Servlet experience (2) -- session and cookie

We know that sessions and cookies are used for session tracking, but the implementation method is not the same. So what are their differences? Let's take a look at the following steps:

 

Session,CookieMeaning:

Session

A server-side technology, which is created on the server side, usually uses a hash to store information. The storage quantity can be large or small. For example, Tomcat's session object uses hashmap to store key-value pairs.

Used to save the private information of each user. Its survival period is the user's continuous request time plus a period of time.

 

Cookie

A client technology is used to track user sessions. Of course session can also be used to track user sessions, but the implementation principle is somewhat different. A cookie is a piece of information sent from the server to the client. It is stored in the browser memory or in text format on the user's hard disk. The amount of data stored is limited. Most browsers use 4 K.

Application:

It is used to save public data information of all users. If the application object is used, a problem to be considered is that any operation must be completed in application_onstart event (Global. asax.

 

The following is a comparison table of the three objects that store data:

 

This article mainly comparesSessionAndCookieSo the following focuses on comparing the two:

1. access method:

COOKIE: can only save ASCII string, if you need to access UNICODE character or binary data, need to UTF-8, GBK or base64 encoding. You cannot directly access Java objects. It is difficult to use cookies to store slightly complex information.

Session: You can access any type of data, such as string, integer, list, and map. You can directly Save the value of Java Bean to any Java class or object. It is very convenient to use. Session can be considered as a Java container class.

2. Privacy and security:

COOKIE: it is stored in the client browser and visible to the client. Some client programs may Snoop, copy, or even modify the content in the cookie.

Session: it is stored on the server and transparent to the client. There is no risk of sensitive information leakage.

3. Validity Period:

COOKIE: to achieve long-term record effect, it is still a good choice. Set maxage attributes

Session: It depends on the cookie named JSESSIONID, And the maxage of cookie JSESSIONID is-1 by default. If you close the browser, the session will disappear.

4. server load:

COOKIE: it is stored on the client and does not occupy server resources. If there are a large number of concurrent users, it is a good choice.

Session: stored on the server. Each user generates a session. If a large number of concurrent users are accessed, a large number of sessions are generated, consuming a large amount of memory.

 

5. Cross-Domain Name:

COOKIE: supports cross-domain access.

Session: valid only for the domain name.

 

High scalabilityWebApplicationHTTPSessionSharing Solution:

1. The session is not saved on the server, and is completely stateless.

2. Session sharing based on browser cookies.

3. Database-based session sharing enables session sharing between distributed applications

4. clustering mechanism based on application server and Servlet Container

5. nfs-based session sharing

6. Implement session Sharing Based on Java caching solutions such as terracotta, ehcache, and jbosscache

7. Session sharing based on key-value dB such as memcached/Tokyo tyrant

 

Conclusion:The author's knowledge is limited, and his understanding of the data is also limited. Therefore, I would like to take a few notes here and hope to criticize and correct it.