Novice rookie must read: Session and cookie Difference _php skills

Session and Cookie are two common concepts in web browsing, and they are more difficult to discriminate, but they are critical in the click Stream and Web analytics based on user browsing behavior . Based on some articles and materials on the Internet, and the author's personal application Experience, the two concepts to do a simple exposition and analysis, I hope to work with you to explore the next.

The biggest difference between session and Cookie is that the session is stored in the server's memory, and the cookie is stored in the browser or client file, and is based on the access process, recording the start to end of an access, and when the browser or process is closed, The session is also "Gone", and cookies are used more to identify the user, and it can be long, for users to track and identify unique users (unique Visitor).

about Session

The session is used to represent a persistent connection state, which generally refers to the process from the open to the end of the client browser in the Web site access. The session is actually a Web analytics access (visits) metric that represents a process of access.

A common implementation of a session is a conversation cookie (the sessions cookie), a cookie that does not set an expiration time, and the default life cycle for the cookie is during the browser session, and the cookie disappears when the browser window is closed. The implementation mechanism is when a user initiates a request, the server checks whether the request contains SessionID, if not included, then the system creates an output cookie named Jsessionid to return to the browser ( memory only, no hard drive and writes it to the server's memory in hashtable form, and when the SessionID is already included, the service side checks to find the information that matches the session, and if it does, regenerate the new Session Note here that the session has always been created by the server, not by the browser itself.

However, when the browser's cookie is blocked, the session needs to be implemented by using the URL rewrite mechanism of the Get method or by submitting a hidden form using the Post method.

Here is a very important note, that is, the session failure time settings, here in two ways: browser-side and service-side. For browsers, sessions are directly related to the access process, and when the browser is closed, the session disappears, and the server-side time to fail is usually set artificially, with the aim of releasing memory space periodically and reducing server pressure. The general setting is to clear the session when it is inactive for 20 or 30 minutes, so that the browser-side and service-side sessions do not disappear at the same time, and the interruption does not necessarily mean that the user must have left the site. At present, Google Analytics and Omniture both define that when there is no action at intervals of 30 minutes, it counts as an end of the visit, so the last step of the session is not just to leave, but also may be static, dormant or Daze state.

It is also important to note that the current browser seems to tend to the session share of multiple processes, that is, to open multiple processes through multiple tabs or pages to share a session cookie when accessing the same Web site, only to be purged when the browser is closed. That is, you may have closed the site in the tag , but as long as the browser has not been closed and reopened the Web site before the server-side session has expired , use the original session for browsing While some browsers open multiple pages may also establish a separate SESSION,IE8, chrome default is shared session, in the IE8 can be in the menu bar file-> new sessions to create a separate browsing page.

About Cookies

A cookie is a small piece of textual information that accompanies the user request and the page is passed between the Web server and the browser. Each time a user accesses a site, the Web application can read the information that the cookie contains.

The implementation mechanism of the session has already introduced the common method is to use the conversation cookie, and the usual cookie mainly refers to another class of cookie--persistent cookies (persistent cookies). A persistent cookie is a cookie information that is stored on the client's hard disk (a certain expiration date is set), and when a user accesses a Web site, the browser looks for the cookie associated with the site on the local hard disk . If the cookie exists, the browser sends it to your site, along with the page request, with HTTP header information, and then the system will match the properties and values in the cookie with the information stored on the server side, and determine the user as a "novice" or "old customer" based on the results of the comparison.

Persistent cookies typically save the user's user ID, which is sent by the server to generate a cookie containing the domain name and related information at the time the user registers or first logs on, and puts it on the client's hard disk file, and sets the expiration time of the cookie to enable the user to automatically log on and Web site content customization.

The

Apache Mod_usertrack module allows users to plant a unique cookie (long overdue) for the first time the user comes to the current The IP address of the site plus a random string. At the same time, adding the%{cookie}n field at the end of the custom Web log enables cookies to be exported in the Apache log for data statistics and user tracking.