Discussion on the difference and application scene of Session,cookie,sessionstorage,localstorage

The browser's caching mechanism provides a way to store user data on the client, using Cookie,session to interact with the server.

First, cookies and session

Cookies and sessions are the conversational ways used to track the identity of a browser user.

Difference:

1, maintain status: Cookies stored in the browser side, session saved on the server side

2, the use of the way:

(1) Cookie mechanism: If the expiration time is not set in the browser, the cookie is saved in memory and the lifecycle ends with the browser closing, which is referred to as the session cookie. If the cookie's expiration time is set in the browser, the cookie is saved on the hard disk, and after the browser is closed, the cookie data still exists until the expiration time expires.

Cookies are special information that the server sends to the client, and cookies are stored as text in the client, with it on each request

(2) session mechanism: When the server receives a request to create a session object, it first checks to see if the client request contains SessionID. If there is a SessionID, the server returns the corresponding session object based on that ID. If there is no SessionID in the client request, the server creates a new Session object and returns SessionID to the client in this response. Cookies are usually used to store SessionID to the client, in which browsers send SessionID to the server in accordance with the rules. If the user disables cookies, the URL rewrite can be implemented by Response.encodeurl (URL), and the end of the API to Encodeurl is that when the browser supports cookies, the URL does not do any processing When the browser does not support cookies, the URL will be rewritten to sessionid the access address.

3, storage content: Cookies can only save the string type, in the way of text; The session is saved by a similar and hashtable data structure that supports any type of object (the session can contain multiple objects)

4, the size of the storage: cookies: A single cookie saved data can not exceed the 4kb;session size is not limited.

5, Security: Cookies: For cookies in the presence of attacks: cookie spoofing, Cookie interception, session security is greater than cookies.

The reasons are as follows: (1) SessionID stored in cookies, to break the session first to break the cookie;

(2) SessionID is to have someone login, or start session_start will have, so the attack cookie is not necessarily sessionid;

(3) After the second start of the Session_Start, the previous SessionID is invalid, after the session expires, SessionID also expired.

(4) SessionID is encrypted.

(5) To sum up, it is difficult for an attacker to break the encrypted SessionID in a short time.

6, the application scene:

Cookies: (1) to determine whether the user has logged on to the Web site, so that the next logon can be automatic login (or remember the password). If we delete cookies, each login must be filled with information about the login.

(2) Save the last logon time and other information.

(3) Save the last viewed page

(4) Browse count

Session:session is used to save private information for each user, and the value of the variable is kept on the server side, which distinguishes the customer by SessionID.

(1) Shopping cart in the online mall

(2) Save User login information

(3) Putting some data into session for use by different pages of the same user

(4) Prevent users from illegally logging in

7, Disadvantage: Cookies: (1) Size Limited

(2) The user can manipulate (disable) cookies, so that the function is limited

(3) Low security

(4) Some states cannot be saved on the client.

(5) Every visit to send cookies to the server, wasting bandwidth.

(6) Cookie data has the concept of path (path), you can limit the cookie to belong to only one path.

Session: (1) The more things to save the session, the more occupy the server memory, for users online more than the number of Web sites, the server's memory pressure will be relatively large.

(2) Rely on cookies (SessionID saved in cookies), if cookies are disabled, use URL rewrite, unsafe

(3) Create session variables are very arbitrary, can be invoked at any time, do not require the developer to do the precise processing, so, excessive use of sessions variable will result in code unreadable and difficult to maintain.

Second, WebStorage

The goal of WebStorage is to overcome some of the limitations imposed by cookies, which do not need to be continuously sent back to the server when data needs to be tightly controlled at the client.

WebStorage Two main objectives: (1) provides a path to store session data outside of a cookie. (2) provides a mechanism for storing a large number of data that can exist across sessions.

HTML5 's WebStorage provides two types of api:localstorage (local storage) and Sessionstorage (Session storage).

1, life cycle: Localstorage:localstorage life cycle is permanent, close the page or browser after the Localstorage data will not disappear. Localstorage data will never disappear unless you delete the data voluntarily.

The lifecycle of the sessionstorage is valid only under the current session. Sessionstorage introduces the concept of a "browser window", Sessionstorage is the data that always exists in the same-origin window. As long as the browser window is not closed, the data still exists even if you refresh the page or go to another page of the same origin. However, Sessionstorage will be destroyed when the browser window is closed. At the same time independently open the same window of the same page, Sessionstorage is also different.

2, storage size: Localstorage and sessionstorage storage data size is generally: 5MB

3, storage location: Localstorage and sessionstorage are all stored in the client, do not interact with the server to communicate.

4, storage content type: Localstorage and Sessionstorage can only store string types, for complex objects can be processed using the stringify and parse of JSON objects provided by ECMAScript

5, obtain the way: localstorage:window.localstorage;;sessionstorage:window.sessionstorage;

6, the application scene: Localstoragese: Often used for long-term login (+ to determine whether the user has logged in), suitable for long-term preservation of data in the local. Sessionstorage: A sensitive account login at a one-time;

Advantages of WebStorage:

(1) Larger storage space: The cookie is 4KB, and the WebStorage is 5MB;

(2) Save network traffic: WebStorage will not be transmitted to the server, stored in the local data can be directly obtained, and will not be like cookies as the United States word requests will be sent to the server, so reduce the client and server-side interaction, saving network traffic;

(3) for the kind of data that only needs to be saved while the user is browsing a group of pages and then discarded after the browser is closed, Sessionstorage will be very convenient;

(4) Quick display: Some data is stored on the webstorage, plus the browser itself cache. Fetching data can be obtained locally faster than from the server side, so it is faster;

(5) Security: WebStorage will not be sent to the server with the HTTP header, so security relative to the cookie is relatively high, do not worry about interception, but there is still a forgery problem;

(6) WebStorage provides a number of methods to facilitate data manipulation than cookies;

SetItem (key, value)--Saves the data and stores the information in a key-value pair.

GetItem (key)--Gets the data and passes the key value in to get the corresponding value.

RemoveItem (key)--Deletes individual data and removes the corresponding information based on the key value.

Clear ()--Delete all data

Key--Gets the key of an index

Go from: https://www.cnblogs.com/cencenyue/p/7604651.html