The difference between a cookie and a session

A cookie is held in the client state while the session is persisted on the serverIf you do not set an expiration time, the cookie disappears when the browser window is closed as long as the cookie's lifetime is the browser session. A cookie that has a lifetime of browsing session is called Session Cookies。 Session cookies are generally not saved on the hard disk but in memory. If the expiration time is set, the browser will save the cookie to the hard disk, called Persistent Cookie, open the browser again after closing, and these cookies remain valid until the set expiration time is exceeded. Cookies stored on the hard disk can be shared between different browser processes, such as two IE windows. For cookies stored in memory, different browsers have different ways of handling them. The session mechanism is a server-side mechanism that uses a hash-like structure (or perhaps a hash table) to hold information. When a program needs to create a session for a client's request, the server first checks to see if the client's request contains a session ID-called the session ID. If a session ID is already included, it indicates that the session was previously created for this customer, and the server will retrieve it using the session ID (if it is not retrieved, a new one may be This situation may occur on the server where the user's session object has been deleted, but the user manually appends the previous jsession parameter to the requested URL. If the customer request does not include a session ID, a session is created for the customer and a session ID associated with the session is generated, and the session ID is returned to the client in this response. The program is usually when the user does log off to send a command to delete the session, however, the browser will never proactively notify the server before closing it will be shut down, so the server will not have the opportunity to know that the browser has been closed. The server retains the session object until it is inactive beyond the set interval. The reason for this error is that most sessions use session cookies to save the conversation ID, and this session ID disappears when you close the browser, and you cannot find the original session when you connect to the server again. If the cookie set by the server is saved to the hard disk, or if you use some means to overwrite the HTTP request header sent by the browser, send the original session ID to the server, then open the browser again to still be able to find the original session. It is precisely because closing the browser does not cause the session to be deleted, forcing the server to set an expiration time for the session, when the customer last time to use the session more than the expiration time, the server can assume that the client has stopped the activity, The session is deleted to save storage space. As a result, we can conclude that closing the browser will only disappear from the session cookie in the browser memory, but will not cause the session object saved on the server to disappear, nor will the persistent cookie that has been saved to the hard disk disappear. the difference between a cookie and a session:1. The cookie data is stored on the client's browser, and the session data is placed on the server;2, the cookie is not very safe, others can analyze the cookies stored in the local ,Consider that the session should be used for safety;3. Session will be saved on the server for a certain period of time. When access is increased, it will be more likely to occupy your server's performanceIn view of mitigating server performance, cookies should be used;4. The size of the data saved by a single cookie is limited.  

The difference between a cookie and a session