Newbie: What is the difference between session and cookie?

The following is a detailed analysis of the differences between session and cookie in php. For more information, see session and cookie WebsiteThe two concepts that are more common in browsing are also difficult to distinguish. However, they are in the click stream and based on user browsing behavior. WebsiteThe analysis is critical. Based on the reading of some articles and materials on the Internet and the author's personal application experience, we will give a brief explanation and analysis of these two concepts, hoping to discuss them with you.

The biggest difference between a session and a cookie is that the session is saved in the server's memory, while the cookie is saved in the browser or client file. The session is an access-based process, it records the beginning and end of an access request. when the browser or process is closed, the session disappears, and the cookie is used to identify the user for a long time, it is used to track and identify Unique users (Unique Visitor ).

About session

Session is used to indicate a continuous connection status.WebsiteAccess usually refers to the process from the start to the end of the client browser. The session is actuallyWebsiteThe analyzed access (visits) metric represents an access process.

Session cookie is a common implementation form of session cookie, that is, the cookie with no expiration time is set. the default life cycle of this cookie is the browser session period, as long as the browser window is closed, the cookie disappears. The implementation mechanism is that when a user initiates a request,ServerCheck whether the request contains the sessionid. if not, the system creates an output cookie named JSESSIONID and returns it to the browser (Only put in memory, not in hard disk), And write it in the form of HashTableServerWhen the sessionid already exists, the server checks and finds the information that matches the session. if the session exists, the server uses the sessionid directly. if the session does not exist, the server generates a new session. Note that sessions are always created by the server rather than by the browser.

However, after the cookie of the browser is disabled, the session needs to use the URL rewriting mechanism of the get method or the form of submitting a hidden form using the POST method.

Here is a key point to note:Session expiration timeIn two aspects: browser and server. For the browser side, the session is directly related to the access process. when the browser is closed, the session disappears.ServerThe session expiration time at the end is generally set manually to regularly release memory space and reduceServerPressure, generally set to when the session is inInactiveWhen the session is cleared for 20 or 30 minutes, the session on the browser and server does not disappear at the same time. session interruption does not necessarily mean that the user must leave the session.Website. Currently, Google Analytics and Omniture both define that when there is no action at 30 minutes, the access is counted as an end, so the last step of the session is not just to leave, it may also be static, sleep, or in a daze state.

Note that the current browser tends to share sessions with multiple processes. that is, multiple processes can access the same process through multiple tags or pages.WebsiteWhen a session cookie is shared, it will be cleared only when the browser is closed, that is, you may close the cookie in the tag.WebsiteBut as long as the browser is not closed andServerEnable the client session before it becomes invalid.WebsiteThe original session is used for browsing. Some browsers may also create independent sessions when opening multiple pages. IE8 and Chrome share sessions by default, in IE8, you can choose File> new session in the menu bar to create an independent session browsing page.

Cookie

Cookie is a short text message, along with user requests and pages on the WebServerAnd the browser. Each time a user accesses a site, the Web application can read the information contained in the cookie.

The session implementation mechanism has introduced the common method of using session cookies, cookies generally refer to another type of cookies-persistent cookies ). Persistent cookie refersStored in client hard disk(Set a certain validity period), when the user accessesWebsiteThe browser will findWebsiteThe associated cookie. If the cookie exists, the browser sends it and the page request to your site through the HTTP header information. then, the system compares the attributes and values in the cookieServerThe information of the client is consistent, and the user is identified as the "initial visitor" or "old customer" based on the comparison results ".

Persistent cookies generally save the user ID.ServerGenerate a cookie containing the domain name and related information and place it on the client's hard disk file. set the cookie expiration time to enable automatic login andWebsiteCustom content.

The mod_usertrack module provided by Apache is available for the first timeWebsiteThis cookie is the first time the user comes to the currentWebsiteAnd a random string. At the same time, adding the % {cookie} n field to the custom WEB log can output the cookie in the apache log for data statistics and user tracking.