Both the session and the cookie have been in contact for a long time, so let's summarize it today.
First, they are all commonly used techniques in session tracking. The cookie logs information on the client to determine the user's identity, and the session logs information on the server to determine the user.
This article will systematically explain the mechanisms, usage scenarios, and examples of cookies and session.
Cookie mechanism :
The creation of a cookie: When two users have visited the same shopping site, after the end of the visit to close the browser, if the HTTP protocol to transport Web data, the client and the server connection is closed, the session state cannot be saved at this time. That is, if user a orders the site, the next time a or B is accessed, the server cannot determine who placed the order.
This obviously doesn't work, so a mechanism is needed to record who placed the order. At this point, a cookie is used.
A cookie is actually a small piece of text information. The client requests the server and, if the server needs to log the user state, uses response to send a cookie to the client browser. The client browser will save the cookie. When the browser requests the site again, the browser submits the requested URL along with the cookie to the server. The server checks the cookie to identify the user state. The server can also modify the contents of the cookie as needed.
In combination with the above example, the server to each login user to send a verification card, card number is unique, randomly generated, then the user will be the card to the service-side verification, through the can read personal information.
characteristics of cookies:
1, can record the user login information, common browser information and access times. This is also a factor that some businesses value, causing cookies to be unsafe. Because we can intercept cookies during the access server, such as through the Request.getcookie () method.
2, can save Unicode, ASCII characters and binary content. It also means that you can save Chinese or binary images, which you must encode when you save Chinese or a picture. Of course, since each access server will have to pass a cookie, it does not advocate a large amount of content in the cookie, which can affect the efficiency.
3, the operation of cookies, including adding and deleting changes.
Adding and querying cookies is simple, using the Request.getcookie () and Response.addcookie (Cookiecookie) methods. The cookie itself does not provide a modification or deletion operation. If modified, simply create a new cookie with the same name and add it to the response to overwrite the original cookie. If you want to delete a cookie and create a new cookie with the same name, set MaxAge to 0 and add it to response to overwrite the original cookie.
Click on the link to enter: Cookie usage instance.
Session mechanism :
Session is also a way to save the client user information, but it is saved on the server side.
When the client browser accesses the server, the server logs access information, and when the user accesses it again, it is only necessary to find the user state from the session.
Session of features :
1, create and read and write. Session is created when the server is accessed for the first time and the access resources are non-static (such as Jsp,servlet) , one for each user. In Java, the K-V key-value pairs exist through the getattribute () and setattribute () methods to read and write.
2. Period of validity.
In order to ensure fast reading, the session is placed in memory, but when the number increases rapidly with the increase in user access, there may be excessive session and memory overflow.
Solution: 1, as far as possible to streamline session information, 2, the server regularly delete the long inactive session, that is, set the session validity period. Once the session is generated, it is updated to the latest time as soon as the user accesses it, based on the active time.
3, rely on SessionID. According to the HTTP stateless protocol server is unable to determine which user the new access comes from, so it is necessary to deposit a SessionID in the cookie sent by the client to identify the user and obtain resources. SessionID is created by the server side and saved on the browser side.
some browsers consider factors such as security and do not support cookies, so you can use URL rewrite to save SessionID and send to the server.
Session use instance.
Comparison of the similarities and differences between the cookie and session:
Same point:
1, can save the client user information;
2, should not save too much content;
3, there is a validity period.
Different points:
1, save the address is different, the cookie in the client, session on the service side;
2, session security is good.
Using scenario Analysis :
1, when considering the security, try to use the session, consider the server performance, as far as possible with cookies;
2, the combination of the two, we can put important, such as login information into the session, the other information into the cookie.
Summary: In fact, their use is very simple, as long as the principle of understanding, according to the manual to check the usage can be, and ultimately to be attributed to practice.
Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.
Session and Cookie Parsing