The difference between cookies and sessions in php and a detailed explanation of the usage of cookies and sessions

This article mainly introduces the difference between cookies and session in PHP and the relevant information about cookie and session usage summary. It is very good and has reference value. Friends who need it can refer to it

Specifically, the cookie is saved on the "client", and the session is saved on the "server"

Cookie is passed by extending http The

cookie implemented by the protocol mainly includes: name, value, expiration time, path and domain;

If the cookie is not setlife cycle, then These cookies are closed when the browser is closed. These cookies are generally stored in memory rather than on the hard disk. If a life cycle is set, the opposite is true. They do not disappear when the browser is closed. These cookies remain valid until the set expiration time is exceeded.

session stores information in a hash table-like form.

When the program needs to create a session for a client's request, the server first checks the client's request. Does it contain a session identifier

(called session id)? If it does, it means that a session has been created for this client before, and the server will retrieve this session and use it according to the session id. (If it cannot be retrieved, a new one will be created.) If the client request does not contain a session id, create a session for this client and generate a session id associated with this session. The value of the session id should be a value that will not be repeated. , and it is not easy to find the pattern to counterfeit the string. This session id will be returned to the client in this response for storage. The method of saving this session ID can use cookies, so that during the interaction process, the browser can automatically send this identification to the server according to the rules. Generally, the name of this cookie is similar to SEEESIONID. But cookies can be artificially disabled, and there must be other mechanisms to still pass the session id back to the server when cookies are disabled.

Advantages and Disadvantages:

1. Cookie data is stored on the client's browser, and session data is placed on the server. superior.

2. Cookies are not very safe. Others can analyze the COOKIE stored locally and conduct COOKIE deception
Considering security, session should be used.

3. The session will be saved on the server within a certain period of time. When access increases, it will take up more of your server's performance

In order to reduce server performance, COOKIE should be used.

4. The data saved by a single cookie cannot exceed 4K. Many browsers limit a site to save up to 20 cookies.

5. So personal suggestion:

Store important information such as login information as SESSION

If other information needs to be retained, it can be placed in COOKIE

Summary of the use of Session and Cookie:

Session and cookie are both in asp.Net Built-in objects, as for their differences, I won’t go into details here. Now let’s talk about some more practical things:

We know that websites have a backend management system, which includes login and To exit the two functions, when logging in, we often save the user's information in the session or cookie for later use. So what should we pay attention to when logging in?

1. Store some sensitive things in the session. Less sensitive things can be stored in the session or cookies. For example, user names are not very sensitive, but some browsers do not support cookies. use, so we will save it in the session, but the session is sometimes easily lost in the server, so we can use it in conjunction with cookies, that is, when the session is lost, if the cookie is still within the validity period we set Within, you can once again take out the value from the Cookie and put it into the session, so we'd better use the session and cookie to save the user name and other information at the same time or in Configuration File

The code is as follows:

<sessionState timeout="2" mode="StateServer" />

can also be used to solve the problem of session loss

2. We hope that the background management will invalidate the session and log in again if there is no operation for a long time. You can use session .timeout=5, in minutes, means that if there is no other operation within 5 minutes, it will be invalid, or you can configure in the configuration file

3. Setting the cookie validity period

httpCookie.Expires = DateTime.Now.AddMinutes(2);

The cookie validity period is 2 minutes

4. When judging whether you have permission to access the webpage in the page, you can judge as follows:

if (Request.Cookies["httpCookie"] != null)
{
Session["admin"] = Request.Cookies["httpCookie"].Values["admin"].ToString();
}
if (Session["admin"] == null)
{
this.ClientScript.RegisterStartupScript(this.GetType(), "", "<script>alert(&#39;请重新登 录&#39;);location.href=&#39;logins.aspx&#39;</script>");
}

Let’s talk about how to compare when exiting. Okay

#1. The values ​​of session and cookie must be cleared when exiting. Now let’s briefly talk about the differences between several methods of session:

Session.clear(): means to clear all session key values ​​in the session, but the session still exists, equivalent to Session.RemoveAll()

Session["admin"] =null: Indicates that the value of the specified key will be cleared and released. It is different from session["admin"]="". It is cleared, but the session is not released, which is equivalent to session.Remove("name");

Session.Abandon() deletes the current Session object, and it will be a new Session next time.

The main difference is that when using Session.Abandon, the Session_End method (in InProc mode) will be called. The Session_Start method will be fired when the next request comes. Session.Clear only clears all data in the Session and does not terminate the

Session, so those methods will not be called. The Abandon method is used to actively end the session. If this method is not called, when After the session times out, the current session will also be automatically ended.

2. Let’s take a look at how to clear cookies

A. tpCookie cookie = System.Web.HttpContext.Current.Request.Cookies .Get("tuser");

cookie.Expires = DateTime.Now.AddDays(-1);
System.Web.HttpContext.Current.Response.Cookies.Add(cookie);

B. tpCookie httpCookie = Request.Cookies["httpCookie"];

httpCookie.Expires = DateTime.Now.AddDays(-1);
Response.Cookies.Add(httpCookie);

AB Both methods are available

3. So just clear the current value of session, that is, Session["admin']=null That’s it. Cookies can be cleared according to the above method.

Suggestions and comments:

1. When exiting, we can create a It is better to write the time on the logout page

2. No matter what operation is performed, if you can use If to judge whether it is empty, try your best to prevent the occurrence of a null pointer. abnormal

The above is the detailed content of The difference between cookies and sessions in php and a detailed explanation of the usage of cookies and sessions. For more information, please follow other related articles on the PHP Chinese website!