How to distinguish Cookies from sessions? Differences between Cookies and sessions in javascript

Source: Internet
Author: User
This article mainly introduces the details and differences between Cookies and sessions. For more information, see this article, for more information, see

Cookies and Session details and differences

1. cookie is a text string handle sent to the client's browser and saved on the client's hard disk. It can be used to maintain persistent data between sessions of a WEB site.

2. session refers to the period from when a visitor arrives at a specific homepage to when the visitor leaves. The Session actually uses cookies for information processing. After the user first requests the Session, the server creates a Cookie in the user's browser. When the Session ends, in fact, this Cookie expires.

Note: The Cookie name created for this user is aspsessionid. The only purpose of this Cookie is to provide different identity authentication for each user.
A session is a session. This is similar to talking to a person. How do you know that Michael is talking to you, not James? The other party must have some characteristics (such as appearance) that he is Michael Jacob. Session is similar. The server needs to know who the current request is sent. To make this distinction, the server assigns a different "ID" to each client, and then each time the client sends a request to the server, it carries this "ID ", the server knows who the request comes from. There are many ways for the client to save this "ID". For browser clients, cookie is used by default.

3. Cookies and sessions share the following characteristics: Both cookies and sessions are session methods used to track browser user identities.

4. The difference between cookie and session is that cookie data is stored on the client and session data is stored on the server.

To put it simply, when you log on to a website:

If the web server uses a session, all data is stored on the server.

The client sends the sessionid of the current session each time it requests the server. The server determines the user data flag based on the current sessionid.
To determine whether the user is logged on or has certain permissions. Because the data is stored on the server, you cannot forge it,
However, if you can obtain the sessionid of a logon user, it is successful to forge the user's request with a special browser.
Sessionid is randomly allocated when the server and client are connected. Generally, there are no duplicates. However, if there are a large number of concurrent requests,
It is not a possibility of no repetition.
· If the browser uses cookies, all data is stored on the browser. For example, after you log on to the browser,
The cookie user name is set on the server. When you request the server again, the browser sends the user name to the server,
These variables have special tags. The server will be interpreted as a cookie variable, so as long as the browser is not closed, the cookie variable will always be valid,
So it can ensure that the line is not dropped for a long time. If you can intercept a user's cookie variable and then forge a packet to send it,
The server still thinks you are legal. Therefore, cookie attacks are more likely. If the effective time is set,
The cookie is stored on the client's hard disk. When you access the website again, the browser checks whether there is any cookie,
If yes, read the cookie and send it to the server. If you save a forum cookie on your machine,
The validity period is one year. If someone intrude into your machine, copy your cookie and put it under the directory of his browser,
Then he logs on to the website as you. Therefore, cookies can be forged. Of course, when forging, you must note that,
Directly copy the cookie file to the cookie Directory, which is not recognized by the browser. It has an index. dat file that stores the creation time of the cookie file,
And whether there are any modifications, so you must first have the cookie file of the website and cheat the browser from the effective time.

5. both of them can be used to store private things, and both have validity periods. The difference is that the session is placed on the server. Whether the session expires depends on the setting of the service period, and the cookie exists on the client, in the past, whether or not the cookie was generated can be configured.

(1) cookie data is stored in the client's browser, and session data is stored on the server.
(2) Cookies are not very secure. Others can analyze the local cookies and perform cookie spoofing.
(3) The session will be stored on the server for a certain period of time. When the number of accesses increases, it will occupy the performance of your server. If you primarily consider reducing the server performance, you should use cookies
(4) the limit for a single cookie on the client is 3 K, that is, the COOKIE stored on the client on a site cannot be 3 K.
(5) store important information such as login information as SESSION; store other information in cookies if necessary.

If you need to learn about js, please follow the first PHP community js video tutorial. You can watch many js online video tutorials for free!

How does one differentiate Cookies from sessions? Differences between Cookies and sessions in javascript and detailed details. For more information, see other related articles in the first PHP community!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.