Front-end page -- what is the difference between Cookie and Session? cookiesession

Source: Internet
Author: User

Front-end page -- what is the difference between Cookie and Session? cookiesession

In our real life, we always encounter this kind of thing. Once we log on to a website (enter the user name and password for the first time), when we access it again (as long as we do not close the browser ), you do not need to log on again. When we browse this website for a period of time, it will generate our browsing records, and some websites also provide the shopping cart function. These simple and practical functions are implemented through cookies and sessions. Next, let's discuss how they run together.

1. Concepts

Cookie

Sometimes, in the form of Cookies, some websites use Cookies to identify users and track sessions.Data stored on the user's local terminal(Usually encrypted ).

Session

It is difficult to directly translate sessions into Chinese. Generally, sessions are translated into the time domain. In computer terminology,Session refers to the time interval between an end user and the Interaction System. It usually refers to the time between the user's registration and entry into the system and the cancellation and exit of the system.. And, if necessary, there may be some operation space.

Specifically, the Session in the Web refers to the time that the user spends browsing a website from entering the website to closing the website. Therefore, we can see from the above definition that Session is actually a specific concept of time.

It should be noted that the concept of a Session should include the specific client, specific server, and non-interrupted operation time. The Session in which user A establishes A connection with server C is two different sessions when user A establishes A connection with user B and server C.

2. Differences

1. cookie data is stored in the client's browser, and session data is stored on the server.
2. Cookies are not safe. Others can analyze and store the cookies locally.
3. The session will be stored on the server for a certain period of time. When the number of accesses increases, it will occupy the performance of your server.
4. the maximum size of a single cookie on the client is 3 kb. That is to say, the number of cookies that a site stores on the client cannot exceed 3 kb.

3. Operating Mechanism

3.1 Cookie Mechanism

In the program, session tracking is very important. In theory, all request operations of one user should belong to the same session, and all request operations of another user should belong to another session, which cannot be confused. For example, any product purchased by user A in the supermarket should be placed in the shopping cart of user A. No matter when user A buys the product, it belongs to the same session, it cannot be placed in the shopping cart of user B or user C. This does not belong to the same session.

Web Applications Use HTTP to transmit data. HTTP is a stateless protocol. Once the data exchange is complete, the connection between the client and the server is closed, and a new connection is required for data exchange again. This means that the server cannot trace sessions from the connection. That is, when user A buys A product and puts it in the shopping cart, the server cannot determine whether the purchase behavior belongs to user A's session or user B's session when the product is purchased again. To trace this session, you must introduce a mechanism.

Cookie is such a mechanism. It can make up for the stateless problem of HTTP. Before a Session appears, basically all websites use cookies to track sessions.

Because HTTP is a stateless protocol, the server cannot know the customer's identity from the network connection. What should we do? Just give the client a pass. Each person must carry his/her own pass no matter who visits the client. In this way, the server can confirm the customer's identity from the pass. This is how cookies work.

Cookie is actually a short text message. The client requests the server. If the server needs to record the user status, use response to issue a Cookie to the client browser. The client browser saves the Cookie. When the browser requests the website again, the browser submits the requested URL together with the Cookie to the server. The server checks the Cookie to identify the user status. The server can also modify the Cookie content as needed.

3.2 Session mechanism

In addition to cookies, Session is often used in Web applications to record the client status. Session is a mechanism used by the server to record the client status. It is easier to use than Cookie, which increases the Storage pressure on the server.

When the client browser accesses the server, the server records the client information on the server in some form. This is the Session. When the client browser accesses the client again, you only need to find the customer's status from the Session.

If the Cookie Mechanism determines the customer's identity by checking the customer's "pass", the Session mechanism is to check the "customer list" on the server to confirm the customer's identity. Session is equivalent to a client file set up by the Program on the server. When a customer visits the server, they only need to query the client file table.

As shown in, when Zhang and Li Si access the website respectively, two sessionids are generated on the server to differentiate the user, and the corresponding SessionID is stored in the Cookie on the client, so that we can get the resources we need when we access it again.

4. Summary

Here, we will give a brief introduction to cookies and sessions. As for actual applications, we still need to learn about them in projects, such as how to control their lifecycles and validity periods. In addition, session and cookie are the technologies that we must master, because we need to use them frequently for message transmission and verification, and they are also applied to technology such as permission control and single sign-on. In any case, we should pay attention to this simple and commonly used small skill.

Copyright Disclaimer: This article is an original article by the blogger and cannot be reproduced without the permission of the blogger.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.