Describes the differences between cookies and sessions in PHP and the usage of cookies and Sessions. cookiesession_PHP tutorial

Source: Internet
Author: User
Tags set cookie
Describes the differences between cookies and sessions in PHP and the usage summary of cookies and sessions. The differences between cookies and sessions in PHP and the usage of cookies and sessions are described in detail. Specifically, cookiesession stores cookies on the "client, session is saved on the "server" coo to explain the differences between cookies and sessions in PHP and the usage summary of cookies and sessions, cookiesession

Specifically, cookies are stored on the "client", while Sessions are stored on the "server ".

Cookie is implemented by extending the http protocol.

Cookies mainly include name, value, Expiration Time, path, and domain;

If the cookie does not set the lifecycle, it is closed by the browser. this cookie is generally stored in memory rather than on the hard disk. if the lifecycle is set, the cookie does not disappear with the browser. these cookies remain valid until the preset expiration time is exceeded.

Session stores information in a form similar to a hash,

When the program needs to create a session for a client request, the server first checks whether the client request contains a session id.

(Called session id). If a session id is included, it indicates that a session has been created for this client. then, the server uses the session id to retrieve the session. (if no session id is found, a new session will be created ), if the client request does not contain the session id, the client creates a session and generates a session id associated with the session. the session id value should be unique, the session id is returned to the client for saving in this response. The cookie can be used to save the session id, so that the browser can automatically send the id to the server according to the rules during the interaction. Generally, the cookie name is similar to SEEESIONID. However, if a cookie can be artificially disabled, there must be other mechanisms so that the session id can still be passed back to the server when the cookie is disabled.

Advantages and disadvantages:

1. cookie data is stored in the client's browser, and session data is stored on the server.

2. cookies are not safe. others can analyze the cookies stored locally and perform cookie spoofing.
Session should be used for security consideration.

3. the session will be stored on the server for a certain period of time. When the number of accesses increases, it will occupy the performance of your server.

COOKIE should be used in consideration of reducing server performance.

4. data stored in a single cookie cannot exceed 4 kB. many browsers limit that a site can store up to 20 cookies.

5. personal suggestions:

Store important information such as login information as SESSION

Other information can be stored in the COOKIE if it needs to be retained.

Session and Cookie usage summary:

Session and cookie are all built-in objects in asp. Net. as for their differences, I will not talk about them here. now I will talk about some useful things:

We know that all websites have a background management system, which has two functions: logon and logout. during logon, we often save user information to session or cookie for later use, so what should we pay attention to when logging on?

1. store some sensitive things in the session. the less sensitive things can be stored in the session or Cookie. for example, the user name is not sensitive, but some browsers do not support cookie usage, so we will save it to the session, but sometimes the session is easy to lose in the server, so we can use it together with the cookie, that is, when the session is lost, if the cookie is still within our set validity period, we can retrieve the value from the Cookie and put it into the session. Therefore, we 'd better use the session and cookie to save the user name and other information at the same time or in the configuration file.

The code is as follows:

To solve the problem of session loss.

2. we hope that the background management will invalidate the session and log on again without any operation. we can use the session. timeout = 5, in minutes, indicates that no other operation is performed within 5 minutes, and the operation is invalid or configured in the configuration file. Yes.

3. set cookie validity period

HttpCookie. Expires = DateTime. Now. AddMinutes (2 );

The cookie is valid for 2 minutes.

4. when determining whether the webpage has the permission to access the webpage, you can perform the following judgment:

If (Request. Cookies ["httpCookie"]! = Null) {Session ["admin"] = Request. cookies ["httpCookie"]. values ["admin"]. toString ();} if (Session ["admin"] = null) {this. clientScript. registerStartupScript (this. getType (), "", "script" alert ('Please repeat the records'); location. href = 'logins. aspx 'script ");}

Next, let's talk about how to do better when you exit.

1. when you exit, the session and Cookie values must be cleared. Here are some differences between the session methods:

Session. clear (): indicates that all session key values are cleared, but the session still exists, which is equal to Session. RemoveAll ()

Session ["admin"] = null: clears and releases the specified key value, which is different from session ["admin"] =, but the session is not released, which is the same as the session. remove ("name ");

Session. Abandon () is to delete the current Session object, and the next Session is the new Session.

The main difference is that when Session. Abandon is used, the Session_End method is called (in InProc mode ). The Session_Start method is triggered when the next request arrives. Session. Clear only clears all data in the Session and does not stop

The Abandon method is used to actively end the Session. if this method is not called, the current Session is automatically ended when the Session times out.

2. let's see how to clear cookies.

A. tpCookie cookie = System. Web. HttpContext. Current. Request. Cookies. Get ("tuser ");

Cookie. Expires = DateTime. Now. AddDays (-1 );
System. Web. HttpContext. Current. Response. Cookies. Add (cookie );

B. tpCookie httpCookie = Request. Cookies ["httpCookie"];

HttpCookie. Expires = DateTime. Now. AddDays (-1 );
Response. Cookies. Add (httpCookie );

Both methods of AB can be used.

3. clear the current value of the session, that is, the Session ["admin"] = null. clear the Cookie as described above.

Suggestions and comments:

1. when exiting, we can create a logout page to write time, which is better

2. when performing any operation, you can use If to determine whether it is null or not, so as to avoid null pointer exceptions.

The above section describes the differences between cookies and sessions in PHP and the usage summary of cookies and Sessions. I hope to help you, if you have any questions, please leave a message and the editor will reply to you in time. Thank you very much for your support for the help House website!

Specifically, the cookie is saved on the "client", and the session is saved on the "server" coo...

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.