The difference between a cookie and a session

First, the principle of cookies

A cookie is a key and a value that is sent to the client browser as the server-side response.

The client browser then saves the cookie and sends the cookie back to the server the next time it accesses the server.

Second, the principle of the session

The bottom of the session is cookie-dependent!

When the session is first used, the server side to create the session,session is saved on the server side, and the ID of the session to the client (SessionID saved in a cookie).

The client takes away the SessionID, and the data is stored in the session.

When the client accesses the server again, the SessionID is brought in the request, and the server finds the corresponding session through SessionID without having to create a new session.

Iii. Summary

1.cookie is a text string handle sent to the client's browser and stored on the client's hard disk, which can be used to persist data between sessions of a Web site.

2.session In fact refers to the time when a visitor arrives from a particular homepage to the point of departure. The session actually uses cookies to process information, and when the user first makes a request, the server creates a cookie on the user's browser, which in fact means that the cookie expires when the session ends.
Note: The name of the cookie created for this user is ASPSessionID. The only purpose of this cookie is to provide a different identity for each user.

The common point of 3.cookie and session is that both cookies and sessions are used to track the user's identity in a browser.

The difference between the 4.cookie and session is that the cookie data is stored on the client and the session data is saved on the server side.

(1) The cookie data is stored on the client's browser and the session data is placed on the server
(2) Cookies are not very safe, others can analyze cookies stored locally and cookie spoofing, if the main consideration is that security should use the session
(3) The session will be stored on the server for a certain period of time. When the increase in access, will be compared to occupy your server performance, if the main consideration to mitigate server performance, you should use cookies
(4) The limit of a single cookie on the client is 3K, that is, the cookie stored by a site at the client cannot be 3 K.
(5) Therefore: the login information and other important information stored as a session; Other information can be placed in a cookie if it needs to be retained

The difference between a cookie and a session