Cookie and Session recognition

Cookie Concept:(1) Specifically, the cookie mechanism is a scheme for maintaining state on the client.        It is the memory mechanism of the session state at the client side, and he needs the user to open the cookie support for the clients. (2) Cookies are some of the data (usually encrypted) that some Web sites store in the user's local terminal in order to identify the user, and are sent to the same server with each request.      The Web server sends cookies to the client using HTTP headers, and at the client terminal, the browser resolves the cookies and saves them as a local file (a. txt suffix), which automatically binds any requests to the same server to the cookies. (3) Cookies are generated by the server side, sent to the browser, the browser will save the cookie Key/value to a directory in a text file, the next time the same Web site to send the cookie to the server (if the browser is set to enable cookies).
How cookies are generated:(1) The Orthodox cookie distribution is implemented by extending the HTTP protocol, and the server prompts the browser to follow the instructions to generate the appropriate cookie by adding a special line of instructions to the HTTP response header. (2) Pure client script such as JavaScript can also generate cookies. And the use of cookies by the browser in accordance with certain principles in the background automatically sent to the server.
The role of cookies:(1) The role of cookies is to solve the HTTP protocol stateless defects made efforts. (2) for session tracking.

Application of Cookies:The server can use cookies to contain information about the arbitrary nature to filter and regularly maintain this information to determine the status in the HTTP transmission. The most typical use of cookies is to determine whether registered users have logged on to the site, users may be prompted, whether the next time to enter this site to retain user information to simplify the login procedures, these are the function of cookies. Another important application is the "shopping cart" process. Users may select different items on different pages of the same Web site for a period of time, and the information will be written to cookies to extract information at the final payment.
Application of Advanced cookies:For example, you check a flight schedule at an airline site that may have created a cookie that contains your travel plans, or it may only record a Web page that you have visited on the site, and when you visit it, the site adjusts the contents of the display according to your situation. Put the content you are interested in the forefront. This is an advanced cookie application.
life cycle of cookies:The cookie is given a expire value when it is generated, which is the lifetime of the cookie, in which the cookie is valid and the cookie is cleared out of the cycle. Some pages set the life cycle of a cookie to "0" or negative, so that when the browser is closed, the cookie is purged and the user information is not logged.
the recognition function of cookies:If you install multiple browsers on a single computer, each browser will store cookies in its own separate space. Because cookies can not only confirm users, but also contain information about computers and browsers, a user who logs on with a different browser or logs on with a different computer will get different cookie information, on the other hand, for a multiuser group that uses the same browser on the same computer, Cookies do not differentiate their identities unless they are logged in with a different username.
the flaw of the cookie:Easy to recruit attack, easy to be other malicious users to obtain cookie information and cause information leaks.

the concept of session:(1) The session mechanism is a server-side mechanism in which the server uses a structure similar to a hash table (or perhaps a hash table) to hold the information. (2) When a program needs to create a session for a client's request, the server first checks whether the client's request already contains a session ID (called a session ID.), and if included, indicates that a session has previously been created for this client.      The server retrieves the session by its sessions ID (not retrieved and creates a new one). (3) If the client request does not contain a session ID, a session is created for this client and a value that generates a session Id,session ID associated with this session should be a string that does not duplicate and is not easily found to mimic. This session ID will be returned to the client for saving in this response.
how the session is generated:The session is for each user, the value of the variable is saved on the server, with a sessionid to distinguish which user sessions variable, which is returned to the server through the user's browser, when the client disables cookies, This value may also be set to be returned to the server by get.
the role of the session:Identify each user and set up a SessionID for each user for session tracking.
the defect of session:Session is kept on the server side, each user will produce a session. If concurrent access to a very large number of users, will produce a lot of session, consuming a lot of memory. Thus, like Google, Baidu, Sina, such as the high number of concurrent access to the site, is unlikely to use the session to track customer conversations. Cookies are kept on the client and do not occupy server resources. Cookies are a good choice if you read a lot of concurrent users. Cookies may be the only option for Google, Baidu, and Sina.
the difference between a cookie and a session:(1) Cookies are saved on the client and session is saved on the server side. (2) When the concurrent volume is very large, because the session is saved on the server side will consume a lot of memory.      Cookies are stored locally and do not consume server resources. (3) Cookies are not very safe, other people can analyze the cookies stored locally and cookies spoofing, considering that security should use session
How do I choose to use a cookie or session:The login information and other important information stored in the session (not easy to leak), other information if necessary to keep, can be placed in a cookie (when the amount of concurrency does not cause server memory overflow).