How to distinguish Cookies and Session? The difference and detailed explanation between Cookies and Session in JavaScript

This article mainly introduces the detailed explanation and difference between Cookies and Session. Friends in need can refer to the following

The detailed explanation and difference between Cookies and Session

1.Cookie is a text string handle sent to the client's browser and stored on the client's hard drive. It can be used to persist data between sessions of a WEB site.

2.session actually refers to the period of time from when a visitor arrives at a specific homepage to when he leaves. Session actually uses cookies for information processing. When the user first makes a request, the server creates a cookie on the user's browser. When the session ends, it actually means that the cookie has expired.

Note: The name of the cookie created for this user is assessionid. The only purpose of this cookie is to provide different identity authentication for each user.
session Literally speaking, it is a session. This is similar to when you are talking to someone. How do you know that the person you are talking to is Zhang San and not Li Si? The other party must have certain characteristics (such as appearance) that indicate that he is Zhang San. The same principle applies to sessions. The server needs to know who is currently sending the request to itself. In order to make this distinction, the server will assign a different "identity identifier" to each client. Then every time the client sends a request to the server, it will bring this "identity identifier", and the server will know that the request comes from Who. As for how the client saves this "identity", there are many ways. For browser clients, everyone uses cookies by default.

3. What cookies and sessions have in common is that both cookies and sessions are session methods used to track the identity of browser users.

4. The difference between cookie and session is: cookie data is stored on the client side, and session data is stored on the server side.

Simply put, when you log in to a website:

If the web server uses session, then all data is saved on the server.

Every time the client requests the server, it will send the sessionid of the current session. The server determines the corresponding user data flag
based on the current sessionid to determine whether the user is logged in or has certain permissions. Since the data is stored on the server, you cannot forge it,
But if you can obtain the sessionid of a logged-in user, you can also successfully forge the user's request using a special browser.
sessionid is randomly assigned when the server and client connect. Generally speaking, there will be no duplication, but if there are a large number of concurrent requests,
it is not without the possibility of duplication.
· If the browser If cookies are used, all data is stored on the browser side. For example, after you log in, the
server sets a cookie username. Then when you request the server again, the browser will send the username to the server. ,
These variables have certain special marks. The server will interpret it as a cookie variable, so as long as the browser is not closed, the cookie variable will always be valid,
so it can be guaranteed not to be disconnected for a long time. If you can intercept a user's cookie variable and then forge a data packet to send over,
then the server still thinks you are legitimate. Therefore, the possibility of being attacked using cookies is relatively high. If the validity time is set,
then it will save the cookie on the client's hard drive. The next time you visit the website, the browser will first check whether there is a cookie,
if there is one, read it The cookie is then sent to the server. If you save a forum cookie on your machine, the
validity period is one year. If someone invades your machine, copies your cookie, and then puts it in the directory of his browser,
then he When you log in to the website, you log in with your identity. So cookies can be forged. Of course, you need to pay attention when forging.
Directly copy the cookie file to the cookie directory. The browser will not recognize it. It has an index.dat file that stores the creation time of the cookie file,
and whether it has been modified. So you must first have the cookie file of the website, and you must deceive the browser from the effective time.

5. Both can be used to store private things. They also have validity periods. The difference is that the session is placed on the server. Whether it expires or not depends on the setting of the service period. Cookies are If it exists on the client side, whether it has been used or not can be set when the cookie is generated.

(1)Cookie data is stored on the client's browser, and session data is placed on the server
(2)Cookies are not very secure. Others can analyze the COOKIE stored locally and perform COOKIE Deception, if security is the main consideration, session
(3)session will be saved on the server for a certain period of time. When access increases, it will take up more of your server's performance. If the main consideration is to reduce server performance, you should use COOKIE
(4) The limit of a single cookie on the client is 3K, which means that a site cannot store COOKIE on the client. 3K.
(5)So: Store important information such as login information as SESSION; if other information needs to be retained, it can be placed in COOKIE

Students who need to learn js please pay attention to php Chinese websitejs video tutorial, many js online video tutorials can be watched for free!

The above is the detailed content of How to distinguish Cookies and Session? The difference and detailed explanation between Cookies and Session in JavaScript. For more information, please follow other related articles on the PHP Chinese website!