Shulou(Shulou.com)06/02 Report--

This article mainly explains "what is the difference between cookie and session in php". Interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Now let the editor take you to learn "what is the difference between cookie and session in php?"

Operating environment of this tutorial: windows7 system, PHP7.1 version, DELL G3 computer

Whether in the interviews of system operators or PHP developers, they are often asked about the difference between Session and Cookie in PHP. Let's sum it up:

Cookie is only generated, managed and used by the client. PHP only sends instructions to the client how to generate Cookie, when it expires, etc., but the client does not necessarily follow the instructions of PHP.

Cookie is not very safe, lawbreakers can cheat on Cookie by analyzing local Cookie. For security reasons, it is recommended that users' important information be stored in Session, and other unimportant information that needs to be retained can be stored in Cookie.

Session is the session between entering a website and closing the browser. By default, it is stored in the server disk as a file, so setting too much Session will affect the performance of the disk. You can also use the Memory engine to store MySQL, because the memory engine reads and writes fast, and now you can specify to use Redis to deal with Session, which is faster and more efficient.

The recovery mechanism of Session is passive. Generally speaking, once you close the browser, Session will be automatically recycled by PHP, but sometimes even if you set the expiration time and close the browser, the Session may not be deleted. For example, when you set a multi-directory and multi-level Session, you need to manually delete the Session through the PHP script.

Cookie is usually bound to Session, that is, when a user does not disable Cookie, Cookie generally saves the Session ID and Session life cycle, and if the user deletes Cookie, he or she generally exits the system; if Cookie is not disabled, the browser Session will expire immediately, and you need to log in to the system again.

Cookie and Session should generally identify users, authenticate permissions, store simple data, and use Cookie to achieve single sign-on.

The data stored by Cookie has different restrictions in different browsers. Generally, under the same domain name, the number of Cookie variables is limited to 20, and the value of each Cookie is controlled within 4kb. There is no limit to the size and number of Session values, but if there are too many, it will increase the pressure on the server. In addition, the content saved by Cookie is a string, while the data saved by Session is an object.

Session cannot distinguish between paths, and when the same user visits a website, all Session can be accessed anywhere; but if the path parameter is set in Cookie, then Cookie under different paths in the same website cannot access each other.

The difference between COOKIE and SESSION

(1) Storage location: Cookie is stored in the client browser, which is relatively insecure; the file where the Session content is stored is stored in the server, usually in the tmp folder under the root directory, which is relatively more secure.

(2) quantity and size restrictions: the data stored by Cookie may have different restrictions in different browsers. Generally, under the same domain name, the number of Cookie variables is limited to 20, and the size of each cookie value is limited to 4kb. There is no limit to the size and number of session values, but if there are too many, it will increase the pressure on the server.

(3) content difference: the content saved by cookie is a string, while the data saved by session in the server is an object.

(4) path difference: session cannot distinguish between paths. When the same user visits a website, all session can be accessed anywhere; however, if the path parameter is set in cookie, then cookie under different paths in the same website cannot access each other.

Content extension:

1. Location of storage

Cookie is saved on the client side, session on the server side of the file system / database / memcache, and so on.

2. Security

Session is undoubtedly more secure because it is saved on the server side.

3. Network transmission volume

Cookie is transmitted between client and server over the network, which takes up some bandwidth, while session is stored on the server side and does not need to be transmitted.

4. Save time (life cycle), take 20 minutes as an example

The life cycle of cookie is cumulative, which is calculated from the time it is created, and ends after 20 minutes, that is, cookie is invalid.

The life cycle of session is spaced. Timing starts at the time of creation, and if no session is accessed within 20 minutes, the session will expire at 20 minutes. If you visit session at any time in 20 minutes, the life cycle of session will start again.

5. The effective path of session and cookie

Cookie by default, cookie only takes effect under the directory of the current file. Generally, you need to set the fourth parameter of setcookie to the root directory to make the page of the entire website take effect; by default, session takes effect under the root directory (you can know it by viewing the PHPSESSID information of cookie, or set it through session.cookie_path in the php.ini file).

At this point, I believe you have a deeper understanding of "what is the difference between cookie and session in php". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.