Specifically, cookies are saved on the "client", and sessions are saved on the "server".
Cookies are implemented by extending the http protocol
Cookies mainly include: name, value, expiration time, path and domain;
If the cookie does not set the life cycle, it is closed by the browser. This cookie is generally stored in memory rather than on the hard disk. If the life cycle is set, it will not disappear with the browser's closing. These cookies are still valid until the set expiration time has exceeded.
session A form similar to a hash table to save information,
When the program needs to create a session for a client's request, the server first checks whether the client's request has a session identifier included in the client's request.
(called session id). If it is included, it means that the session has been created for this client before. The server will retrieve the session id according to the session id (if it cannot be retrieved, a new one will be created). If the client request does not include the session id, a session is created for this client and a session id associated with this session is generated. The value of the session id should be a string that will not be repeated and will not be easily found to be copied. This session id will be returned to the client in this response. The way to save this session id can use cookies, so that the browser can automatically send this identifier to the server according to the rules during the interaction process. Generally, the name of this cookie is similar to SEEESIONID. However, cookies can be artificially prohibited, so there must be other mechanisms so that the session id can still be passed back to the server when the cookies are prohibited.
Pros and cons:
1. The cookie data is stored on the customer's browser and the session data is placed on the server.
2. Cookies are not very safe. Others can analyze the local COOKIE and perform COOKIE fraud.
Session should be used considering security.
3. The session will be saved on the server within a certain period of time. When the number of accesses increases, it will take up more performance on your server
Considering the reduction of server performance, COOKIE should be used.
4. The data saved by a single cookie cannot exceed 4K. Many browsers restrict a site to save up to 20 cookies.
5. So personal suggestions:
Store important information such as login information as SESSION
Other information can be placed in COOKIE if it needs to be retained.
Summary of the use of sessions and cookies:
Session and cookies are both built-in objects. As for the difference between them, I won’t talk more about it here. Let’s talk about some more practical things now:
We know that the website has a backend management system, which has two functions: login and logout. When logging in, we often save the user's information into session or cookies for later use. So what should we pay attention to when logging in?
1. Store some sensitive things in the session. Insensitive things can be stored in session or cookies. For example, the user name is not very sensitive, but some browsers do not support the use of cookies, so we will store it in session. However, sessions are sometimes easily lost on the server, so we can use them in combination with cookies. That is to say, when the session is lost, if the cookie is still within the validity period set by us, you can take out the value from the cookie again and put it in the session. Therefore, it is best to use session and cookies to save username and other information or in the configuration file.
<sessionState timeout="2" mode="StateServer" />
It is also possible to solve the problem of session loss
2. We hope that the background management will fail to perform session when there is no operation and log in again. You can use =5, in minutes, which means that there will be no other operation within 5 minutes, and it will be invalid. Or you can configure <sessionState timeout="5" mode="InProc" /> in the configuration file.
3. Settings of cookie validity period
= (2);
The validity period of cookies is 2 minutes
4. When determining whether you have permission to access the web page on the page, you can make the following judgment:
if (["httpCookie"] != null)
{
Session["admin"] = ["httpCookie"].Values["admin"].ToString();
}
if (Session["admin"] == null)
{
((), "", "<script>alert('Please log in again');=''</script>");
}
Let's talk about how to do it when exiting
1. When exiting, the values of session and cookie must be cleared. Now let’s briefly talk about the differences between session methods:
(): means that all session key values in the session will be cleared, but the session still exists, which is equivalent to ()
Session["admin"]=null: means to clear the value of the specified key and release it. It is different from session["admin"]="" and it is cleared, but the session is not released, which is equivalent to ("name");
() means to delete the current Session object, and the next time it will be a new Session.
The main difference is that when used, the Session_End method (in InProc mode) is called. The Session_Start method will be fired when the next request arrives. Just clearing all data in the Session will not abort the
Session, therefore, those methods will not be called. The Abandon method is used to actively end the session. If this method is not called, the current session will automatically end when the session timed out.
2. Let’s take a look at how to clear cookies
A、tpCookie cookie = ("tuser");
= (-1);
(cookie);
B、tpCookie httpCookie = ["httpCookie"];
= (-1);
(httpCookie);
Both AB methods are OK
3. So just clear the current value of the session, that is, Session["admin']=null, just clear the cookie according to the above method.
Suggestions and comments:
1. When exiting, we can create a logout page to write the time, which is better.
2. No matter what operation is performed, try to judge whether it is empty if you can use If to determine whether it is empty to prevent the null pointer exception.
The above is the detailed explanation of the difference between cookies and sessions in PHP and the relevant knowledge of the summary of the usage of cookies and sessions. I hope it will be helpful to everyone. If you have any questions, please leave me a message and the editor will reply to everyone in time. Thank you very much for your support for my website!