Newbie: What is the difference between session and cookie?

Source: Internet
Author: User
Tags apache log
The following is a detailed analysis of the differences between session and cookie in php. For more information, see

The following is a detailed analysis of the differences between session and cookie in php. For more information, see

Session and cookie areWebsiteTwo common concepts in browsing, server space, are also difficult to distinguish. However, they are in the click stream and user browsing behavior-basedWebsiteThe analysis is critical. Based on the reading of some articles and materials on the Internet and the author's personal application experience, we will give a brief explanation and analysis of these two concepts, hoping to discuss them with you.

The biggest difference between a session and a cookie is that the session is saved in the server's memory, while the cookie is saved in the browser or client file. The session is an access-based process, it records the beginning and end of an access request. When the browser or process is closed, the session disappears, and the cookie is used to identify the user for a long time, it is used to track and identify Unique users (Unique Visitor ).

About session

Session is used to indicate a continuous connection status.WebsiteAccess usually refers to the process from the start to the end of the client browser. The session is actuallyWebsiteThe analyzed access (visits) metric represents an access process.

Session cookie is a common implementation form of session cookie, that is, the cookie with no expiration time is set. The default life cycle of this cookie is the browser session period, as long as the browser window is closed, the cookie disappears. The implementation mechanism is that when a user initiates a request,ServerCheck whether the request contains sessionid. If it does not, the system creates an output cookie named JSESSIONID and returns it to the browser (only in memory, not in the hard disk ), and write it in the form of HashTableServerThe server checks the information that matches the session. If yes, the server directly uses the sessionid, Hong Kong server, if no session exists, a new session is generated. Note that sessions are always created by the server rather than by the browser.

However, after the cookie of the browser is disabled, the session needs to use the URL rewriting mechanism of the get method or the form of submitting a hidden form using the POST method.

Here is a key point of attention, that is, the setting of the session expiration time, which can be viewed in two aspects: browser and server. For the browser side, the session is directly related to the access process. When the browser is closed, the session disappears.ServerThe session expiration time at the end is generally set manually to regularly release memory space and reduceServerGenerally, when the session is not active for 20 or 30 minutes, the session is cleared. Therefore, the session on the browser and server does not disappear at the same time. Hong Kong server, the session interruption does not necessarily mean that the user must leaveWebsite. Currently, Google Analytics and Omniture both define that when there is no action at 30 minutes, the access is counted as an end, so the last step of the session is not just to leave, it may also be static, sleep, or in a daze state.

Note that the current browser tends to share sessions with multiple processes. That is, multiple processes can access the same process through multiple tags or pages.WebsiteWhen a session cookie is shared, it will be cleared only when the browser is closed, that is, you may close the cookie in the tag.WebsiteBut as long as the browser is not closed andServerEnable the client session before it becomes invalid.WebsiteThe original session is used for browsing. Some browsers may also create independent sessions when opening multiple pages. IE8 and Chrome share sessions by default, in IE8, you can choose File> new session in the menu bar to create an independent session browsing page.

Cookie

Cookie is a short text message, along with user requests and pages on the WebServerAnd the browser. Each time a user accesses a site, the Web application can read the information contained in the cookie.

The session implementation mechanism has introduced the common method of using session cookies, cookies generally refer to another type of cookies-persistent cookies ). Persistent cookie refers to the cookie information stored in the client's hard disk (with a certain validity period set ).WebsiteThe browser will findWebsiteThe associated cookie. If the cookie exists, the browser sends it and the page request to your site through the HTTP header information. Then, the system compares the attributes and values in the cookieServerThe information of the client is consistent, and the user is identified as the "Initial visitor" or "old customer" based on the comparison results ".

Persistent cookies generally Save the user ID.ServerGenerate a cookie containing the domain name and related information and place it on the client's hard disk file. Set the cookie expiration time to enable automatic login andWebsiteCustom content.

The mod_usertrack module provided by Apache is available for the first timeWebsiteThis cookie is the first time the user comes to the currentWebsiteAnd a random string. At the same time, adding the % {cookie} n field to the custom WEB log can output the cookie in the apache log for data statistics and User tracking.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.