Differences between cookie and session

Https://www.cnblogs.com/shiyangxt/articles/1305506.html

Differences between cookie and session

These are basic knowledge, but it is necessary to have a deep understanding. First, let's give a brief introduction.

Definitions:

When you are browsing the website, the web server will first send a small piece of information to your computer, and the cookie will help you with the text or some choices on the website,

All records are recorded. When you visit the same website next time, the web server will first check whether there is any cookie information left by the Web server.

To determine the user and send specific webpage content to you. Cookies are widely used. Many websites that provide personalized services use cookies.

To identify users and send out customized content, such as a free email website using web interfaces, cookie is required.

Specifically, the cookie mechanism adopts the client-side persistence scheme, while the session mechanism adopts the server-side persistence scheme.

At the same time, we also see that because the server-side persistence scheme also needs to save an identifier on the client, the session mechanism may need to rely on the cookie mechanism.

To save the identity, but in fact it has other options.

 

COOKIE Mechanism.

The orthodox cookie distribution is implemented by extending the HTTP protocol, and the server adds a special line of instructions to the HTTP response header to prompt

The browser generates the corresponding cookie as instructed. However, pure client scripts such as JavaScript or VBScript can also generate cookies. Cookie usage

It is automatically sent to the server in the background by the browser according to certain principles. The browser checks all stored cookies. If a cookie is declared to be effective

If the value is greater than or equal to the location of the resource to be requested, the cookie is attached to the HTTP request header of the requested resource and sent to the server.
 
Cookie content mainly includes: name, value, expiration time, path and domain. The path and the domain form the scope of the cookie. If the expiration time is not set,

The life cycle of each cookie is the browser session. When the browser window is closed, the cookie disappears. This cookie is called a session cookie.

Session cookies are generally stored in the memory instead of on the hard disk. Of course, this behavior is not standardized. If the expiration time is set, the browser will set the cookie

Save it to the hard disk, close it, and open the browser again. These cookies are still valid until the specified expiration time is exceeded. Cookies stored on hard disks can be stored in different regions.

The process of the browser is shared, such as two IE Windows. For Cookies stored in the memory, different browsers have different processing methods.

 

 

Session mechanism.

The session mechanism is a server-side mechanism. The server uses a structure similar to a hash (or a hash) to save information.

When the program needs to create a session for a client request, the server first checks whether the client request contains a session ID.

(Called session ID). if it already exists, it indicates that a session has been created for this client before, and the server retrieves the session according to the session ID.

If the client request does not contain the session ID, a session is created for the client and

The associated session ID. The value of the session ID should be a string that is neither duplicated nor easily found to be counterfeited. This session ID will be returned in this response.

. The cookie can be used to save the session ID. In this way, the browser can automatically send the ID

Server. Generally, the cookie name is similar to seeesionid. However, if a cookie can be artificially disabled, other mechanisms must be in place to prevent the cookie from being disabled.

The session ID can still be passed back to the server.

A frequently used technology called URL rewriting is to directly append the session ID to the end of the URL path. Another technique is form hidden fields. Is the server

The form is automatically modified and a hidden field is added so that the session ID can be passed back to the server when the form is submitted. For example:
<Form name = "testform" Action = "/XXX">
<Input type = "hidden" name = "JSESSIONID" value = "byok3vjfd75apnrf7c2hmdnv6qzcebzwowibyenlerjq99zwpbng! -145788764 ">
<Input type = "text">
</Form>
In fact, this technology can be simply replaced by rewriting the URL of the action application.

 

Differences between cookie and Session:

1. Cookie data is stored in the client's browser, and session data is stored on the server.

2. Cookies are not safe. Others can analyze the Cookies stored locally and perform cookie spoofing.
Session should be used for security consideration.

3. The session will be stored on the server for a certain period of time. When the number of accesses increases, it will occupy the performance of your server.
Cookie should be used in consideration of reducing server performance.

4. data stored in a single cookie cannot exceed 4 kb. Many browsers limit that a site can store up to 20 cookies.

5. Personal suggestions:
Store important information such as login information as session
Other information can be stored in the cookie if it needs to be retained.

Differences between cookie and session