The difference between a session and a cookie

Personal understanding has the following differences:

1, the session is saved in the server, the client does not know the information; the cookie is stored on the client and the server is able to know the information.

2. The object is saved in the session, and a string is saved in the cookie.
3, the session can not distinguish between the path, the same user during a visit to a website, all sessions in any place can be accessed. In the cookie, if the path parameter is set, the cookies under different paths in the same Web site are inaccessible to each other.
4, the session needs to use a cookie to normal <nobr oncontextmenu= "return false;" id= "Key3" this); "style=" COLOR: #6600ff; border-bottom:0px dotted; Background-color:transparent; Text-decoration:underline "KwC ();" this); "target=" _blank "> Work </nobr>. If the client completely prohibits cookie,session, it will fail.

HTTP is a stateless protocol, every time a client reads a Web page, the server opens a new session, and the server does not automatically maintain the customer's contextual information, then how to implement the shopping cart in the online store, the session is a mechanism to save the context information, it is for each user, The value of the variable is saved on the server side, by SessionID to distinguish between different customers, session is based on cookie or URL rewriting, the default use of cookies to implement, the system will create an output cookie named Jsessionid, We call the session cookie to distinguish between persistent cookies, which we normally call cookies, which are stored in the browser memory and not on the hard disk, This is the jsessionid we have just seen, we usually do not see the jsessionid, but when we disable the browser cookie, the Web server will be URL rewrite to pass the SessionID, we can see in the Address bar A string such as sessionid=kwjhug6jjm65hs2k6.
Understanding the principle, we can easily distinguish between persistent cookies and session cookies, the online discussion on the security of the two is also clear, session cookie for a session, sessions end The cookie disappears, and the persistent cookie is just a piece of text (usually encrypted) that exists on the client's hard drive, and may be subject to cookie spoofing and cross-site scripting attacks against cookies, which are not as secure as session cookies.
Usually the session cookie is not used across windows, and when you open a new browser window into the same page, the system will give you a new SessionID, so that the purpose of our information sharing is not reached, At this point we can first save the SessionID in the persistent cookie, and then read it in a new window, we can get the previous window SessionID, so through the session cookie and persistent The combination of cookies allows us to implement a cross-window session tracking (conversation tracking).
In some Web development books, the session and cookie are often simply used as two kinds of parallel HTTP transmission information, session cookies located on the server side, the persistent cookie is located on the client, But the session is based on a cookie, understand the relationship between the two and the difference, we will not be difficult to choose the right technology to develop Web service.

This article is from the "Boyhack" blog, make sure to keep this source http://461205160.blog.51cto.com/274918/1753426

The difference between a session and a cookie