The difference between the cookie mechanism and the session mechanism
Specifically, the cookie mechanism adopts the solution of maintaining state on the client side, while the session mechanism adopts the solution of maintaining state on the server side.
At the same time, we also see that since the server-side solution also needs to save an identity on the client, the session
The mechanism may need to use the cookie mechanism to achieve the purpose of saving the identity, but there are actually other options.
The difference between session cookies and persistent cookies
If the expiration time is not set, it means that the life cycle of this cookie is during the browser session. As long as the browser window is closed, the cookie disappears. This cookie whose lifetime is browsing session is called a session cookie. Session cookies are generally not stored on the hard disk but in memory.
If the expiration time is set, the browser will save the cookies to the hard disk, close it and open the browser again. These cookies will still be valid until the set expiration time has exceeded.
Cookies stored on the hard drive can be shared between different browser processes, such as two IE windows. Different browsers have different ways to handle cookies stored in memory.
Daily phenomena
I logged into a certain website and logged in later. Oh, no need to enter my password, I just logged in. It's amazing~~~
I read a mobile phone on a certain website and then browsed other websites. The advertisements next to them were full of mobile phones and similar information. It was so scary~~~
When browsing a certain website, I was prompted that I was the 66666th visitor customer. Is it true or false?
In fact, these are cookies and Sessions that are at the back. Let’s take you to learn these two things.
Similarities and similarities between cookies and sessions
Cookies and Session are both methods or means used to save user status information;
Cookies are temporary folders stored in the client side, and Session is stored in the server's memory. The server uses a structure similar to a hash table to save information. A Session domain object serves a client's browser;
Cookies are poorly secure and Session is highly secure;
The storage time of a cookie can be long (save on the client hard drive in txt format), and the storage time of a session is very short, usually 30 minutes;
Cookies are shared by multiple client browsers, and Session is shared by one client browser;
Session is achieved through the cookie mechanism.
Two classic questions and URL rewriting
1. The client disables cookies and asks if Session can still work?
This is not the case for most websites because the URL rewrite mechanism is not used to solve the problem of cookies being disabled. (The URL rewrite code is large and can only be applied to dynamic pages. It cannot be static)
A website that can be very small (for example: excellence) is because it uses a URL rewrite mechanism.
2. Can cookies be used to implement shopping cart functions?
Yes, you can do cookies that Session can do.
**Essence**
Whether it is cookies or URL rewriting, the purpose is to pass the key and value name value pairs of JSESSIONID=32-bit string to the server.
Understand the Cookie-Session mechanism
When the program needs to create a session for a client's request, the server first checks whether the client's request has already included a Session ID - called a Session id. If it has already included a Session id, it means that the Session has been created for this client before, and the server retrieves the Session id and uses it. If the client request does not contain a Session id, a Session is created for this client and a Session id associated with this Session is generated. This Session id will be returned to the client for saving in this response. The client can use cookies to save this Session id, so that the browser can automatically send this identifier back to the server according to the rules during the interaction process. Generally, the name of this cookie is similar to JSESSIONID. For a Session, the server keeps it until the application notifies the server that it deletes a Session. The browser never proactively notifies the server that it will be shut down before it is shut down, so the server does not know that the browser has been shut down. The reason for this illusion is that most Session mechanisms use session cookies to save the Session id. After closing the browser, the Session id disappears, and the original Session cannot be found when connecting to the server again. If the cookie set by the server is saved to the hard disk, or if some means are used to rewrite the HTTP request header issued by the browser and send the original Session id to the server, then you can still find the original Session by opening the browser again. In fact, closing the browser will not cause the server-side session to be deleted, but a large number of sessions have been in the server memory, and the server cannot stand it. Therefore, the server sets an invalidation time for the session. When the client last used the session more than this invalidation time (usually 30 minutes), the server can think that the client has stopped activity, and then delete the session to save the server-side storage space.
Summarize
The above is the entire content of this article. I hope that the content of this article has certain reference value for everyone's study or work. If you have any questions, you can leave a message to communicate. Thank you for your support to Wulin.com.