Servlet Seventh chapter "The difference between cookie and session, application"

the difference between session and Cookie

Compare from storage mode Cookies can only store strings and encode them if you want to store non-ASCII strings. The session can store any type of data, and the session can be viewed as a container

from the privacy security comparison cookies are stored in the browser and are visible to the client . Information is easily leaked out. If you use cookies, it is best to store the cookie encryption session on the server, which is transparent to the client . There is no sensitive information disclosure problem.

from the validity of the comparison Cookies are saved on the hard disk and only need to set the MaxAge property to a larger positive integer, even if the browser is turned off, the cookie or the presence of the session is saved in the server, Set the Maxinactiveinterval property value to determine the duration of the session. And the session relies on a cookie named Jsessionid, which defaults to the MaxAge property of-1. If you turn off the browser, the session does not die from the server, but it does not.

from the burden comparison on the server Session is saved in the server, each user will produce a session, if it is concurrent access to a very large number of users, it is not allowed to use the sessions, will consume a lot of memory. Cookies are stored on the client. Does not occupy the resources of the server. Such large websites as Baidu and Sina generally use cookies for session tracking.

compared to browser support , cookies are useless if the browser disables cookies. If the browser disables cookie,session, you can use URL address rewriting for session tracking.

Compare from cross domain Cookies can be set domain property to implement a Cross-domain session only in the current domain name valid, not Kua domain cookies and session common use

If you just use cookies or use session only, you may not be able to achieve the desired results . You should try using session and cookies at the same time

So, when do you need to use cookies and sessions at the same time? In the last blog, we used the session to do simple shopping, and the function did come true. Now there is a problem: I accidentally closed the browser on the way to shopping. When I went back into the browser, I found out that I had purchased a record of the merchandise. Why is it gone? The reason is also very simple: the MaxAge property of the cookie that the server automatically maintains for session defaults to 1, and when the browser is off, the cookie automatically dies. When the user visits again, it is not the original cookie. What we want to do now is: even if I accidentally closed the browser, I went back into the site, I can find my purchase record .

To implement this function is also very simple, the problem is in fact: the server for the session automatically maintained the cookie MaxAge property is -1,cookie not saved in the hard disk. All I have to do now is to save the cookie on my hard disk, and even if I close the browser, I can bring cookies to the server to recognize the session when I visit the page again.

The first way: you just need to create a Cookie,cookie value on the processing purchase page. Return the session ID to the browser

        Cookie cookie = new Cookie ("Jsessionid", Session.getid ());
        Cookie.setmaxage (30*60);
        Cookie.setpath ("/ouzicheng/");
        Response.addcookie (cookie);

The second way: configured in the Server.xml file, each user's session is serialized to a hard disk or database when the server is shut down . But this method is not commonly used, know can.

Let's look at the effect