Differences between session and cookies in. net and their usage

First, we will introduce some simple usage methods.:
Assign COOKIES Copy codeThe Code is as follows: Response. Cookies ["uid"]. Value = "20 ";
Response. Cookies ["LoginCode"]. Value = "58469 ";

The preceding two COOKIE variables are assigned two different values. How can we control the cookie validity period when using COOKIES? See the following:Copy codeThe Code is as follows: Response. Cookies ["uid"]. Expires = DateTime. Now. AddDays (1 );
Response. Cookies ["LoginCode"]. Expires = DateTime. Now. AddDays (1 );

The above is the validity period of the two variables for one day, of course, is also a few hours, the method is as follows:Copy codeThe Code is as follows: Response. Cookies ["LoginCode"]. Expires = DateTime. Now. AddHours (1 );

This is valid for 1 hour. The same method can be used for several minutes, several seconds, and so on.
How can we obtain the values of these COOKIES? Note that when a cookie is not assigned a value, an error occurs when you call it. Therefore, before calling the cookie, we usually determine whether the cookie exists. The method is as follows:Copy codeThe Code is as follows: if (Request. Cookies ["uid"]! = Null)
{
String ruid = Request. Cookies ["uid"]. Value;
}

Unique Assignment Method in. NET:Copy codeThe Code is as follows: System. Web. HttpCookie user_cookies_id = new HttpCookie ("uid ");
User_cookies_id.Value = "20 ";
User_cookies_id.Expires = DateTime. Now. AddDays (1 );
Response. AppendCookie (user_cookies_id );
--------------------------------
HttpCooKie acookie = new Httpcookie ("lastvisitcounter ");
Acookie. value = lastvisitcounter. ToString ();
Acookie. Expires = DateTime. MaxValue;
Response. Cookie. Add (acookie );
If (Request. Cookies ["lastvisitcounter"] = null)
{
Textbox1.text = "1 ";
}
Else
{
HttpCookie acookie = request. Cookies ["lastvisitcounter"];
Textbox1.text = server. HtmiEncode (acookie. value );
}

Session usage
Session ("username") = "aa" Write
Username = session ("username") read
Session refers to a user's access to a website within a period of time.
The Session Object corresponds to the HttpSessionState class in. NET, which indicates the "Session state" and can save information related to the current user Session.
The Session object is used to store the information required by a user to access a specific aspx page from the moment the user leaves. When you switch the page of an application, the variables of the Session object are not cleared.

For a Web Application, the content of the Application object accessed by all users is identical, while the content of the Session object accessed by different users is different.

Session can save the variable. This variable can only be used by one user. That is to say, each browser has its own Session object variable, that is, the Session object is unique.
(1) Add new items to the session Status
Syntax format:
Session ("key name") = value or Session. Add ("key name", value)
(2) obtain the value in the session status by name
Syntax format: Variable = Session ("key name") or variable = Session. Item ("key name ")
(3) deleting items in the session Status set
Syntax format: Session. Remove ("key name ")
(4) Clear all values in the session Status
Syntax format: Session. RemoveAll () or Session. Clear ()
(5) cancel the current session
Syntax format: Session. Abandon ()
(6) set the timeout period of the session Status, in minutes.
Syntax format: Session. TimeOut = Value
The Global. asax file has two events applied to the Session object.
Event Name Description
Session_Start is triggered when the session is started.
Session_End is triggered at the end of the session

Session and cookies in. net

Session, also known as Session status, is the most common status in the Web system and is used to maintain information related to the current browser instance. HTTP is a stateless protocol. This means that the Web server processes each HTTP request on the page as an independent request. The server does not retain any information about the variable values used in the previous request process. ASP. NET session Status identifies requests from the same browser within a limited time range as a session. When each user establishes a connection with this WWW server for the first time, he creates a Session with the server, and the server automatically assigns a SessionID to identify the user.

For example, we can put the username of the logged-on user in the Session, so that we can determine whether the user is logged on by judging a Key in the Session. If the user is logged on, the username is the same.

Cookies
Cookie is a short text message that is transmitted between the web server and the browser along with user requests. Each time a user accesses a site,
Web applications can read information contained in cookies.

Assume that when a user requests a page of your website, your application not only returns the requested page. Returns a date that contains the specified date.
And time cookie. The user's browser also obtains the cookie while obtaining the page, and the cookie is saved in the cookie folder of the client.

Specify the cookie name and the value to be saved. Multiple cookie names can be created, but each cookie name must be unique for future value recognition. (Cookies are stored by name. To create two cookies with the same name, the last cookie will overwrite the previous one .) At the same time, you can specify the expiration date and time for the cookie. The cookie is written to the user's hard disk and may remain on the disk all the time. Therefore, specify the cookie expiration date and time. When a user visits the site next time, the browser will first check all the cookies on your site. If a cookie has expired, the browser will not send the cookie to the server along with the page request, but delete it.

Differences between cookie and session:
1. cookie data is stored in the client's browser, and session data is stored on the server.
2. Cookies are not safe. Others can analyze the Cookies stored locally and perform cookie spoofing.
Session should be used for security consideration
3. The session will be stored on the server for a certain period of time. When the number of accesses increases, it will occupy the performance of your server.
COOKIE should be used in consideration of reducing server performance
4. the maximum size of a single cookie on the client is 3 kb. That is to say, a website cannot store 3 kb of cookies on the client.