Shulou(Shulou.com)06/02 Report--

This article introduces the relevant knowledge of "what is the difference between session and cookie". In the operation process of actual cases, many people will encounter such difficulties. Next, let Xiaobian lead you to learn how to deal with these situations! I hope you can read carefully and learn something!

1. Session workflow

The client accesses the server, and the server calls the Session() method to generate a session object, which is used to track the user's state.

At the same time, assign a unique identifier sessionId to the session object. To manage session objects, sessionId is the key and session object is the value.

When a response is generated, the sessionId is sent to the client as a cookie and stored in the cache of the client browser (Cookie (JSESSIONID).

When the client requests the server again, it will send the sessionId to the server in the form of cookie request header (JSESSIONID). After the server obtains the JSESSIONID and matches the SessionID, it obtains the session object and thus tracks the status. [Client] JSESSIONID =[Server] SessionID

2. How cookies work

When the client accesses the server, the server calls the Cookie() method and generates a response, it will generate a set-cookie response header.

Send the cookie text to the client, and the client saves the cookie text

When the client requests the server again, it will generate a cookie request header and send the cookie information sent by the server to the server. The server can track the status of the client according to the cookie information.

3. File form of cookies

A Cookie is a small text file that a browser stores on a user's computer.

Cookies are plain text format and do not contain any executable code

Cookies consist of key-value pairs separated by semicolons and spaces

Cookies are stored in the browser, but they are usually set by the server.

Cookie size is limited to about 4kb

4. Specific content of cookies

It can record your user ID, password, browsed web pages, stay time and other information. When you come to the site again, the site reads Cookies and knows about you, and can take appropriate actions, such as displaying a welcome slogan on the page, or letting you log in directly without entering an ID or password. A website can only read information it places on itself and cannot read Cookie files from other websites. Therefore, the Cookie file also stores the host attribute, i.e. the domain name or ip of the website.

These attributes are stored in name-value pairs, and most of their contents are encrypted for security. Cookie files are named in the format: username @ website address [number].txt

Advantages and disadvantages of cookies

Benefits of cookies:

Give users a more humanized experience, such as remembering "password function" and welcoming old users to log in.

Complementing HTTP's connectionless nature

A basis for site statistics visitors

Disadvantages of cookies:

It doesn't solve the problem of multiple people sharing a computer, which brings insecurity.

Cookie files are easy to delete by mistake

One person using multiple computers

Cookies cheat. Modify the host file to illegally access cookies on the target site

6. After disabling cookies, can sessions still be used?

Cookie and Session are generally considered to be two independent things. Session uses a scheme to maintain state on the server side, while Cookie uses a scheme to maintain state on the client side. Why can't I get a Session if I disable cookies? Because Session uses Session ID to determine the server Session corresponding to the current session, and Session ID is passed through cookies, disabling cookies is equivalent to losing Session ID, and you will not get Session.

In PHP, a Session can exist independently of cookies through configuration. Session in PHP uses client-side cookies to save Session IDs by default, so when there is a problem with client-side cookies, the Session will be affected. It must be noted that Session does not necessarily have to rely on cookies, which is also the smartest part of Session compared to cookies.

Therefore, we can use Session without cookies, that is, assuming that the user turns off cookies, and there are several ways to achieve this:

Turn off cookies, use session methods

1. Set "session.use_trans_sid = 1" in the php.ini configuration file, or turn on the "--enable-trans-sid" option at compile time to let PHP automatically pass the Session ID across pages.

2. Manually pass the Session ID via URL values and hidden forms.

3. Save the Session ID in the form of a file, database, etc., and call it manually during the spread process.

Reference address: www.cnblogs.com/tkzc2013/p/9875745.html

7.sessionid

session unique identifier, a string of random characters, for example: sess_00nrqa20hjrlaiac0eu726i4q5

8. Difference between session and cookie

1. Different access methods

Cookies can only store ASCII strings. If you need to access Unicode characters or binary data, you need to encode them first. Java objects cannot be accessed directly from cookies. To store slightly more complex information, using cookies is more difficult.

Session can access any type of data, including but not limited to String, Integer, List, Map, etc. Session can also be directly stored Java Bean or any Java class, object, etc., it is very easy to use. You can think of Session as a Java container class.

2. Different privacy policies

Cookies are stored in the client reader and are visible to the client, and some programs on the client may snoop, copy, and even modify the contents of the Cookie. The Session is stored on the server and is transparent to the client, so there is no risk of sensitive information disclosure.

If you choose cookies, the better way is to try not to write sensitive information such as account passwords into cookies. It is best to encrypt Cookie information like Google and Baidu, submit it to the server and decrypt it, so as to ensure that the information in the Cookie can be read by the user. And if you choose Session, it will be much easier, anyway, it is placed on the server, and any privacy in the Session can be effectively protected.

3. Differences in validity period

Anyone who has used Google knows that if you log in to Google, your Google login information is valid for a long time. Instead of having to log back in every time you visit, Google keeps a persistent record of that user's login information. To achieve this effect, cookies are a better option. Just set the expiration time property of the Cookie to a very, very large number.

Since the Session depends on a Cookie named JSESSIONID, and the expiration time of the Cookie JSESSIONID is-1, the Session will expire as long as the reader is closed, so the Session cannot complete the effect of the message being valid forever. URL address rewriting is not possible. And if the session timeout is set too long, the more sessions the server accumulates, the more likely it is to cause memory overflow.

4. Different server pressures

Session is stored on the server side, each user will generate a Session. If the number of concurrent users is very large, it will generate a lot of sessions and consume a lot of memory. Therefore, websites with high concurrent traffic such as Google, Baidu and Sina are unlikely to use Session to track customer conversations.

Cookies are stored on the client side and do not occupy server resources. Cookies are a good option if there are a lot of concurrent readers. For Google, Baidu and Sina, cookies may be the only option.

5. Different browser support

Cookies are supported by client browsers. If the client disables cookies or does not support cookies, session tracking fails. For WAP applications, regular cookies are useless.

If the client browser does not support cookies, you need to use Session and URL rewriting. It should be noted that all URLs used in Session programs must be rewritten, otherwise Session Tracking will fail. Session+URL rewriting may be the only option for WAP applications.

If the client supports cookies, cookies can be set to be valid either in this browser window and child windows (with an expiration time of-1) or in all reader windows (with an expiration time of some integer greater than 0). However, Session is valid only in this Reader window and its children. If two browser windows are unrelated, they will use two different sessions. (Session coherence in different windows under IE8)

6. Differences in cross-domain support

Cookies support cross-domain access. For example, if the domain attribute is set to ". biaodianfu.com," all domain names with the suffix ".biaodianfu.com" can access the Cookie. Cross-domain cookies are now commonly used on the web, such as Google, Baidu, Sina, etc. Session does not support cross-domain access. A Session is valid only within the domain name in which it is located.

Cookies alone or sessions alone may not achieve the desired results. Try using cookies and sessions together. Cookie and Session use in combination in practice projects will achieve many unexpected results.

Reference address: zhinan.sogou.com/guide/number/316513843800.htm? rcer=uXdGqt9h69jxEs6th

"What is the difference between session and cookie" is introduced here. Thank you for reading it. If you want to know more about industry-related knowledge, you can pay attention to the website. Xiaobian will output more high-quality practical articles for everyone!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.