First of all, let’s talk about what a cookie is: a cookie is a series of text information saved by the Web server on the client ;
Cookies generally have three functions: tracking specific objects, counting web page views, and simplifying login.
Its security performance is relatively poor and it is easy to leak information.
Secondly, let’s talk about what a session is: A session is a call between the browser and the server, including multiple requests and responses## between the browser and the server. #the process of.
Why talk about conversation?
Because the session object is used to store all information about the user session.
session is a jsp built-in object that corresponds to the browser one-to-one, allowing users to store and retrieve session state information.
Compare the two, there are the following differences:
1. Position of action: cookie saves the user on the client Information , session is actually server side to save user information;
2. Save content: cookie saves string , session What is saved in object;
3. Effect time: cookie can be saved for a long time On the client, the session ends with the session and close;
4. Generally, cookies save unimportant user information, important information is saved by the session.
5. Since the HTTP protocol is a stateless protocol, when the server needs to record the user's status, it needs to use some mechanism to identify the specific user. This mechanism is Session. In a typical scenario, such as a shopping cart, when you click the order button, since the HTTP protocol is stateless, it is not known which user operated it, so the server needs to create a specific Session for the specific user to identify this users, and track users so that they know how many books are in the shopping cart. This Session is saved on the server side and has a unique identifier. There are many ways to save Session on the server side, including memory, database, and files. Session transfer must also be considered when clustering. In large websites, there is usually a dedicated Session server cluster to save user sessions. At this time, Session information is stored in memory, and some caching services such as Memcached are used. Come and put Session. 6. Think about how the server identifies a specific customer? This is when Cookie appears. Each time an HTTP request is made, the client will send corresponding cookie information to the server. In fact, most applications use cookies to implement session tracking. When a session is created for the first time, the server will tell the client in the HTTP protocol that a session ID needs to be recorded in the cookie. This will be recorded for each subsequent request. The session ID is sent to the server and I know who you are. Someone asked, what should I do if the client's browser disables cookies? Generally, in this case, a technology called URL rewriting is used for session tracking. That is, for each HTTP interaction, a parameter such as sid=xxxxx will be appended to the URL, and the server will use this to identify the user.
7. Cookies can actually be used in some user-friendly scenarios. Imagine that you have logged into a website once, and you don’t want to enter your account again when you log in next time. What should you do? This information can be written into the cookie. When visiting the website, the script of the website page can read this information and automatically fill in the user name for you, which can facilitate the user. This is also the origin of the cookie name, a little sweetness for users.
So, to summarize:
Session is a data structure saved on the server to track the user's status. This data can be saved in clusters, databases, and files;
Cookie is the client's way of saving users An information mechanism used to record some user information, and it is also a way to implement Session.
The above is the detailed content of Briefly describe the difference between cookies and sessions. For more information, please follow other related articles on the PHP Chinese website!