What is the function and difference between session and Cookie, how to store session information and how to traverse it?

Source: Internet
Author: User

The definition of both:
When you are browsing the website, the Web server will send a small piece of information on your computer, and the Cookie will help you to make the text or some choices on the website.
are recorded. The next time you visit the same website, the Web server will first see if it has the last cookie information, and if so, it will be based on the cookie
Content to determine the user, send out specific Web content to you. The use of cookies is widespread, and many websites that provide personalized services are using cookies
To identify users, to facilitate the delivery of user-tailored content, such as the Web interface of the free email site, all use cookies.

In particular, the cookie mechanism uses a scheme that maintains state on the client, while the session mechanism uses a scenario that maintains state on the server side.
At the same time, we also see that the session mechanism may need to use a cookie mechanism because the server-side-hold scenario requires the client to save an identity.
To achieve the purpose of saving the identity, but in fact it has other options.
Cookie mechanism. Orthodox cookie distribution is implemented by extending the HTTP protocol, which prompts the server by adding a line of special instructions to the HTTP response header
The browser generates the appropriate cookie as instructed. However, purely client-side scripts such as JavaScript or VBScript can also generate cookies. And the use of cookies
is automatically sent to the server in the background by the browser in accordance with certain principles. The browser checks all stored cookies if a cookie declares a scope
is greater than or equal to the location of the resource being requested, the cookie is appended to the server on the HTTP request header of the requesting resource.

The contents of the cookie mainly include: name, value, expiration time, path and domain. The path together with the domain constitutes the scope of the cookie. If you do not set an expiration time, this indicates that the
The lifetime of a cookie is a browser session, and the cookie disappears when you close the browser window. This cookie, which is the lifetime of the browser session, is referred to as a session cookie.
Session cookies are generally not stored on the hard disk but are kept in memory, although this behavior is not regulated. If the expiration time is set, the browser will place the cookie
Save to the hard disk, turn off the browser again, and these cookies remain valid until the set expiration time is exceeded. Cookies stored on the hard disk can be used in different
Browser process, such as two IE windows. For cookies stored in memory, different browsers have different ways of handling them.
Session mechanism. The session mechanism is a server-side mechanism that uses a hash-like structure (or perhaps a hash table) to hold information.
When a program needs to create a session for a client's request, the server first checks to see if a session ID is included in the client's request.
(referred to as session ID), if it is already included, it indicates that the session was previously created for this client, and the server retrieves the session according to the session ID.
If the client request does not contain a session ID, a session is created for the client and a corresponding session is generated
The value of the associated session Id,session ID should be a string that is neither duplicated nor easy to be found to mimic the pattern, and the session ID will be in this response
Back to the client to save. This session ID can be saved by using a cookie so that the browser can automatically send the tag to the
Server. Generally the name of this cookie is similar to Seeesionid. However, a cookie can be artificially banned, and there must be other mechanisms in order for the cookie to be banned
The session ID can still be passed back to the server.
A technique that is often used is called URL rewriting, which attaches the session ID directly behind the URL path. There is also a technique called form-hidden fields. is the server
The form is automatically modified to add a hidden field so that the session ID can be passed back to the server when the form is submitted. Like what:
<form name= "Testform" action= "/xxx" >
<input type= "hidden" name= "Jsessionid" value= "byok3vjfd75apnrf7c2hmdnv6qzcebzwowibyenlerjq99zwpbng!-145788764" >
<input type= "Text" >
</form>
In fact, this technique can be replaced simply by applying URL rewriting to the action.
The difference between a cookie and a session:
1. The cookie data is stored on the client's browser and the session data is placed on the server.
2, the cookie is not very safe, others can analyze the cookie stored in the local and cookie deception
Consider that security should use the session.
3. Session will be saved on the server for a certain period of time. When access is increased, it will be more likely to occupy your server's performance
The cookie should be used in consideration of mitigating server performance.
4, a single cookie can not save more than 4K of data, many browsers restrict a site to save up to 20 cookies.

What is the function and difference between session and Cookie, how to store session information and how to traverse it?

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.