Newbie: What is the difference between session and cookie?

The following is a detailed analysis of the differences between session and cookie in php. new users must refer to session and cookie, which are common concepts in website browsing, it is also difficult to distinguish two concepts, but they are quite critical in clickstream and website analysis based on user browsing behavior. Based on the reading of some articles and materials on the Internet and the author's personal application experience, we will give a brief explanation and analysis of these two concepts, hoping to discuss them with you.

The biggest difference between a session and a cookie is that the session is saved in the server's memory, while the cookie is saved in the browser or client file. The session is an access-based process, it records the beginning and end of an access request. when the browser or process is closed, the session disappears, and the cookie is used to identify the user for a long time, it is used to track and identify Unique users (Unique Visitor ).

About session

Session is used to indicate a continuous connection status. in website access, it generally refers to the process from the start to the end of the client browser process. Session is actually a website analysis access (visits) metric, indicating an access process.

Session cookie is a common implementation form of session cookie, that is, the cookie with no expiration time is set. the default life cycle of this cookie is the browser session period, as long as the browser window is closed, the cookie disappears. The implementation mechanism is that when a user initiates a request, the server will check whether the request contains the sessionid. if not, the system will create an output cookie named JSESSIONID and return it to the browser (Only put in memory, not in hard disk), And write it to the server's memory in the form of HashTable. when the sessionid already exists, the server checks and finds the information that matches the session, if yes, use the sessionid directly. If no, generate a new session. Note that sessions are always created by the server rather than by the browser.

However, after the cookie of the browser is disabled, the session needs to use the URL rewriting mechanism of the get method or the form of submitting a hidden form using the POST method.

Here is a key point to note:Session expiration timeIn two aspects: browser and server. For the browser side, the session is directly related to the access process. when the browser is closed, the session disappears. the session expiration time on the server side is generally set manually, the purpose is to regularly release the memory space and reduce the pressure on the server. Generally, when the session is inInactiveThe session is cleared in 20 or 30 minutes. Therefore, the session on the browser and server does not disappear at the same time. session interruption does not necessarily mean that the user has left the website. Currently, Google Analytics and Omniture both define that when there is no action at 30 minutes, the access is counted as an end, so the last step of the session is not just to leave, it may also be static, sleep, or in a daze state.

Note that the current browser tends to share sessions with multiple processes, that is, sharing a session cookie when multiple processes access the same website through multiple tags or pages, the website will be cleared only when the browser is closed, that is, you may close the website in the tag, however, as long as the browser is not closed and the website is re-opened before the session on the server expires, the original session will be used for browsing; some browsers may also create independent sessions when opening multiple pages. IE8 and Chrome share sessions by default, in IE8, you can choose File> new session in the menu bar to create an independent session browsing page.

Cookie

Cookie is a short text message that is transmitted between the Web server and the browser as user requests and pages. Each time a user accesses a site, the Web application can read the information contained in the cookie.

The session implementation mechanism has introduced the common method of using session cookies, cookies generally refer to another type of cookies-persistent cookies ). Persistent cookie refersStored in client hard diskWhen a user accesses a website, the browser searches for the cookie associated with the website on the local hard disk. If the cookie exists, the browser sends it and the page request to your site through the HTTP header information, then, the system compares the attributes and values in the cookie with the information stored on the server, and determines whether the user is the "initial visitor" or "old customer" based on the comparison results ".

Persistent cookies generally save the user id. when a user registers or logs on for the first time, the server generates a cookie containing the domain name and related information and sends the information to the client's hard disk file, set the cookie expiration time to enable automatic logon and custom website content.

The mod_usertrack module of Apache allows you to specify a unique cookie (expired for a long time) when the user first arrives at the current website ), this cookie is the first time a user adds a random string to the IP address of the current website. At the same time, adding the % {cookie} n field to the custom WEB log can output the cookie in the apache log for data statistics and user tracking.