Why is there a cookie? As we all know, HTTP is a stateless protocol. Every time a customer reads a web page, the server opens a new session, and the server does not automatically maintain the customer's context information, so how can we implement the shopping cart in the online store? session is a mechanism for storing context information. It targets every user and stores the variable values on the server, session IDs are used to differentiate different customers. sessions are implemented based on cookies or URL rewriting. By default, the system creates an output cookie named JSESSIONID, which is called session cookie, in order to distinguish persistent cookies, that is, the cookie we usually call. Note that session cookies are stored in the browser memory and are not written to the hard disk. This is the JSESSIONID we just saw, we usually cannot see JSESSIONID, but when we disable the cookie of the browser, the web server will use In RL rewrite mode, sessionid is passed. In the address bar, we can see strings such as sessionid = kwjhug6jjm65hs2k6.
After understanding the principles, we can easily distinguish the differences between persistent cookies and session cookies. The discussions on the security of the two on the Internet are clear. session cookies are for a session, session Cookie disappears, while the persistent cookie is only a piece of text (usually encrypted) stored on the client's hard disk ), in addition, Cookie spoofing and cross-site scripting attacks against cookies are not as secure as session cookies.
Generally, session cookies cannot be used across windows. When you open a new browser window to enter the same page, the system will give you a new sessionid, in this way, we cannot achieve the purpose of information sharing. At this time, we can first save the sessionid in the persistent cookie, and then read it out in the new window to get the sessionid of the previous window, in this way, session cookie and persistent cookie are combined to achieve cross-window session tracking ).
In some web development books, session and cookie are usually used as two parallel HTTP transmission methods. session cookies are on the server side, and persistent cookies are on the client side, however, session is based on cookies and understands the connection and
The difference is that we can easily choose the right technology to develop Web Services.
Cookie
Session is a server-side storage space maintained by the application server. When you connect to the server, the server generates a unique sessionid, use this sessionid as the identifier to access the session bucket on the server. Sessionid is saved to the client and saved using cookies. When a user submits a page, the sessionid is submitted to the server to access session data. This process requires no developer intervention. Therefore, once the cookie is disabled on the client, the session will also become invalid.
The server can also pass the sessionid value through URL rewriting, so it is not completely dependent on cookies. If the client cookie is disabled, the server can automatically save the session value by rewriting the URL, and this process is transparent to the programmer.
You can try to use the request even if no cookie is written. getcookies (); the length of the retrieved cookie array is also 1, and the cookie name is JSESSIONID. There is also a long binary string, which is the value of sessionid.
Cookie is the storage space of the client, which is maintained by the browser.
