What is the difference between front page--cookie and session?

We always encounter this kind of thing in real life, once we login (first enter user name and password) a website, when we visit again (as long as not close the browser), no need to log in again. When we browse this site for a period of time, it will generate a record of our browsing, and some sites also provide the function of shopping cart. These simple and useful functions are implemented through a cookie and session, and then let's explore how they work.

1. Concept

Cookies

Sometimes the plural forms of cookies are used to refer to the data (usually encrypted) stored on the user's local terminal by certain websites in order to identify the user and track the session.

Session

It is difficult to translate the session directly into Chinese, which is usually translated into time domain. In computer terminology,A session is a time interval between an end user communicating with an interactive system, usually the time elapsed between registering and logging out of the system. And, if necessary, there may be some room for operation.

The specific session in the Web refers to the amount of time that a user has spent browsing a website, from the time it took to access the site, to the site. So from the definition above we can see that the session is actually a specific time concept.

It is important to note that the concept of a session needs to include specific clients, specific server-side, and non-disruptive operating times. A session where the user and the C server are connected when the session is established with the B user and the C server are two different sessions.

2. Difference

1. The cookie data is stored on the client's browser and the session data is placed on the server.
2, the cookie is not very safe, others can analyze the cookie stored in the local and make
3. Session will be saved on the server for a certain period of time. When access is increased, it will be more likely to occupy your server's performance
4, a single cookie limit on the client is 3K, that is, a site in the client store cookies can not be greater than 3 K.

3 operating mechanism

3.1. Cookie mechanism

In the program, session tracking is a very important thing. Theoretically, all request actions for one user should belong to the same session, and all request actions for another user should belong to another session, and they should not be confused. For example, any item that user a buys in a supermarket should be placed in A's shopping cart, regardless of when user a buys it, it belongs to the same session and cannot be placed in User B or User C's shopping cart, which is not part of the same session.

The Web application transmits data using the HTTP protocol. The HTTP protocol is a stateless protocol. Once the data has been exchanged, the client-to-server connection is closed, and exchanging the data again requires establishing a new connection. This means that the server is unable to track the session from the connection. That is, user a purchases a product into the shopping cart, and when the product is re-purchased, the server is unable to determine whether the purchase is a session of user A or User B. To track this session, you must introduce a mechanism.

Cookies are such a mechanism. It can compensate for the lack of HTTP protocol stateless. Before the session, basically all websites use cookies to track conversations.

Because HTTP is a stateless protocol, the server does not know the identity of the client from the network connection. What do we do? Give the client a pass, one per person, who must bring their own pass for whoever accesses it. This allows the server to confirm the identity of the client from the pass. That's how cookies work.

A cookie is actually a small piece of text information. The client requests the server and, if the server needs to log the user state, uses response to issue a cookie to the client browser. The client browser will save the cookie. When the browser requests the site again, the browser submits the requested URL along with the cookie to the server. The server checks the cookie to identify the user state. The server can also modify the contents of the cookie as needed.

3.2 Session mechanism

In addition to using the Cookie,web application, the session is often used to record client status. Session is a server-side use of the mechanism to record client status, the use of more than a cookie is simpler, the corresponding increase the storage pressure of the server.

When the client browser accesses the server, the server logs the client information to the server in some way. This is the session. When the client browser accesses it again, it only needs to find the customer's status from that session.

If the cookie mechanism is to determine the customer's identity by checking the "pass" on the client, then the session mechanism verifies the customer's identity by checking the "customer schedule" on the server. Session is equivalent to a program on the server set up a customer profile, when customers visit only need to query the customer file table on it.

As shown, Zhang San and John Doe visit the site separately, and on the server there will be two SessionID to differentiate the user, while the client will store the corresponding SessionID in the cookie so that we can access the resources we need again.

4 Summary

Here, we have a brief introduction to the cookie and the session, as for the actual application also need to be in the project to understand, for example, how to control their life cycle, expiration and so on. and the session and the cookie are the technologies we have to master, because we often use it for message delivery and validation, and they are also applied to technologies such as permission control and single sign-on. In any case, we should pay attention to this simple and commonly used small skills.

Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.

What is the difference between front page--cookie and session?