when you log on to a website:

· If the web server uses a session, all data is stored on the server. Each time the client requests the server, it sends the sessionid of the current session, the server determines the user data flag based on the current sessionid to determine whether the user is logged on or has certain permissions. Because the data is stored on the server, you cannot forge it. However, if you can obtain the sessionid of a logon user, using a special browser to forge the user's request is successful. Sessionid is randomly allocated when the server and client are connected. Generally, there are no duplicates. However, if there are a large number of concurrent requests, there is no possibility of repetition. · if the browser uses cookies, all the data is stored in the browser. For example, after you log on to the server and set the cookie user name, when you request the server again, the browser sends a user name to the server. These variables are marked with special characters. The server will be interpreted as a cookie variable, so as long as the browser is not closed, the cookie variable will always be valid, so it can ensure that it remains offline for a long time. If you can intercept a user's cookie variable and then forge a data packet to send it, the server still thinks that you are legal. Therefore, cookie attacks are more likely. If the validity period is set, the cookie is saved on the client's hard disk. When you access the website again, the browser checks whether there is any cookie, read the cookie and send it to the server. If you save a forum cookie on your machine, it will be valid for one year. If someone intrude into your machine, copy your cookie and put it under the directory of his browser, then he logs on to the website as you. Therefore, cookies can be forged. Of course, when forging, you must note that the cookie file is directly copied to the cookie directory, and the browser does not recognize it. It has an index. the dat file stores the creation time of the cookie file and whether the file has been modified. Therefore, you must first have the cookie file of the website and cheat the browser from the validity time.

5. both of them can be used to store private things, and both have validity periods. The difference is that the session is placed on the server. Whether the session expires depends on the setting of the service period, and the cookie exists on the client, in the past, whether or not the cookie was generated can be configured.

(1) cookie data is stored in the client's browser, and session data is stored on the server.
(2) Cookies are not very secure. Others can analyze the local cookies and perform cookie spoofing.
(3) The session will be stored on the server for a certain period of time. When the number of accesses increases, it will occupy the performance of your server. If you primarily consider reducing the server performance, you should use cookies
(4) the limit for a single cookie on the client is 3 K, that is, the COOKIE stored on the client on a site cannot be 3 K.
(5) store important information such as login information as SESSION; store other information in cookies if necessary.

Thank you for reading this article. I hope it will help you. Thank you for your support for this site!