Cookie, session, and cache

A. Cookies

A cookie is a set of data that is stored on a client and is used primarily to hold personal information about a user, primarily to store requests for information that the browser requests from the server, which are non-sensitive information. Primarily used when a user accesses your system, the application can retrieve previously stored information.

1, save time can be set according to the need:

1) If the cookie expiration date is not set, its life cycle is saved until the browser is closed;

2) If the Expires attribute of the cookie object is set to MinValue, it will never expire;

2, the amount of data stored by the cookie is limited, most of the browser constraints are about 4KB, so do not store too big data.

3. Key Features of cookies:

1) stored on the client's disk;

2) is a user-related data;

3) Persist storage for a certain period of time;

4) data can be shared across browsers;

5) data needs to be serialized;

6) client and server-side data transfer will occur;

7) user-related;

Second, Session

Session is a server-side storage space maintained by the application server, which is a mechanism for storing contextual information for each user. When the user connects to the server, the server generates a unique SessionID that uses the SessionID as an identifier to access the session storage space on the server side, SessionID the data is stored as a cookie on the client side. When the user submits the page, it submits the SessionID to the server side to access the session data. This process is not necessary for developers to intervene, so once the client-side disable cookie,session theoretically will fail, but the server can also automatically through the URL rewrite to pass the value of SessionID, so it is not entirely dependent on cookies, And this process is transparent to developers.

Therefore, even if you do not write a cookie, the length of the cookie that is removed using the Request.getcookies () method is also 1, and the name of the cookie is jsessionid, and there is a long binary string, which is the value of SessionID.

Note:

Why is there a cookie, as we all know, HTTP is a stateless protocol, every time a customer reads a Web page, the server opens a new session, and the server does not automatically maintain the customer's contextual information, then how to implement the shopping cart in the online store, Session is a mechanism to save context information, it is for each user, the value of the variable is stored on the server side, through the sessionid to distinguish between different customers, the session is based on cookie or URL rewrite, the default use of cookies to achieve, The system creates an output cookie called Jsessionid, which we call Session-cookie to differentiate Persistent-cookie, which is what we typically call a client cookie, Note that Session-cookie is stored in the browser memory, not written to the hard disk, which is the jsessionid we have just seen, we usually do not see jsessionid, but when we disable the browser cookie, The Web server passes SessionID in a URL rewrite, so we can see strings like sessionid=kwjhug6jjm65hs2k6 in the address bar.

Understand the principle, it is easy to tell the difference between Persistent-cookie and Session-cookie, the discussion about the safety of the two is also at a glance, Session-cookie for a session, Session end Session-cookie disappears, and Persistent-cookie is only a piece of text (usually encrypted) that exists on the client's hard disk, and may be subject to cookie spoofing and cross-site scripting attacks against cookies. Nature is less safe than Session-cookie.

Usually Session-cookie can not be used across windows, when you open a new browser window into the same page, the system will give you a new SessionID, so that the purpose of our information sharing is not reached, At this point we can first save the SessionID in the Persistent-cookie, and then read it in a new window, we can get the last window SessionID, This enables cross-window session-tracking (session tracking) through the combination of Session-cookie and Persistent-cookie.

In the Book of web development, it is often just a simple way to send the Session and cookie as two parallel HTTP messages, Session-cookie on the server side, Persistent-cookie on the client, But the session is based on a cookie.

Key features of the session:

1) session is used to keep each user's proprietary information;

2) The lifetime of the session is the user's continuous request time and survival time;

3) session information is stored in the application server memory, the amount of data can be kept large and small;

4) After the user stops using the application, the session remains in memory for a period of time, so this method is less efficient;

5) it performs faster than storing and retrieving information in the database;

6) The session is applied to a single user with its corresponding conversation state. Therefore, it is suitable for storing the common data which changes with the user, or storing the security data about the user;

7) session does not occur client and server-side data transfer;

8) session-related;

9) in the entire lifetime of the session, will not be actively discarded;

10) data is not serialized;

Third, Cache

The cache is stored in the server's memory, allowing you to customize how data items are cached and how long the cache is cached. When the system lacks memory, the cache automatically removes less-used or lower-priority cache entries to free up memory, a process known as cleanup . This is one of the ways in which the cache ensures that outdated data no longer consumes valuable server resources. It is not related to sessions, so it is multi-session shared, so caching can improve system performance. It is also possible to disclose user information, and also to detect if the cache entry exists when data is obtained.

Key features of the cache:

1) The cache is used to save pages or data during HTTP requests;

2) The use of the cache can greatly improve the efficiency of the whole system;

3) Since the use of the cache is to put frequently accessed data in memory, when the user makes the same request, the server does not process it again, but instead directly caches the results back to the user. Therefore, thecache saves the server processing time ;

4) in case of caching with the application, when the application restarts it will recreate its instance;

5) irrelevant to the session;

6) Depending on the status of the server resources, the cache entries may be discarded at any time;

7) data is not serialized;

8) cache does not occur client and server-side data transfer;

Iv. Summary

1, because the session relies on the client cookie (SessionID is stored in the cookie), so the browser does not support cookies, the session will be lost, of course, you can use the session URL rewrite to solve the problem.

2, the cookie is not recommended to store large data (such as the storage of a tabular data, etc.), because the value of the cookie in each Web page request round-trip is to be attached to the HTTP header, if it is too general to occupy the bandwidth between the client and the server side, if more than one connection access is N*4KB, when the user more , it will become one of the bottlenecks.

3, the cache will also occupy the server's memory, but more flexibility than the session, but pay attention to what data needs to be cached, which does not need to cache.

4, for the replacement session with the cache, for a single system, is completely no need to pay attention to anything. For single sign-on, the same account can access several systems. Or on the same computer in different pages to access different systems, that when the cache data is saved, should be based on different system unique identity to save the cache for different system data, to achieve the role of SessionID (of course, there are other implementation scenarios). Otherwise, for previously logged-on systems, the cache is always the last cached data for the system, and when the previous system is refreshed, the last system is always displayed.

5, of course, the session can also not be processed in the form of the cache, because there is a solution like Redis,memacache dedicated to session sharing.

Cookie, session, and cache