Shulou(Shulou.com)06/01 Report--

This article mainly explains "what is the difference between Java Session and Cookie". The content in the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "what is the difference between Java Session and Cookie".

The concept of Session

Session is stored on the server side, similar to the Session structure to store user data. When the browser sends a request for the first time, the server automatically generates a Session and a Session ID to uniquely identify the Session, and sends it to the browser through the response.

When the browser sends the request for the second time, it will send the Session ID from the previous server response to the server together with the request. The server will extract the Session ID from the request and compare it with all the saved Session ID to find the corresponding Session of this user.

General browsers provide two ways to save, and another is for programmers to customize the implementation by using html to hide the domain:

1) use Cookie to save, which is the most common method, and the implementation of the "remember my login status" function in this article is officially based on this approach. The server sends the Session ID to the browser by setting the Cookie. If we do not set this expiration time, then the Cookie will not be stored on the hard disk, when the browser is closed, the Cookie will disappear and the Session ID will be lost. If we set this time to a few days later, the Cookie will be saved on the client hard disk, even if the browser is closed, the value still exists, and the same will be sent to the server the next time you visit the corresponding website.

2) use URL to add information, just like we often see JSP sites have aaa.jsp?JSESSIONID=*. This method is the same as the first method in which no Cookie expiration time is set.

3) the third way is to add hidden fields to the page form, which is actually the same as the second way, except that the former sends data through GET, while the latter uses POST to send data. But the latter is obviously troublesome.

Session (Session) tracking

A conversation refers to a series of actions taken by a user after logging on to the site, such as browsing items to add to the shopping cart and buying. Session (Session) tracking is a common technology in Web programs, which is used to track the user's entire session. The commonly used session tracking techniques are Cookie and Session. Cookie determines the identity of the user by recording information on the client, and Session determines the identity of the user by recording information on the server.

What is the difference and relationship between Session and Cookie?

The difference between Cookie and Session

Cookie is stored in the client (browser) and session is stored in the server. To put it simply, when you log on to a website, if the web server uses session, then all the data is saved on the server. Every time the client requests the server, it will send the sessionid of the current session, and the server will judge the corresponding user data flag according to the current sessionid to determine whether the user is logged in or has certain permissions.

Since the data is stored on the server, you can't forge it, but if you can get the sessionid of a logged-in user, you can also successfully forge that user's request with a special browser. Sessionid is randomly assigned when the server and the client link, generally speaking, there is no repetition, but if there are a large number of concurrent requests, it is not without the possibility of repetition.

Session and Cookie contact

Cookies is a kind of Session object. But the difference is that Cookies does not take up server resources, it is stored in customer memory or in a cookie text file, while "Session" takes up server resources. So try not to use Session and use Cookies instead.

But we generally think that cookie is unreliable, session is reliable, but at present, many famous sites also come from cookie. Sometimes in order to solve the problem of page processing after cookie is disabled, url rewriting technology is usually used to call a large number of useful methods in session to get data from session and put it into the page.

Application scenarios of Cookies and Session

The security performance of Cookies has always been controversial. Although Cookies is stored on the local computer, its information is fully visible and easy to edit locally, which can often cause a lot of security problems. So whether Cookies should be used or not, and how to use it, there is a bottom line that needs to be given.

1) session

Login verification information. It is generally in the form of Session ("Logon") = true or false. All kinds of personal information of users, such as names, etc., in some cases, the content information that needs to be transmitted between pages needs to be saved in Session, for example, the investigation work needs to be divided into several steps. The information of each step is saved in Session and finally updated to the database in a unified way.

2) cookie

Determine whether the user has logged on to the site so that you can log in directly the next time you log in. If we delete cookie, we must fill in the login information again every time we log in. Another important application is the processing and design of classes in the shopping cart. Users may choose different products on different pages of the same website over a period of time. They can write all this information into cookie and extract these messages from cookie at the time of final payment. Of course, there are security and performance issues that need to be considered.

Session sharing

For a single server with multiple sites (different child domains in the same parent domain), what we need to solve is the sharing of SessionId from different sites. Because the domain names are different (blog.yoodb.com and daohang.yoodb.com), and the SessionId is stored in their respective cookie, the server assumes that the access to the two substations comes from a different session.

The solution is to achieve the purpose of cookie sharing by modifying the domain name of cookies as the parent domain name, so as to realize the sharing of SessionId. The disadvantage is that the cookie information between sub-stations is also shared at the same time.

Typical application of cookie

1) determine whether the user has logged on to the site so that you can log in directly the next time you log in. If we delete cookie, we must re-fill in the login information each time we log in.

2) processing and design in the shopping cart of the online mall. Users may choose different products on different pages of the same site over a period of time, and they can write all this information into cookie and extract it from cookie at the time of final payment, of course, security and performance issues need to be considered.

Thank you for your reading, the above is the content of "what is the difference between Java Session and Cookie". After the study of this article, I believe you have a deeper understanding of what is the difference between Java Session and Cookie, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.