The definition and difference between cookie and session
Definition of both:
When you browse a website, the WEB server will first send a small amount of information to your computer, and the cookie will help you type the text or text on the website. These are some choices,
are all recorded. The next time you visit the same website, the WEB server will first check to see if there is any cookie information it left last time. If so, it will judge the user based on the content in Cookie
and send a specific message. web content for you. The use of cookies is very common. Many websites that provide personalized services use Cookie
to identify users so as to send user-tailored content, such as free email websites with Web interfaces. All use cookies.
Specifically, the cookie mechanism uses a solution that maintains state on the client side, while the session mechanism uses a solution that maintains state on the server side.
At the same time, we also see that since the solution of maintaining state on the server side also needs to save an identity on the client side, the session mechanism may need to use the cookie mechanism
to achieve the purpose of saving the identity. , but it actually has other options.
Cookie mechanism. Orthodox cookie distribution is achieved by extending the HTTP protocol. The server adds a special line of instructions to the HTTP response header to prompt the browser to generate the corresponding cookie according to the instructions. However, pure client-side scripts such as JavaScript or VBScript can also generate cookies. The use of cookies is automatically sent to the server by the browser in the background according to certain principles. The browser checks all stored cookies. If the scope
declared by a cookie is greater than or equal to the location of the resource to be requested, the cookie is attached to the HTTP request header of the requested resource and sent to the server.
The content of cookie mainly includes: name, value, expiration time, path and domain. The path and domain together form the scope of the cookie. If the expiration time is not set, it means that the lifetime of these
cookies is during the browser session. When the browser window is closed, the cookie will disappear. This type of cookie that lasts for the duration of the browser session is called a session cookie.
Session cookies are generally not stored on the hard disk but in memory. Of course, this behavior is not regulated by the specification. If an expiration time is set, the browser will save the cookie
to the hard disk. If you close and open the browser again, these cookies will still be valid until the set expiration time is exceeded. Cookies stored on the hard disk can be shared between different browser processes, such as two IE windows. For cookies stored in memory, different browsers have different processing methods
session mechanisms. The session mechanism is a server-side mechanism. The server uses a structure similar to a hash table (or may use a hash table) to save information.
When the program needs to create a session for a client's request, the server first checks whether the client's request already contains a session identifier
(called session id). If so, Contains indicates that a session has been created for this client before, and the server will retrieve this session according to the session id
(if it cannot be retrieved, a new one will be created). If the client request does not contain the session id, then For this purpose, the client creates a session and generates a session id associated with this session. The value of the session id should be a string that is neither repeated nor easy to find patterns to counterfeit. This The session id will be returned to the client in this response
for storage. The method of saving this session id can use cookies, so that during the interaction process, the browser can automatically send this identifier to the
server according to the rules. Generally, the name of this cookie is similar to SEEESIONID. But cookies can be artificially disabled, and there must be other mechanisms so that when cookies are disabled, the session id can still be passed back to the server.
A frequently used technique is called URL rewriting, which is to append the session id directly to the end of the URL path. There is also a technique called form hidden fields. That is, the server
will automatically modify the form and add a hidden field so that the session id can be passed back to the server when the form is submitted. For example:
In fact, this technique can be simply replaced by applying URL rewriting to the action. The difference between cookies and sessions: 1. Cookie data is stored on the client's browser, and session data is placed on the server.
2. Cookies are not very safe. Others can analyze the COOKIE stored locally and conduct COOKIE deception
Considering security, session should be used.
3. The session will be saved on the server within a certain period of time. When access increases, it will take up more of your server's performance
Considering reducing server performance, COOKIE should be used.
4. The data saved by a single cookie cannot exceed 4K. Many browsers limit a site to save up to 20 cookies.
5. So personal suggestion:
Store important information such as login information as SESSION
If other information needs to be retained, it can be placed in COOKIE
The above is the detailed content of The definition and difference between cookie and session. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
Where are cookies stored?
Dec 20, 2023 pm 03:07 PM
Cookies are usually stored in the cookie folder of the browser. Cookie files in the browser are usually stored in binary or SQLite format. If you open the cookie file directly, you may see some garbled or unreadable content, so it is best to use Use the cookie management interface provided by your browser to view and manage cookies.
Where are the cookies on your computer?
Dec 22, 2023 pm 03:46 PM
Cookies on your computer are stored in specific locations on your browser, depending on the browser and operating system used: 1. Google Chrome, stored in C:\Users\YourUsername\AppData\Local\Google\Chrome\User Data\Default \Cookies etc.
How to solve session failure
Oct 18, 2023 pm 05:19 PM
Session failure is usually caused by the session lifetime expiration or server shutdown. The solutions: 1. Extend the lifetime of the session; 2. Use persistent storage; 3. Use cookies; 4. Update the session asynchronously; 5. Use session management middleware.
Solution to PHP Session cross-domain problem
Oct 12, 2023 pm 03:00 PM
Solution to the cross-domain problem of PHPSession In the development of front-end and back-end separation, cross-domain requests have become the norm. When dealing with cross-domain issues, we usually involve the use and management of sessions. However, due to browser origin policy restrictions, sessions cannot be shared by default across domains. In order to solve this problem, we need to use some techniques and methods to achieve cross-domain sharing of sessions. 1. The most common use of cookies to share sessions across domains
Where are the mobile cookies?
Dec 22, 2023 pm 03:40 PM
Cookies on the mobile phone are stored in the browser application of the mobile device: 1. On iOS devices, Cookies are stored in Settings -> Safari -> Advanced -> Website Data of the Safari browser; 2. On Android devices, Cookies Stored in Settings -> Site settings -> Cookies of Chrome browser, etc.
What are the differences between JavaScript and PHP cookies?
Sep 02, 2023 pm 12:29 PM
JavaScriptCookies Using JavaScript cookies is the most effective way to remember and track preferences, purchases, commissions and other information. Information needed for a better visitor experience or website statistics. PHPCookieCookies are text files that are stored on client computers and retained for tracking purposes. PHP transparently supports HTTP cookies. How do JavaScript cookies work? Your server sends some data to your visitor's browser in the form of a cookie. Browsers can accept cookies. If present, it will be stored on the visitor's hard drive as a plain text record. Now, when a visitor reaches another page on the site
How cookies work
Sep 20, 2023 pm 05:57 PM
The working principle of cookies involves the server sending cookies, the browser storing cookies, and the browser processing and storing cookies. Detailed introduction: 1. The server sends a cookie, and the server sends an HTTP response header containing the cookie to the browser. This cookie contains some information, such as the user's identity authentication, preferences, or shopping cart contents. After the browser receives this cookie, it will be stored on the user's computer; 2. The browser stores cookies, etc.
Does clearing cookies have any impact?
Sep 20, 2023 pm 06:01 PM
The effects of clearing cookies include resetting personalization settings and preferences, affecting ad experience, and destroying login status and password remembering functions. Detailed introduction: 1. Reset personalized settings and preferences. If cookies are cleared, the shopping cart will be reset to empty and products need to be re-added. Clearing cookies will also cause the login status on social media platforms to be lost, requiring re-adding. Enter your username and password; 2. It affects the advertising experience. If cookies are cleared, the website will not be able to understand our interests and preferences, and will display irrelevant ads, etc.
