Shulou(Shulou.com)06/02 Report--

This article shows you what is the difference between Session and Cookie. The content is concise and easy to understand. It will definitely brighten your eyes. I hope you can get something through the detailed introduction of this article.

Cookie

The HTTP protocol is stateless, mainly to make the HTTP protocol as simple as possible, so that it can handle a large number of transactions. HTTP/1.1 introduces Cookie to save state information.

Cookie is the data sent by the server to the client, which will be saved in the browser and will be included in the client's next request message. Through Cookie, you can let the server know whether the two requests come from the same client, so as to maintain the login status and other functions.

Creation process

The response message sent by the server contains a Set-Cookie field, and the client gets the response message and saves the Cookie content to the browser.

HTTP/1.1 200 OKServer: nginx/1.10.3 (Ubuntu) Date: Wed, 04 Apr 2018 07:52:53 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingVary: CookieX-Frame-Options: SAMEORIGINSet-Cookie: csrftoken=Unoyq4GhHrctiYdxp02xjl4exWS5JYmTzYm2UHJUwjeR0UFMIyv4CxUFicFDcGyu; expires=Wed, 03-Apr-2019 07:52:53 GMT; Max-Age=31449600; Path=/; secureStrict-Transport-Security: max-age=315360000; includeSubDomainsContent-Encoding: gzip

When the client sends a request later, it reads the Cookie value from the browser and contains the Cookie field in the request message.

GET / HTTP/1.1Host: leetcode-cn.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.75 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8Accept-Encoding: gzip, deflate, brAccept-Language: zh-CN,zh;q=0.9Cookie: Hm_lvt_fa218a3ff7179639febdb15e372f411c=1522568819,1522574611,1522657411,1522828353 Hm_lpvt_fa218a3ff7179639febdb15e372f411c=1522828370; csrftoken=Unoyq4GhHrctiYdxp02xjl4exWS5JYmTzYm2UHJUwjeR0UFMIyv4CxUFicFDcGyu classification

Session Cookie: it is automatically deleted after the browser is closed, that is, it is only valid during the session. Persistence Cookie: after specifying a specific expiration time (Expires) or expiration date (Max-Age), it becomes a persistent Cookie.

Set-Cookie: csrftoken=Unoyq4GhHrctiYdxp02xjl4exWS5JYmTzYm2UHJUwjeR0UFMIyv4CxUFicFDcGyu; expires=Wed, 03-Apr-2019 07:52:53 GMT; Max-Age=31449600 The Set-Cookie attribute indicates the name and value (required) given by NAME=VALUE to Cookie (if not explicitly specified, the period of validity of expires=DATECookie is until the browser is closed by default) path=PATH takes the file directory on the server as the applicable object of Cookie (if not specified, the file directory where the document resides by default) the domain= domain name is the domain name of the Cookie applicable object (if not specified, it defaults to the domain name of the server that created Cookie) Secure only Only when HTTPs communicates securely will CookieHttpOnly be sent to restrict it. Make Cookie inaccessible to Session by JavaScript scripts

Session is a means used by the server to track users, which is easier to use than Cookie, and correspondingly increases the storage pressure on the server. Each Session has a unique identity: Session ID. When the server creates a Session, the response message sent to the client contains the Set-Cookie field, including a key-value pair named sid, which is Session ID. After receiving it, the client saves the Cookie in the browser, and all the request messages sent after that contain Session ID.

When Cookie is disabled, you can follow the url or submit it to the server in the form of a form, so that the server side knows the state of the client.

Comparison between the two

Contact:

Both Cookie and Session are session methods used to track the identity of browser users.

Difference:

The Cookie data is stored in the customer's browser and the Session data is placed on the server. Cookie is not very secure. Others can analyze the local Cookie and cheat on Cookie. If security is the main concern, you should use encrypted Cookie or Session. Session will be saved on the server for a certain period of time. When the number of visits increases, it will take up the performance of your server. If the main consideration is to reduce server performance, you should use Cookie. The client limit for a single Cookie is 4K, and many browsers limit a site to a maximum of 20 Cookie.

What is the difference between Session and Cookie? have you learned any knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.